As vehicular networks approach practicality, there is wide recognition for security challenges in their use, and pressing need for security solutions. The intrinsically mobile and ad-hoc nature of vehicular networks pose rather novel challenges to the modeling, design and analysis of security solutions for them. One particularly stringent requirement in this area is that of protecting the anonymity of vehicle owners during their participation in a vehicular network, such as in traffic safety applications. In this paper we present novel models of concrete anonymity requirements for vehicular networks. We consider a case study of a simple variant of a public-key infrastructure for vehicular networks and present two techniques to augment it so that it provides improved anonymity properties. The resulting vehicular-network key infrastructures satisfy desirable combinations of anonymity, unlinkability bad actor detection, and efficiency requirements.