Network Working Group C. Jennings
Internet-Draft Cisco Systems
Intended status: Informational K. Ono
Expires: July 26, 2010 Columbia University
R. Sparks
B. Hibbard, Ed.
Tekelec
January 22, 2010
Example call flows using Session Initiation Protocol (SIP) security
mechanisms
draft-ietf-sipcore-sec-flows-02
Abstract
This document shows example call flows demonstrating the use of
Transport Layer Security (TLS), and Secure/Multipurpose Internet Mail
Extensions (S/MIME) in Session Initiation Protocol (SIP). It also
provides information that helps implementers build interoperable SIP
software. To help facilitate interoperability testing, it includes
certificates used in the example call flows and processes to create
certificates for testing.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 26, 2010.
Copyright Notice
Jennings, et al. Expires July 26, 2010 [Page 1]
Internet-Draft SIP Secure Call Flows January 2010
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Jennings, et al. Expires July 26, 2010 [Page 2]
Internet-Draft SIP Secure Call Flows January 2010
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Certificates . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. CA Certificates . . . . . . . . . . . . . . . . . . . . . 5
2.2. Host Certificates . . . . . . . . . . . . . . . . . . . . 9
2.3. User Certificates . . . . . . . . . . . . . . . . . . . . 10
3. Callflow with Message Over TLS . . . . . . . . . . . . . . . . 12
3.1. TLS with Server Authentication . . . . . . . . . . . . . . 12
3.2. MESSAGE Message Over TLS . . . . . . . . . . . . . . . . . 14
4. Callflow with S/MIME-secured Message . . . . . . . . . . . . . 15
4.1. MESSAGE Message with Signed Body . . . . . . . . . . . . . 15
4.2. MESSAGE Message with Encrypted Body . . . . . . . . . . . 21
4.3. MESSAGE Message with Encrypted and Signed Body . . . . . . 23
5. Observed Interoperability Issues . . . . . . . . . . . . . . . 28
6. Additional Test Scenarios . . . . . . . . . . . . . . . . . . 29
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31
9. Security Considerations . . . . . . . . . . . . . . . . . . . 32
10. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 32
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 34
11.1. Normative References . . . . . . . . . . . . . . . . . . . 34
11.2. Informative References . . . . . . . . . . . . . . . . . . 35
Appendix A. Making Test Certificates . . . . . . . . . . . . . . 35
A.1. makeCA script . . . . . . . . . . . . . . . . . . . . . . 37
A.2. makeCert script . . . . . . . . . . . . . . . . . . . . . 40
Appendix B. Certificates for Testing . . . . . . . . . . . . . . 42
B.1. Certificates Using EKU . . . . . . . . . . . . . . . . . . 42
B.2. Certificates NOT Using EKU . . . . . . . . . . . . . . . . 50
Appendix C. Message Dumps . . . . . . . . . . . . . . . . . . . . 59
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 62
Jennings, et al. Expires July 26, 2010 [Page 3]
Internet-Draft SIP Secure Call Flows January 2010
1. Introduction
This document is informational and is not normative on any aspect of
SIP.
SIP with TLS (RFC 5246 [12]) implementations are becoming very
common. Several implementations of the S/MIME (RFC 3851 [8]) portion
of SIP (RFC 3261 [2]) are also becoming available. After several
interoperability events, it is clear that it is difficult to write
these systems without any test vectors or examples of "known good"
messages to test against. Furthermore, testing at the events is
often hindered due to the lack of a commonly trusted certificate
authority to sign the certificates used in the events. This document
addresses both of these issues by providing messages that give
detailed examples that implementers can use for comparison and that
can also be used for testing. In addition, this document provides a
common certificate and private key that can be used to set up a mock
Certificate Authority (CA) that can be used during the SIP
interoperability events. Certificate requests from the users will be
signed by the private key of the mock CA. The document also provides
some hints and clarifications for implementers.
A simple SIP call flow using SIPS URIs and TLS is shown in Section 3.
The certificates for the hosts used are shown in Section 2.2, and the
CA certificates used to sign these are shown in Section 2.1.
The text from Section 4.1 through Section 4.3 shows some simple SIP
call flows using S/MIME to sign and encrypt the body of the message.
The user certificates used in these examples are shown in
Section 2.3. These host certificates are signed with the same mock
CA private key.
Section 5 presents a partial list of items that implementers should
consider in order to implement systems that will interoperate.
Scripts and instructions to make certificates that can be used for
interoperability testing are presented in Appendix A, along with
methods for converting these to various formats. The certificates
used while creating the examples and test messages in this document
are made available in Appendix B.
Binary copies of various messages in this draft that can be used for
testing appear in Appendix C.
2. Certificates
Jennings, et al. Expires July 26, 2010 [Page 4]
Internet-Draft SIP Secure Call Flows January 2010
2.1. CA Certificates
The certificate used by the CA to sign the other certificates is
shown below. This is a X509v3 certificate. Note that the X.509v3
Basic Constraints in the certificate allows it to be used as a CA,
certificate authority. This certificate is not used directly in the
TLS call flow; it is used only to verify user and host certificates.
Jennings, et al. Expires July 26, 2010 [Page 5]
Internet-Draft SIP Secure Call Flows January 2010
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=sipit,
OU=Sipit Test Certificate Authority
Validity
Not Before: Jul 18 12:21:52 2003 GMT
Not After : Jul 15 12:21:52 2013 GMT
Subject: C=US, ST=California, L=San Jose, O=sipit,
OU=Sipit Test Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c3:22:1e:83:91:c5:03:2c:3c:8a:f4:11:14:c6:
4b:9d:fa:72:78:c6:b0:95:18:a7:e0:8c:79:ba:5d:
a4:ae:1e:21:2d:9d:f1:0b:1c:cf:bd:5b:29:b3:90:
13:73:66:92:6e:df:4c:b3:b3:1c:1f:2a:82:0a:ba:
07:4d:52:b0:f8:37:7b:e2:0a:27:30:70:dd:f9:2e:
03:ff:2a:76:cd:df:87:1a:bd:71:eb:e1:99:6a:c4:
7f:8e:74:a0:77:85:04:e9:41:ad:fc:03:b6:17:75:
aa:33:ea:0a:16:d9:fb:79:32:2e:f8:cf:4d:c6:34:
a3:ff:1b:d0:68:28:e1:9d:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
X509v3 Authority Key Identifier:
6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
DirName:/C=US/ST=California/L=San Jose/O=sipit/
OU=Sipit Test Certificate Authority
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
96:6d:1b:ef:d5:91:93:45:7c:5b:1f:cf:c4:aa:47:52:0b:34:
a8:50:fa:ec:fa:b4:2a:47:4c:5d:41:a7:3d:c0:d6:3f:9e:56:
5b:91:1d:ce:a8:07:b3:1b:a4:9f:9a:49:6f:7f:e0:ce:83:94:
71:42:af:fe:63:a2:34:dc:b4:5e:a5:ce:ca:79:50:e9:6a:99:
4c:14:69:e9:7c:ab:22:6c:44:cc:8a:9c:33:6b:23:50:42:05:
1f:e1:c2:81:88:5f:ba:e5:47:bb:85:9b:83:25:ad:84:32:ff:
2a:5b:8b:70:12:11:83:61:c9:69:15:4f:58:a3:3c:92:d4:e8:
6f:52
The ASN.1 parse of the CA certificate is shown below.
Jennings, et al. Expires July 26, 2010 [Page 6]
Internet-Draft SIP Secure Call Flows January 2010
0:l= 804 cons: SEQUENCE
4:l= 653 cons: SEQUENCE
8:l= 3 cons: cont [ 0 ]
10:l= 1 prim: INTEGER :02
13:l= 1 prim: INTEGER :00
16:l= 13 cons: SEQUENCE
18:l= 9 prim: OBJECT :sha1WithRSAEncryption
29:l= 0 prim: NULL
31:l= 112 cons: SEQUENCE
33:l= 11 cons: SET
35:l= 9 cons: SEQUENCE
37:l= 3 prim: OBJECT :countryName
42:l= 2 prim: PRINTABLESTRING :US
46:l= 19 cons: SET
48:l= 17 cons: SEQUENCE
50:l= 3 prim: OBJECT :stateOrProvinceName
55:l= 10 prim: PRINTABLESTRING :California
67:l= 17 cons: SET
69:l= 15 cons: SEQUENCE
71:l= 3 prim: OBJECT :localityName
76:l= 8 prim: PRINTABLESTRING :San Jose
86:l= 14 cons: SET
88:l= 12 cons: SEQUENCE
90:l= 3 prim: OBJECT :organizationName
95:l= 5 prim: PRINTABLESTRING :sipit
102:l= 41 cons: SET
104:l= 39 cons: SEQUENCE
106:l= 3 prim: OBJECT :organizationalUnitName
111:l= 32 prim: PRINTABLESTRING :Sipit Test Certificate Authority
145:l= 30 cons: SEQUENCE
147:l= 13 prim: UTCTIME :030718122152Z
162:l= 13 prim: UTCTIME :130715122152Z
177:l= 112 cons: SEQUENCE
179:l= 11 cons: SET
181:l= 9 cons: SEQUENCE
183:l= 3 prim: OBJECT :countryName
188:l= 2 prim: PRINTABLESTRING :US
192:l= 19 cons: SET
194:l= 17 cons: SEQUENCE
196:l= 3 prim: OBJECT :stateOrProvinceName
201:l= 10 prim: PRINTABLESTRING :California
213:l= 17 cons: SET
215:l= 15 cons: SEQUENCE
217:l= 3 prim: OBJECT :localityName
222:l= 8 prim: PRINTABLESTRING :San Jose
232:l= 14 cons: SET
234:l= 12 cons: SEQUENCE
236:l= 3 prim: OBJECT :organizationName
Jennings, et al. Expires July 26, 2010 [Page 7]
Internet-Draft SIP Secure Call Flows January 2010
241:l= 5 prim: PRINTABLESTRING :sipit
248:l= 41 cons: SET
250:l= 39 cons: SEQUENCE
252:l= 3 prim: OBJECT :organizationalUnitName
257:l= 32 prim: PRINTABLESTRING :Sipit Test Certificate Authority
291:l= 159 cons: SEQUENCE
294:l= 13 cons: SEQUENCE
296:l= 9 prim: OBJECT :rsaEncryption
307:l= 0 prim: NULL
309:l= 141 prim: BIT STRING
00 30 81 89 02 81 81 00-c3 22 1e 83 91 c5 03 2c .0.......".....,
3c 8a f4 11 14 c6 4b 9d-fa 72 78 c6 b0 95 18 a7 <.....K..rx.....
e0 8c 79 ba 5d a4 ae 1e-21 2d 9d f1 0b 1c cf bd ..y.]...!-......
5b 29 b3 90 13 73 66 92-6e df 4c b3 b3 1c 1f 2a [)...sf.n.L....*
82 0a ba 07 4d 52 b0 f8-37 7b e2 0a 27 30 70 dd ....MR..7{..'0p.
f9 2e 03 ff 2a 76 cd df-87 1a bd 71 eb e1 99 6a ....*v.....q...j
c4 7f 8e 74 a0 77 85 04-e9 41 ad fc 03 b6 17 75 ...t.w...A.....u
aa 33 ea 0a 16 d9 fb 79-32 2e f8 cf 4d c6 34 a3 .3.....y2...M.4.
ff 1b d0 68 28 e1 9d e5-02 03 01 00 01 ...h(........
453:l= 205 cons: cont [ 3 ]
456:l= 202 cons: SEQUENCE
459:l= 29 cons: SEQUENCE
461:l= 3 prim: OBJECT :X509v3 Subject Key Identifier
466:l= 22 prim: OCTET STRING
04 14 6b 46 17 14 ea 94-76 25 80 54 6e 13 54 da ..kF....v%.Tn.T.
a1 e3 54 14 a1 b6 ..T...
490:l= 154 cons: SEQUENCE
493:l= 3 prim: OBJECT :X509v3 Authority Key Identifier
498:l= 146 prim: OCTET STRING
30 81 8f 80 14 6b 46 17-14 ea 94 76 25 80 54 6e 0....kF....v%.Tn
13 54 da a1 e3 54 14 a1-b6 a1 74 a4 72 30 70 31 .T...T....t.r0p1
0b 30 09 06 03 55 04 06-13 02 55 53 31 13 30 11 .0...U....US1.0.
06 03 55 04 08 13 0a 43-61 6c 69 66 6f 72 6e 69 ..U....Californi
61 31 11 30 0f 06 03 55-04 07 13 08 53 61 6e 20 a1.0...U....San
4a 6f 73 65 31 0e 30 0c-06 03 55 04 0a 13 05 73 Jose1.0...U....s
69 70 69 74 31 29 30 27-06 03 55 04 0b 13 20 53 ipit1)0'..U... S
69 70 69 74 20 54 65 73-74 20 43 65 72 74 69 66 ipit Test Certif
69 63 61 74 65 20 41 75-74 68 6f 72 69 74 79 82 icate Authority.
01 .
0092 - <SPACES/NULS>
647:l= 12 cons: SEQUENCE
649:l= 3 prim: OBJECT :X509v3 Basic Constraints
654:l= 5 prim: OCTET STRING
30 03 01 01 ff 0....
661:l= 13 cons: SEQUENCE
663:l= 9 prim: OBJECT :sha1WithRSAEncryption
674:l= 0 prim: NULL
676:l= 129 prim: BIT STRING
Jennings, et al. Expires July 26, 2010 [Page 8]
Internet-Draft SIP Secure Call Flows January 2010
00 96 6d 1b ef d5 91 93-45 7c 5b 1f cf c4 aa 47 ..m.....E|[....G
52 0b 34 a8 50 fa ec fa-b4 2a 47 4c 5d 41 a7 3d R.4.P....*GL]A.=
c0 d6 3f 9e 56 5b 91 1d-ce a8 07 b3 1b a4 9f 9a ..?.V[..........
49 6f 7f e0 ce 83 94 71-42 af fe 63 a2 34 dc b4 Io.....qB..c.4..
5e a5 ce ca 79 50 e9 6a-99 4c 14 69 e9 7c ab 22 ^...yP.j.L.i.|."
6c 44 cc 8a 9c 33 6b 23-50 42 05 1f e1 c2 81 88 lD...3k#PB......
5f ba e5 47 bb 85 9b 83-25 ad 84 32 ff 2a 5b 8b _..G....%..2.*[.
70 12 11 83 61 c9 69 15-4f 58 a3 3c 92 d4 e8 6f p...a.i.OX.<...o
52 R
2.2. Host Certificates
The certificate for the host example.com is shown below. Note that
the Subject Alternative Name is set to example.com and is a DNS type.
The certificates for the other hosts are shown in Appendix B.
Version: 3 (0x2)
Serial Number:
01:52:01:54:01:90:00:43
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=sipit,
OU=Sipit Test Certificate Authority
Validity
Not Before: Apr 28 22:12:00 2009 GMT
Not After : Apr 27 22:12:00 2012 GMT
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c7:60:09:2c:e2:0b:a6:8d:2c:8f:86:eb:47:72:
4d:dc:20:a5:48:69:9c:c6:79:73:3a:65:e4:74:b6:
80:99:4f:6e:a4:1b:1b:6f:5c:91:29:7c:11:a1:bd:
ad:25:c6:42:a3:96:bb:d8:c8:11:d8:2a:bc:39:5f:
e3:5f:9a:54:f5:0c:77:44:c6:f0:ee:a7:73:85:d0:
d1:d7:34:96:d8:24:83:fe:1d:a7:5e:94:6a:a6:79:
e6:8b:d6:96:06:31:8d:da:4d:f1:72:c0:a2:9c:48:
c9:d2:1f:80:27:60:52:b8:12:cc:43:7c:e7:66:ac:
b7:6e:07:bc:e7:d5:0f:fa:41:b3:37:4f:16:33:71:
fc:6d:73:17:b5:65:8b:65:03:34:83:8e:98:7d:8b:
a3:36:f1:a7:37:94:65:af:dd:13:29:f8:1b:c2:8b:
fa:05:03:6b:4b:26:ae:a9:93:ab:5d:0c:f3:08:84:
9e:16:c0:13:fa:da:8f:1c:b6:69:95:04:6d:c8:cf:
c0:12:8f:fd:27:2a:cb:16:16:fd:c2:fa:94:fe:e8:
78:40:e4:5a:ac:a7:ef:d7:17:7d:e8:f8:86:8c:16:
35:ff:3e:32:fd:43:1c:c1:20:08:2c:aa:56:a6:17:
4f:bc:74:b0:5d:57:ba:a5:19:b4:20:46:dd:36:3d:
Jennings, et al. Expires July 26, 2010 [Page 9]
Internet-Draft SIP Secure Call Flows January 2010
15:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:com, URI:sip:example.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
28:CC:9B:2B:4F:7C:43:5C:9D:AD:96:8B:73:A2:4F:58:5D:30:D4:04
X509v3 Authority Key Identifier:
6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
DirName:/C=US/ST=California/L=San Jose/O=sipit/
OU=Sipit Test Certificate Authority
serial:00
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.7.3.20
Signature Algorithm: sha1WithRSAEncryption
1f:b7:c2:84:43:90:d2:06:81:47:48:e7:14:39:5a:ad:a0:53:
36:fb:6f:d7:e1:bf:b1:65:98:fd:a6:c5:e0:5a:b7:5f:90:08:
ab:d4:85:2a:d1:57:f2:0e:c1:26:43:de:e1:26:1e:ef:90:95:
94:6e:74:45:36:01:41:ce:43:c2:91:54:dd:35:a8:6e:57:3b:
b2:34:71:aa:d4:ea:34:aa:8c:8e:dd:e1:a4:2c:05:45:fb:b8:
38:0c:7b:1f:4f:d7:3c:d7:68:7c:57:57:6d:13:c6:3f:44:dd:
fd:6b:fb:65:96:9b:87:92:95:10:af:e7:47:cd:72:6c:6e:d7:
60:f5
The example host certificate above, as well as all the others
presented in this document, are signed directly by a root CA. These
certificate chains have a length equal to two: the root CA and the
host certificate. Non-root CAs exist and may also sign certificates.
The certificate chains presented by hosts with certificates signed by
non-root CAs will have a length greater than two. For more details
on how certificate chains are validated, see section 6.1.4 of RFC
5280 [13].
TODO: Fix subjectAltName DNS:com to DNS:example.com and DNS:net to
DNS:example.net.
2.3. User Certificates
User certificates are used by many applications to establish user
identity. The user certificate for fluffy@example.com is shown
below. Note that the Subject Alternative Name has a list of names
with different URL types such as a sip, im, or pres URL. This is
Jennings, et al. Expires July 26, 2010 [Page 10]
Internet-Draft SIP Secure Call Flows January 2010
necessary for interoperating with a CPIM gateway. In this example,
example.com is the domain for fluffy. The message could be coming
from any host in *.example.com, and the AOR in the user certificate
would still be the same. The others are shown in Appendix B.1.
These certificates make use of the EKU extension discussed in Draft
SIP EKU [14]. Note that the X509v3 Extended Key Usage attribute
refers to the SIP OID introduced in Draft SIP EKU [14], which is
1.3.6.1.5.5.7.3.20
Version: 3 (0x2)
Serial Number:
01:52:01:54:01:90:00:47
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=sipit,
OU=Sipit Test Certificate Authority
Validity
Not Before: Apr 29 17:10:46 2009 GMT
Not After : Apr 28 17:10:46 2012 GMT
Subject: C=US, ST=California, L=San Jose, O=sipit,
CN=fluffy@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:f4:0f:e8:18:2d:b1:9b:93:ef:64:6b:19:d7:83:
ac:f7:af:12:37:30:48:df:6e:55:0a:ce:f7:2a:19:
17:66:bc:42:af:7a:af:78:6c:96:c6:c1:de:5e:38:
67:93:8d:f2:40:13:b5:6f:07:79:de:32:2c:23:e7:
ba:e4:a8:36:32:83:8a:75:79:86:85:a2:50:d1:bb:
b5:81:36:7e:6b:f2:64:9b:b6:54:d3:8b:c4:4d:4d:
26:94:ae:7c:50:e4:b2:e6:5f:ac:34:e0:97:51:cd:
ff:66:b9:92:98:c5:cc:22:e7:0c:30:a4:4c:a6:37:
ba:21:31:b2:81:93:0d:24:ee:a7:27:c9:b3:ec:46:
e3:f9:7a:d2:42:0a:59:ab:e7:a3:8b:30:66:3d:31:
88:6f:ee:c4:8d:24:ca:99:f1:c8:4c:50:0d:4b:6b:
73:80:ac:74:6f:45:b1:29:29:a1:89:40:94:02:57:
23:8b:6d:60:5c:38:d3:1f:c3:bb:74:3d:15:87:af:
2d:29:16:6c:30:01:4e:e3:39:13:17:6b:ea:58:97:
75:9f:60:38:84:2c:31:95:6e:d8:6d:69:81:bb:2e:
fa:59:a2:fb:08:53:59:df:1e:94:17:e5:10:f8:72:
5a:fb:4e:4f:2f:cd:3b:3d:30:c5:b6:c8:3b:e0:e7:
32:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
URI:sip:fluffy@example.com, URI:im:fluffy@example.com,
URI:pres:fluffy@example.com
X509v3 Basic Constraints:
Jennings, et al. Expires July 26, 2010 [Page 11]
Internet-Draft SIP Secure Call Flows January 2010
CA:FALSE
X509v3 Subject Key Identifier:
D2:A2:22:FB:4D:A1:37:B9:15:0B:1E:FC:27:BC:FA:00:A7:1C:F2:29
X509v3 Authority Key Identifier:
6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
DirName:/C=US/ST=California/L=San Jose/O=sipit/
OU=Sipit Test Certificate Authority
serial:00
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
E-mail Protection, 1.3.6.1.5.5.7.3.20
Signature Algorithm: sha1WithRSAEncryption
80:a0:db:45:dd:7d:b6:50:b6:93:27:36:cd:cd:28:3c:39:23:
aa:e4:6e:9c:f7:d9:8c:96:4d:b7:36:f6:ac:c1:8f:86:d8:6a:
91:3a:4f:5a:68:32:37:df:0f:dd:40:b7:34:68:91:ce:0f:f0:
16:02:ee:be:b6:1d:e1:92:87:c9:5e:a9:42:78:26:45:bb:17:
08:ee:83:ea:e9:d8:30:84:66:90:69:b8:78:ff:c4:09:5c:ea:
e2:8a:10:e6:f9:64:eb:db:47:0e:10:29:4d:0e:bb:53:65:70:
e1:71:82:c8:d0:14:f4:24:30:49:a6:fc:80:a8:b1:84:bc:e9:
73:75
Versions of these certificates that do not make use of EKU are also
included in Appendix B.2
3. Callflow with Message Over TLS
3.1. TLS with Server Authentication
The flow below shows the edited SSLDump output of the host
example.com forming a TLS RFC 5246 [12] connection to example.net.
In this example mutual authentication is not used. Note that the
client proposed three protocol suites including
TLS_RSA_WITH_AES_128_CBC_SHA defined in RFC 3268 [4]. The
certificate returned by the server contains a Subject Alternative
Name that is set to example.net. A detailed discussion of TLS can be
found in SSL and TLS [20]. For more details on the SSLDump tool, see
the SSLDump Manual [21].
This example does not use the Server Extended Hello (see RFC 3546
[7]).
New TCP connection #1: www.example.com(57592) <-> www.example.com(5061)
1 1 0.0015 (0.0015) C>SV3.1(101) Handshake
ClientHello
Jennings, et al. Expires July 26, 2010 [Page 12]
Internet-Draft SIP Secure Call Flows January 2010
Version 3.1
random[32]=
49 f7 83 8d 1f 21 c7 73 0c 9f 61 ab 13 2d 6b 26
1e 79 0c 68 b3 b6 f8 24 54 6b 41 0d 9b 3a 03 31
cipher suites
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DSS_RSA_WITH_AES_256_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_DES_192_CBC3_SHA
TLS_ECDH_RSA_WITH_DES_192_CBC3_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
compression methods
NULL
1 2 0.0040 (0.0024) S>CV3.1(48) Handshake
ServerHello
Version 3.1
random[32]=
49 f7 83 8d a0 f8 f0 3f ff 2d d4 13 9c 29 2b 2b
fc 1c 92 b9 a8 2a d2 10 0c 54 8e fd af d6 42 22
session_id[0]=
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
1 3 0.0040 (0.0000) S>CV3.1(1823) Handshake
Certificate
1 4 0.0040 (0.0000) S>CV3.1(14) Handshake
CertificateRequest
certificate_types rsa_sign
Jennings, et al. Expires July 26, 2010 [Page 13]
Internet-Draft SIP Secure Call Flows January 2010
certificate_types dss_sign
certificate_types unknown value
ServerHelloDone
1 5 0.0360 (0.0320) C>SV3.1(7) Handshake
Certificate
1 6 0.0360 (0.0000) C>SV3.1(262) Handshake
ClientKeyExchange
1 7 0.0360 (0.0000) C>SV3.1(1) ChangeCipherSpec
1 8 0.0360 (0.0000) C>SV3.1(48) Handshake
1 9 0.0770 (0.0410) S>CV3.1(170) Handshake
1 10 0.0770 (0.0000) S>CV3.1(1) ChangeCipherSpec
1 11 0.0770 (0.0000) S>CV3.1(48) Handshake
1 12 0.0780 (0.0010) C>SV3.1(32) application_data
1 13 0.0780 (0.0000) C>SV3.1(448) application_data
1 14 0.2804 (0.2023) S>CV3.1(32) application_data
1 15 0.2804 (0.0000) S>CV3.1(416) application_data
1 16 12.3288 (12.0483) S>CV3.1(32) Alert
1 12.3293 (0.0004) S>C TCP FIN
1 17 12.3310 (0.0017) C>SV3.1(32) Alert
3.2. MESSAGE Message Over TLS
Once the TLS session is set up, the following MESSAGE message (as
defined in RFC 3428 [6] is sent from fluffy@example.com to
kumiko@example.net. Note that the URI has a SIPS URL and that the
VIA indicates that TLS was used. In order to format this document,
the <allOneLine> convention from RFC 4475 [19] is used to break long
lines. The actual message does not contain the linebreaks contained
within those tags.
MESSAGE sips:kumiko@example.net:5061 SIP/2.0
Via: SIP/2.0/TLS 208.77.188.166:15001;\
branch=z9hG4bK-d8754z-3be7667f18d2f53c-1---d8754z-;\
rport=54499
Max-Forwards: 70
Contact: <sips:fluffy@example.com:15001>
To: <sips:kumiko@example.net:5061>
From: <sips:fluffy@example.com:15001>;tag=2eff6a6f
Call-ID: NmE1NDk1YzFmYmMzMDVjOTEwMzVlZjNkMTBjZGZlMzY.
CSeq: 1 MESSAGE
Accept: multipart/signed, text/plain, application/pkcs7-mime,\
application/sdp, multipart/alternative
Content-Type: text/plain
Content-Length: 6
Hello!
When a UA goes to send a message to example.com, the UA can see if it
Jennings, et al. Expires July 26, 2010 [Page 14]
Internet-Draft SIP Secure Call Flows January 2010
already has a TLS connection to example.com and if it does, it may
send the message over this connection. A UA should have some scheme
for reusing connections as opening a new TLS connection for every
message results in awful performance. Implementers are encouraged to
read Draft Connection Reuse in SIP [16] and RFC 3263 [3].
The response is sent from example.net to example.com over the same
TLS connection. It is shown below.
SIP/2.0 200 OK
Via: SIP/2.0/TLS 208.77.188.166:15001;\
branch=z9hG4bK-d8754z-3be7667f18d2f53c-1---d8754z-;\
rport=54499
Contact: <sip:208.77.188.166:5061;transport=TLS>
To: <sips:kumiko@example.net:5061>;tag=00e62966
From: <sips:fluffy@example.com:15001>;tag=2eff6a6f
Call-ID: NmE1NDk1YzFmYmMzMDVjOTEwMzVlZjNkMTBjZGZlMzY.
CSeq: 1 MESSAGE
Content-Length: 0
TODO: Actually use the allOneLine convention. This will be fixed in
a change to binary-generated content.
TODO: Remove the Contact headers.
OPEN ISSUE: There should be some more information about how this
MESSAGE is associated with the handshake example. The dump in
Section 3.1 is slightly confusing in that example.com and example.net
both resolved to the same address, so reverse lookup shows both
domains as example.com.
4. Callflow with S/MIME-secured Message
4.1. MESSAGE Message with Signed Body
Below is an example of a signed message. The values on the Content-
Type line (multipart/signed) and on the Content-Disposition line have
been broken across lines to fit on the page, but they should not be
broken across lines in actual implementations.
Jennings, et al. Expires July 26, 2010 [Page 15]
Internet-Draft SIP Secure Call Flows January 2010
MESSAGE sip:kumiko@example.net SIP/2.0
Via: SIP/2.0/TCP 208.77.188.166:15001;\
branch=z9hG4bK-d8754z-36f515466f3a7f5c-1---d8754z-;\
rport=54500
Max-Forwards: 70
Contact: <sip:fluffy@example.com>
To: <sip:kumiko@example.net>
From: <sip:fluffy@example.com>;tag=e8cc1b5c
Call-ID: NjVjYjNjNzQzNTZlYzdjMWUwM2VjYjcwOTVjM2RkZDM.
CSeq: 1 MESSAGE
Accept: multipart/signed, text/plain, application/pkcs7-mime,\
application/sdp, multipart/alternative
Content-Type: multipart/signed;boundary=ac31fa52a112030f;\
micalg=sha1;protocol="application/pkcs7-signature"
Content-Length: 772
--ac31fa52a112030f
Content-Type: text/plain
Content-Transfer-Encoding: binary
hello
--ac31fa52a112030f
Content-Type: application/pkcs7-signature;name=smime.p7s
Content-Disposition: attachment;handling=required;\
filename=smime.p7s
Content-Transfer-Encoding: binary
*****************
* BINARY BLOB 1 *
*****************
--ac31fa52a112030f--
It is important to note that the signature ("BINARY BLOB 1") is
computed over the MIME headers and body, but excludes the multipart
boundary lines. The value on the Message-body line ends with CRLF.
The CRLF is included in the boundary and should not be part of the
signature computation. To be clear, the signature is computed over
data starting with the C in the Content-Type and ending with the o in
the hello.
Content-Type: text/plain
Content-Transfer-Encoding: binary
hello
Following is the ASN.1 parsing of encrypted contents referred to
above as "BINARY BLOB 1". Note that at address 30, the hash for the
signature is specified as SHA-1. Also note that the sender's
Jennings, et al. Expires July 26, 2010 [Page 16]
Internet-Draft SIP Secure Call Flows January 2010
certificate is not attached as it is optional in RFC 3852 [9].
0 471: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 456: [0] {
19 452: SEQUENCE {
23 1: INTEGER 1
26 11: SET {
28 9: SEQUENCE {
30 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
37 0: NULL
: }
: }
39 11: SEQUENCE {
41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: }
52 419: SET {
56 415: SEQUENCE {
60 1: INTEGER 1
63 124: SEQUENCE {
65 112: SEQUENCE {
67 11: SET {
69 9: SEQUENCE {
71 3: OBJECT IDENTIFIER countryName (2 5 4 6)
76 2: PrintableString 'US'
: }
: }
80 19: SET {
82 17: SEQUENCE {
84 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
89 10: PrintableString 'California'
: }
: }
101 17: SET {
103 15: SEQUENCE {
105 3: OBJECT IDENTIFIER localityName (2 5 4 7)
110 8: PrintableString 'San Jose'
: }
: }
120 14: SET {
122 12: SEQUENCE {
124 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
129 5: PrintableString 'sipit'
: }
: }
136 41: SET {
Jennings, et al. Expires July 26, 2010 [Page 17]
Internet-Draft SIP Secure Call Flows January 2010
138 39: SEQUENCE {
140 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
145 32: PrintableString 'Sipit Test Certificate Aut
hority'
: }
: }
: }
179 8: INTEGER 01 52 01 54 01 90 00 47
: }
189 9: SEQUENCE {
191 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
198 0: NULL
: }
200 13: SEQUENCE {
202 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
213 0: NULL
: }
215 256: OCTET STRING
: B1 08 00 AA 15 AC 59 6D 1A 66 66 61 40 A7 BB B1
: D6 7C 32 D8 CE 59 98 E3 8F 69 94 09 A5 F2 C4 34
: 6F 49 4D 56 64 FE EB A9 EA 71 5D 44 B4 0C 77 C1
: 0E BF FD 42 17 E3 84 A2 7E 5E 13 6C A6 F8 2B A9
: 24 3F BE AE 14 51 0E 0D 3E 9A 93 9A 16 52 25 AB
: 28 AA C5 8D 15 EB 96 29 C0 9B D9 52 3E 38 D8 07
: 86 2D 22 28 9F 66 0F 74 DF B1 63 0B 26 0D 51 11
: EF AD 54 01 6D A4 C9 65 C6 3E 78 E3 CE 1C 78 5A
: 41 85 B5 20 22 9F 0B 70 5A 0B 62 1F EF 92 56 75
: 22 25 41 90 2B F5 12 08 60 07 09 F7 73 5A 89 B9
: 0D F1 48 54 FF 1C FA C3 A8 10 58 6D 58 98 18 A5
: 0B B3 24 24 D5 CE DB 33 FC 31 75 E9 AC 15 1F 02
: F2 A8 E0 3A 3F 1E D2 22 B8 4D EA 11 0A 08 76 A7
: 14 1B 55 8F E7 E7 1C E0 16 E7 1B 62 D4 D4 F2 0A
: 7C AB B0 2C 46 02 08 B7 CA 2A 1E 08 CB 4D 1C AA
: 09 34 AA 53 5F 59 95 3D C7 87 DD 17 8D 78 04 01
: }
: }
: }
: }
: }
SHA-1 parameters may be omitted entirely, instead of being set to
NULL, as mentioned in RFC 3370 [5]. The above dump of Blob 1 has
SHA-1 parameters set to NULL. Below are the same contents signed
with the same key, but omitting the NULL according to RFC 3370 [5].
This is the preferred encoding. This is covered in greater detail in
Jennings, et al. Expires July 26, 2010 [Page 18]
Internet-Draft SIP Secure Call Flows January 2010
Section 5.
0 467: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 452: [0] {
19 448: SEQUENCE {
23 1: INTEGER 1
26 9: SET {
28 7: SEQUENCE {
30 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: }
: }
37 11: SEQUENCE {
39 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: }
50 417: SET {
54 413: SEQUENCE {
58 1: INTEGER 1
61 124: SEQUENCE {
63 112: SEQUENCE {
65 11: SET {
67 9: SEQUENCE {
69 3: OBJECT IDENTIFIER countryName (2 5 4 6)
74 2: PrintableString 'US'
: }
: }
78 19: SET {
80 17: SEQUENCE {
82 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
87 10: PrintableString 'California'
: }
: }
99 17: SET {
101 15: SEQUENCE {
103 3: OBJECT IDENTIFIER localityName (2 5 4 7)
108 8: PrintableString 'San Jose'
: }
: }
118 14: SET {
120 12: SEQUENCE {
122 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
127 5: PrintableString 'sipit'
: }
: }
134 41: SET {
136 39: SEQUENCE {
Jennings, et al. Expires July 26, 2010 [Page 19]
Internet-Draft SIP Secure Call Flows January 2010
138 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
143 32: PrintableString 'Sipit Test Certificate Aut
hority'
: }
: }
: }
177 8: INTEGER 01 52 01 54 01 90 00 47
: }
187 7: SEQUENCE {
189 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: }
196 13: SEQUENCE {
198 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
209 0: NULL
: }
211 256: OCTET STRING
: B1 08 00 AA 15 AC 59 6D 1A 66 66 61 40 A7 BB B1
: D6 7C 32 D8 CE 59 98 E3 8F 69 94 09 A5 F2 C4 34
: 6F 49 4D 56 64 FE EB A9 EA 71 5D 44 B4 0C 77 C1
: 0E BF FD 42 17 E3 84 A2 7E 5E 13 6C A6 F8 2B A9
: 24 3F BE AE 14 51 0E 0D 3E 9A 93 9A 16 52 25 AB
: 28 AA C5 8D 15 EB 96 29 C0 9B D9 52 3E 38 D8 07
: 86 2D 22 28 9F 66 0F 74 DF B1 63 0B 26 0D 51 11
: EF AD 54 01 6D A4 C9 65 C6 3E 78 E3 CE 1C 78 5A
: 41 85 B5 20 22 9F 0B 70 5A 0B 62 1F EF 92 56 75
: 22 25 41 90 2B F5 12 08 60 07 09 F7 73 5A 89 B9
: 0D F1 48 54 FF 1C FA C3 A8 10 58 6D 58 98 18 A5
: 0B B3 24 24 D5 CE DB 33 FC 31 75 E9 AC 15 1F 02
: F2 A8 E0 3A 3F 1E D2 22 B8 4D EA 11 0A 08 76 A7
: 14 1B 55 8F E7 E7 1C E0 16 E7 1B 62 D4 D4 F2 0A
: 7C AB B0 2C 46 02 08 B7 CA 2A 1E 08 CB 4D 1C AA
: 09 34 AA 53 5F 59 95 3D C7 87 DD 17 8D 78 04 01
: }
: }
: }
: }
: }
TODO: For generated-content, change "hello" to "Hello!" to be
consistent.
TODO: Actually use the allOneLine convention. This will be fixed in
a change to binary-generated content.
Jennings, et al. Expires July 26, 2010 [Page 20]
Internet-Draft SIP Secure Call Flows January 2010
4.2. MESSAGE Message with Encrypted Body
Below is an example of an encrypted text/plain message that says
"hello". The binary encrypted contents have been replaced with the
block "BINARY BLOB 2".
MESSAGE sip:kumiko@example.net SIP/2.0
Via: SIP/2.0/TCP 208.77.188.166:15001;\
branch=z9hG4bK-d8754z-1c7dd40a5fff4463-1---d8754z-;\
rport=54502
Max-Forwards: 70
Contact: <sip:fluffy@example.com>
To: <sip:kumiko@example.net>
From: <sip:fluffy@example.com>;tag=5a10502e
Call-ID: YTk3ODIwN2FiYTUwMGZmYTM1MDJiMzY2ODcyYzE4MGM.
CSeq: 1 MESSAGE
Accept: multipart/signed, text/plain, application/pkcs7-mime,\
application/sdp, multipart/alternative
Content-Disposition: attachment;handling=required;\
filename=smime.p7
Content-Transfer-Encoding: binary
Content-Type: application/pkcs7-mime;smime-type=enveloped-data;\
name=smime.p7m
Content-Length: 564
*****************
* BINARY BLOB 2 *
*****************
Following is the ASN.1 parsing of "BINARY BLOB 2". Note that at
address 453, the encryption is set to aes128-CBC.
0 560: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
15 545: [0] {
19 541: SEQUENCE {
23 1: INTEGER 0
26 408: SET {
30 404: SEQUENCE {
34 1: INTEGER 0
37 124: SEQUENCE {
39 112: SEQUENCE {
41 11: SET {
43 9: SEQUENCE {
45 3: OBJECT IDENTIFIER countryName (2 5 4 6)
50 2: PrintableString 'US'
: }
: }
Jennings, et al. Expires July 26, 2010 [Page 21]
Internet-Draft SIP Secure Call Flows January 2010
54 19: SET {
56 17: SEQUENCE {
58 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
63 10: PrintableString 'California'
: }
: }
75 17: SET {
77 15: SEQUENCE {
79 3: OBJECT IDENTIFIER localityName (2 5 4 7)
84 8: PrintableString 'San Jose'
: }
: }
94 14: SET {
96 12: SEQUENCE {
98 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
103 5: PrintableString 'sipit'
: }
: }
110 41: SET {
112 39: SEQUENCE {
114 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
119 32: PrintableString 'Sipit Test Certificate Aut
hority'
: }
: }
: }
153 8: INTEGER 01 52 01 54 01 90 00 48
: }
163 13: SEQUENCE {
165 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
176 0: NULL
: }
178 256: OCTET STRING
: 6E 48 A2 78 07 3A 47 09 C0 57 6F CB 01 AA 0E E7
: 3E 2C 1B 78 8F 6B 0B C2 D4 F2 BD 41 8E 3E CB 95
: CD 35 9C 2E 59 8B E8 E5 35 59 6F 0E FC 3B BB A4
: 2E 66 0D 68 6E 45 04 CA 4B E5 29 BE 65 F1 51 A1
: E3 40 83 95 7C 8F B0 A9 56 CF 34 D4 DE C4 63 BE
: 26 55 1D 57 51 E2 86 8C 2A 7D B1 37 13 B5 F8 8D
: B8 3C F1 84 31 0C 57 B2 24 E3 D2 F6 94 5D A2 80
: 2E 45 B7 36 96 6C EF A3 90 23 8E 9D B3 50 0A 6F
: DB E7 47 54 EA 2D 5E 38 75 77 CB 05 EE 45 71 B6
: BB 95 93 AF 59 31 BC B3 10 F7 FE 72 B9 85 22 51
: 80 A6 7E F6 E5 9E 46 32 2C 8A BB ED 60 C8 F6 7B
Jennings, et al. Expires July 26, 2010 [Page 22]
Internet-Draft SIP Secure Call Flows January 2010
: 2D 9E CF 5F 9E D9 21 68 08 BE 00 51 27 A7 1B 54
: 53 CF 45 2A 58 61 63 3C 19 75 86 67 04 C3 05 77
: 6D 77 19 3B A4 16 32 38 1C 79 05 7B 71 11 7B 56
: 24 75 24 6B F7 75 D1 8A DA AE B8 3A 86 4D 31 0A
: 1B D2 80 88 64 52 13 DA FE 93 DD AA C9 E0 D2 CB
: }
: }
438 124: SEQUENCE {
440 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
451 29: SEQUENCE {
453 9: OBJECT IDENTIFIER
: aes128-CBC (2 16 840 1 101 3 4 1 2)
464 16: OCTET STRING
: E8 E4 34 63 AE 68 F7 C1 62 C5 9E 7B 6F 25 22 AF
: }
482 80: [0]
: 41 4C FE FA A4 B4 70 1A 62 86 BC C1 DE 90 94 69
: 7D 0A D2 0F F3 4E 7D 6F 72 2F 7A A7 4B B4 4A 59
: C9 C0 CB F3 AD 92 D6 31 66 94 0E B3 49 01 63 D5
: BA 5A AE 29 ED C9 8A 87 EA 00 FC 4B 97 62 54 56
: 91 DB 78 50 B6 AD B7 B8 5D F6 11 41 3C C0 20 DD
: }
: }
: }
: }
TODO: For generated-content, change "hello" to "Hello!" to be
consistent.
TODO: Actually use the allOneLine convention. This will be fixed in
a change to binary-generated content.
4.3. MESSAGE Message with Encrypted and Signed Body
In the example below, some of the header values have been split
across mutliple lines. Where the lines have been broken, a "\" has
been inserted. This was only done to make it fit in the RFC format.
Specifically, the application/pkcs7-mime Content-Type line should be
one line with no whitespace between the "mime;" and the "smime-type".
The values are split across lines for formatting, but are not split
in the real message. The binary encrypted content has been replaced
with "BINARY BLOB 3", and the binary signed content has been replaced
with "BINARY BLOB 4".
Jennings, et al. Expires July 26, 2010 [Page 23]
Internet-Draft SIP Secure Call Flows January 2010
MESSAGE sip:kumiko@example.net SIP/2.0
Via: SIP/2.0/TCP 208.77.188.166:15001;\
branch=z9hG4bK-d8754z-c2d73f665e157842-1---d8754z-;\
rport=54503
Max-Forwards: 70
Contact: <sip:fluffy@example.com>
To: <sip:kumiko@example.net>
From: <sip:fluffy@example.com>;tag=5e4dd355
Call-ID: MDQ2ZGVkZWQ4YzJhZTZhZDRjNzE0MDJkNzk1NGIxNTQ.
CSeq: 1 MESSAGE
Accept: multipart/signed, text/plain, application/pkcs7-mime,\
application/sdp, multipart/alternative
Content-Type: multipart/signed;boundary=e0c6b73cedc44967;\
micalg=sha1;protocol="application/pkcs7-signature"
Content-Length: 1453
--e0c6b73cedc44967
Content-Type: application/pkcs7-mime;smime-type=enveloped-data;\
name=smime.p7m
Content-Disposition: attachment;handling=required;\
filename=smime.p7
Content-Transfer-Encoding: binary
*****************
* BINARY BLOB 3 *
*****************
--e0c6b73cedc44967
Content-Type: application/pkcs7-signature;name=smime.p7s
Content-Disposition: attachment;handling=required;\
filename=smime.p7s
Content-Transfer-Encoding: binary
*****************
* BINARY BLOB 4 *
*****************
--e0c6b73cedc44967--
Below is the ASN.1 parsing of "BINARY BLOB 3".
0 560: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
15 545: [0] {
19 541: SEQUENCE {
23 1: INTEGER 0
26 408: SET {
30 404: SEQUENCE {
34 1: INTEGER 0
37 124: SEQUENCE {
Jennings, et al. Expires July 26, 2010 [Page 24]
Internet-Draft SIP Secure Call Flows January 2010
39 112: SEQUENCE {
41 11: SET {
43 9: SEQUENCE {
45 3: OBJECT IDENTIFIER countryName (2 5 4 6)
50 2: PrintableString 'US'
: }
: }
54 19: SET {
56 17: SEQUENCE {
58 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
63 10: PrintableString 'California'
: }
: }
75 17: SET {
77 15: SEQUENCE {
79 3: OBJECT IDENTIFIER localityName (2 5 4 7)
84 8: PrintableString 'San Jose'
: }
: }
94 14: SET {
96 12: SEQUENCE {
98 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
103 5: PrintableString 'sipit'
: }
: }
110 41: SET {
112 39: SEQUENCE {
114 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
119 32: PrintableString 'Sipit Test Certificate Aut
hority'
: }
: }
: }
153 8: INTEGER 01 52 01 54 01 90 00 48
: }
163 13: SEQUENCE {
165 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
176 0: NULL
: }
178 256: OCTET STRING
: 8A C2 F2 23 B0 D4 11 0E EB 38 60 3A 47 99 14 33
: 78 01 1A F9 12 9E 97 93 D5 68 B2 B8 4E CF 76 15
: EF CD 36 0E A5 B8 36 5F E1 05 78 45 F7 05 12 6D
: 55 0A A1 50 4C A9 F7 E3 B1 69 65 F8 38 A8 F7 2F
Jennings, et al. Expires July 26, 2010 [Page 25]
Internet-Draft SIP Secure Call Flows January 2010
: A1 74 0F 15 6F 29 B6 5C 74 21 49 21 77 07 E4 0A
: 4D A9 02 30 15 45 2F 8F AE 08 2E 49 D9 B2 77 73
: E8 41 08 4E 2D B0 B0 EE 2F 49 B7 75 D7 70 E0 60
: FC A3 C9 49 38 C8 B3 79 71 46 98 C3 17 20 A9 13
: E7 EE E3 99 AA E2 1F C3 C3 7A B3 70 40 DA F3 40
: 0B 69 99 DC EB 5C 10 A9 FF A8 66 D1 56 BB B9 B9
: 84 CB 6D 03 3F 96 CC 6D 5A 92 8B 00 23 CB 8B FE
: FB BF 19 26 7F C9 69 CC 93 98 5A E4 DE D3 B0 DE
: 6E 0E 29 9C E8 05 D7 4F 3D A0 F7 C2 B2 8E 0E FF
: 06 DA 46 0B ED 3B 84 BF 88 17 9C 40 DA 52 65 62
: A9 BB F5 7A E7 D1 78 69 9D 61 D5 48 53 56 0A BB
: DD F3 35 C3 04 0D C0 BD 26 41 C1 E4 9E 19 A2 4B
: }
: }
438 124: SEQUENCE {
440 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
451 29: SEQUENCE {
453 9: OBJECT IDENTIFIER
: aes128-CBC (2 16 840 1 101 3 4 1 2)
464 16: OCTET STRING
: 9E C3 11 33 C1 F5 42 09 C8 8B D2 C9 54 32 78 46
: }
482 80: [0]
: 89 5B E2 84 60 E5 45 2B 74 CC 61 4F A2 E4 03 37
: D3 C6 83 52 A3 CF C9 E8 C7 8D AF F3 36 39 56 BF
: 8F 7D E3 F8 65 43 6E 61 65 85 5B 62 AC BF 3A DD
: 99 C7 8B B7 BA A7 3F 97 61 3C B1 E2 E0 45 BC 17
: 43 51 03 F4 41 8C 55 E7 02 5F CC AE F5 02 6B D8
: }
: }
: }
: }
Below is the ASN.1 parsing of "BINARY BLOB 4".
0 471: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 456: [0] {
19 452: SEQUENCE {
23 1: INTEGER 1
26 11: SET {
28 9: SEQUENCE {
30 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
37 0: NULL
: }
: }
39 11: SEQUENCE {
Jennings, et al. Expires July 26, 2010 [Page 26]
Internet-Draft SIP Secure Call Flows January 2010
41 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: }
52 419: SET {
56 415: SEQUENCE {
60 1: INTEGER 1
63 124: SEQUENCE {
65 112: SEQUENCE {
67 11: SET {
69 9: SEQUENCE {
71 3: OBJECT IDENTIFIER countryName (2 5 4 6)
76 2: PrintableString 'US'
: }
: }
80 19: SET {
82 17: SEQUENCE {
84 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
89 10: PrintableString 'California'
: }
: }
101 17: SET {
103 15: SEQUENCE {
105 3: OBJECT IDENTIFIER localityName (2 5 4 7)
110 8: PrintableString 'San Jose'
: }
: }
120 14: SET {
122 12: SEQUENCE {
124 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
129 5: PrintableString 'sipit'
: }
: }
136 41: SET {
138 39: SEQUENCE {
140 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
145 32: PrintableString 'Sipit Test Certificate Aut
hority'
: }
: }
: }
179 8: INTEGER 01 52 01 54 01 90 00 47
: }
189 9: SEQUENCE {
191 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
198 0: NULL
: }
Jennings, et al. Expires July 26, 2010 [Page 27]
Internet-Draft SIP Secure Call Flows January 2010
200 13: SEQUENCE {
202 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
213 0: NULL
: }
215 256: OCTET STRING
: 29 C3 93 9D 71 C5 93 52 80 4B 0F C5 66 C7 CD 18
: 2F 4D A0 07 E1 29 CE F9 2E CE 92 16 CD 7D B1 45
: 5A 6D C2 5A 90 51 C3 20 66 FC 76 F0 DF D3 AE C5
: CE 4D DF C8 0D D7 87 B3 69 ED 81 BA 71 EA B4 C0
: E3 F5 A3 A4 CA 2E 36 A3 29 37 86 37 C3 B6 90 A7
: EA 6A 27 52 C6 9C AB B1 2C 7B 60 10 26 E9 33 43
: 83 BA 06 B0 68 05 26 88 A2 68 1A 4E E5 82 16 5B
: E4 00 7D 18 09 4A 13 09 2D B5 F1 A6 C0 39 60 29
: 02 32 24 29 D6 37 55 4C 42 DA 7D E9 98 F8 C6 FE
: E8 01 1C 56 8B AD DB D2 B2 C4 20 A0 CC 92 BD 9B
: 9F 0E C9 9E 5C BF 4E DA 1D D9 E4 02 DC DA 57 A6
: 59 EC 89 CD AD 66 D3 A3 7A 88 F9 A2 DA D5 9E FB
: 4F AD 7D D9 69 68 35 B1 98 10 64 42 1D 3D 24 57
: C5 BF 48 C3 B0 E6 3C 91 3C 27 52 28 D2 BE 2C AC
: 79 79 32 2E C4 9D 7C 8A 73 73 68 EC 60 E0 22 0D
: 50 7F 72 33 96 89 F8 9F 7B ED D1 4A 75 7B D5 14
: }
: }
: }
: }
: }
TODO: Actually use the allOneLine convention. This will be fixed in
a change to binary-generated content.
5. Observed Interoperability Issues
This section describes some common interoperability problems. These
were observed by the authors at SIPit interoperability events.
Implementers should be careful to verify that their systems do not
introduce these common problems, and, when possible, make their
clients forgiving in what they receive. Implementations should take
extra care to produce reasonable error messages when interacting with
software that has these problems.
Some SIP clients incorrectly only do SSLv3 and do not support TLS.
Many SIP clients were found to accept expired certificates with no
warning or error.
Jennings, et al. Expires July 26, 2010 [Page 28]
Internet-Draft SIP Secure Call Flows January 2010
When used with SIP, TLS and S/MIME provide the identity of the peer
that a client is communicating with in the Subject Alternative Name
in the certificate. The software must check that this name
corresponds to the identity the server is trying to contact. If a
client is trying to set up a TLS connection to good.example.com and
it gets a TLS connection set up with a server that presents a valid
certificate but with the name evil.example.com, it must generate an
error or warning of some type. Similarly with S/MIME, if a user is
trying to communicate with sip:fluffy@example.com, one of the items
in the Subject Alternate Name set in the certificate must match.
Some implementations used binary MIME encodings while others used
base64. Implementations should send only binary but must be prepared
to receive either.
In several places in this draft, the messages contain the encoding
for the SHA-1 digest algorithm identifier. The preferred form for
encoding as set out in Section 2 of RFC 3370 [5] is the form in which
the optional AlgorithmIdentifier parameter field is omitted.
However, RFC 3370 also says the recipients need to be able to receive
the form in which the AlgorithmIdentifier parameter field is present
and set to NULL. Examples of the form using NULL can be found in
Section 4.2 of RFC 4134 [18]. Receivers really do need to be able to
receive the form that includes the NULL because the NULL form, while
not preferred, is what was observed as being generated by most
implementations. Implementers should also note that if the algorithm
is MD5 instead of SHA-1, then the form that omits the
AlgorithmIdentifier parameters field is not allowed and the sender
has to use the form where the NULL is included.
The preferred encryption algorithm for S/MIME in SIP is AES as
defined in RFC 3853 [10].
Observed S/MIME interoperability has been better when UAs did not
attach the senders' certificates. Attaching the certificates
significantly increases the size of the messages, which should be
considered when sending over UDP. Furthermore, the receiver cannot
rely on the sender to always send the certificate, so it does not
turn out to be useful in most situations.
6. Additional Test Scenarios
This section provides a non-exhaustive list of tests that
implementations should perform while developing systems that use
S/MIME and TLS for SIP.
Much of the required behavior for inspecting certificates when using
Jennings, et al. Expires July 26, 2010 [Page 29]
Internet-Draft SIP Secure Call Flows January 2010
S/MIME and TLS with SIP is currently underspecified. The non-
normative recommendations in this document capture the current
folklore around that required behavior, guided by both related
normative works such as RFC 4474 [11] (particulary, section 13.4
Domain Names and Subordination) and informative works such as RFC
2818 [17] section 3.1. To summarize:
o For S/MIME, the peer's URI must appear in the subjectAltName of
the peer's certifcate as a uniformResourceIdentifier field.
o For TLS, the peer's hostname must appear as described in Draft SIP
Domain Certs [15]:
* an exact match in a dNSName entry in the subjectAltName if
there are any dNSNames in the subjectAltName. (Wildcard
matching is not allowed against these dNSName entries)
* the most specific CommonName in the Subject field if there are
no dNSName entries in the subjectAltName at all (which is not
the same as there being no matching dNSName entries). This
match can be either exact, or against an entry that uses the
wildcard matching character '*'
The peer's hostname is discovered from the initial DNS query in
the server location process RFC 3263 [3].
o An IP Address can appear in subjectAltName (RFC 5280 [13]) of the
peer's certificate, e.g. "DNS:192.168.0.1".
OPEN ISSUE: From first bullet, "peer's URI"...What URI? An AoR for
the user? From or To values? Contacts? Request-URIs? For request
URIs, do we need to discuss the effects of retargeting? Do we need
to consider some of the current History-Info discussions?
OPEN ISSUE: From second bullet: What if all you've got is an IP
address? Do we disallow IPAddress entries in subjectAltName? IP
addresses can appear in the subjectAltName (rfc5280 says so.) Their
handling is specified in domain-certs (I believe they will appear as
"DNS:192.168.0.1"; we need to have someone -- from pkix? -- ascertain
this. If this is the case, then their handling is specified in S7.1
of domain-certs.
OPEN ISSUE: First sub-bullet (Wildcard matching is not allowed
against these dNSName entries): Is there something that can be
referenced here? In particular, RFC2818 explicitly allows wildcards
in dNSName entries. It is not obvious to me whether the proscription
against wildcards in RFC4474 should apply to general use of TLS, or
just to identity.
For each of these tests, an implementation will proceed past the
verification point only if the certificate is "good". S/MIME
protected requests presenting bad certificate data will be rejected.
S/MIME protected responses presenting bad certificate information
will be ignored. TLS connections involving bad certificate data will
Jennings, et al. Expires July 26, 2010 [Page 30]
Internet-Draft SIP Secure Call Flows January 2010
not be completed.
1. S/MIME : Good peer certificate
2. S/MIME : Bad peer certificate (peer URI does not appear in
subjAltName)
3. S/MIME : Bad peer certificate (valid authority chain does not
end at a trusted CA)
4. S/MIME : Bad peer certificate (incomplete authority chain)
5. S/MIME : Bad peer certificate (the current time does not fall
within the period of validity)
6. S/MIME : Bad peer certificate (certificate or cert in authority
chain has been revoked)
7. S/MIME : Bad peer certificate ("Digital Signature" is not
specified as an X509v3 Key Usage)
8. TLS : Good peer certificate (hostname appears in dNSName in
subjAltName)
9. TLS : Good peer certificate (no dNSNames in subjAltName,
hostname appears in CN of Subject)
10. TLS : Good peer certificate (CN of Subject empty, and
subjectAltName extension contains an iPAddress stored in the
octet string in network byte order form as specified in RFC 791
[1])
11. TLS : Bad peer certificate (no match in dNSNames or in the
Subject CN)
12. TLS : Bad peer certificate (valid authority chain does not end
at a trusted CA)
13. TLS : Bad peer certificate (incomplete authority chain)
14. TLS : Bad peer certificate (the current time does not fall
within the period of validity)
15. TLS : Bad peer certificate (certificate or cert in authority
chain has been revoked)
16. TLS : Bad peer certificate ("TLS Web Server Authentication" is
not specified as an X509v3 Key Usage)
OPEN ISSUE: Should we have at least one case for SIP EKU?
7. IANA Considerations
No IANA actions are required.
8. Acknowledgments
Many thanks to the developers of all the open source software used to
create these call flows. This includes the underlying crypto and TLS
software used from openssl.org, the SIP stack from
www.resiprocate.org, and the SIMPLE IMPP agent from www.sipimp.org.
Jennings, et al. Expires July 26, 2010 [Page 31]
Internet-Draft SIP Secure Call Flows January 2010
The TLS flow dumps were done with SSLDump from
http://www.rtfm.com/ssldump. The book "SSL and TLS" [20] was a huge
help in developing the code for these flows. It's sad there is no
second edition.
Thanks to Jim Schaad, Russ Housley, Eric Rescorla, Dan Wing, Tat
Chan, and Lyndsay Campbell who all helped find and correct mistakes
in this document.
Vijay Gurbani and Alan Jeffrey contributed much of the additional
test scenario content.
9. Security Considerations
Implementers must never use any of the certificates provided in this
document in anything but a test environment. Installing the CA root
certificates used in this document as a trusted root in operational
software would completely destroy the security of the system while
giving the user the impression that the system was operating
securely.
This document recommends some things that implementers might test or
verify to improve the security of their implementations. It is
impossible to make a comprehensive list of these, and this document
only suggests some of the most common mistakes that have been seen at
the SIPit interoperability events. Just because an implementation
does everything this document recommends does not make it secure.
This document does not show the messages needed to check certificate
revocation status (see RFC 5280 [13]) as that is not part of the SIP
call flow. The expectation is that revocation status is checked
periodically and regularly to protect against the possibility of
certificate compromise or repudiation.
10. Changelog
(RFC Editor: remove this section)
-01 to -02
* Draft is now informational, not standards track. Normative-
sounding language and references to RFC 2119 removed.
* Add TODO: change "hello" to "Hello!" in example flows for
consistency.
* Add TODO: Fix subjectAltName DNS:com to DNS:example.com and
DNS:net to DNS:example.net.
Jennings, et al. Expires July 26, 2010 [Page 32]
Internet-Draft SIP Secure Call Flows January 2010
* Add TODO: use allOneLine convention from RFC4475.
* Section 3: updated open issue regarding contact headers in
MESSAGE.
* Section 3.2: added some text about RFC 3263 and connection
reuse and closed open issue.
* Section 5: clarified text about sender attaching certs, closed
issue.
* Section 5: clarified text about observed problems, closed
issue.
* Section 5: closed issue about clients vs. servers vs. proxies.
* Section 6: updatee section text and open issue where IP address
is in subjectAltName.
* Section 6: added normative references and closed "folklore"
issue.
* Section 6: added cases about cert usage and broken chains,
updated OPEN ISSUE: we need a SIP EKU example.
* References: updated references to drafts and re-categorized
informative vs. normative.
* Section 9: added some text about revocation status and closed
issue.
* Appendix B: open issue: do we need non-root-CA certs and host
certs signed by them for help in testing cases in Section 6?
* Miscellaneous minor editorial changes.
-00 to -01
* Addition of OPEN ISSUES.
* Numerous minor edits from mailing list feedback.
to -00
* Changed RFC 3369 references to RFC 3852.
* Changed draft-ietf-sip-identity references to RFC 4474.
* Added an ASN.1 dump of CMS signed content where SHA-1
parameters are omitted instead of being set to ASN.1 NULL.
* Accept headers added to messages.
* User and domain certificates are generated with EKU as
specified in Draft SIP EKU [14].
* Message content that is shown is computed using certificates
generated with EKU.
* Message dump archive returned.
* Message archive contains messages formed with and without EKU
certificates.
prior to -00
* Incorporated the Test cases from Vijay Gurbani's and Alan
Jeffrey's Use of TLS in SIP draft
* Began to capture the folklore around where identities are
carried in certificates for use with SIP
* Removed the message dump archive pending verification (will
return in -02)
Jennings, et al. Expires July 26, 2010 [Page 33]
Internet-Draft SIP Secure Call Flows January 2010
11. References
11.1. Normative References
[1] Postel, J., "Internet Protocol", STD 5, RFC 791,
September 1981.
[2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[3] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol
(SIP): Locating SIP Servers", RFC 3263, June 2002.
[4] Chown, P., "Advanced Encryption Standard (AES) Ciphersuites for
Transport Layer Security (TLS)", RFC 3268, June 2002.
[5] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms",
RFC 3370, August 2002.
[6] Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., and
D. Gurle, "Session Initiation Protocol (SIP) Extension for
Instant Messaging", RFC 3428, December 2002.
[7] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and
T. Wright, "Transport Layer Security (TLS) Extensions",
RFC 3546, June 2003.
[8] Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions
(S/MIME) Version 3.1 Message Specification", RFC 3851,
July 2004.
[9] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852,
July 2004.
[10] Peterson, J., "S/MIME Advanced Encryption Standard (AES)
Requirement for the Session Initiation Protocol (SIP)",
RFC 3853, July 2004.
[11] Peterson, J. and C. Jennings, "Enhancements for Authenticated
Identity Management in the Session Initiation Protocol (SIP)",
RFC 4474, August 2006.
[12] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
Protocol Version 1.2", RFC 5246, August 2008.
[13] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley,
R., and W. Polk, "Internet X.509 Public Key Infrastructure
Jennings, et al. Expires July 26, 2010 [Page 34]
Internet-Draft SIP Secure Call Flows January 2010
Certificate and Certificate Revocation List (CRL) Profile",
RFC 5280, May 2008.
[14] Lawrence, S. and V. Gurbani, "Using Extended Key Usage (EKU)
for Session Initiation Protocol (SIP) X.509 Certificates",
draft-ietf-sip-eku-08 (work in progress), October 2009.
[15] Gurbani, V., Lawrence, S., and B. Laboratories, "Domain
Certificates in the Session Initiation Protocol (SIP)",
draft-ietf-sip-domain-certs-04 (work in progress), May 2009.
[16] Gurbani, V., Mahy, R., and B. Tate, "Connection Reuse in the
Session Initiation Protocol (SIP)",
draft-ietf-sip-connect-reuse-14 (work in progress),
August 2009.
11.2. Informative References
[17] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[18] Hoffman, P., "Examples of S/MIME Messages", RFC 4134,
July 2005.
[19] Sparks, R., Hawrylyshen, A., Johnston, A., Rosenberg, J., and
H. Schulzrinne, "Session Initiation Protocol (SIP) Torture Test
Messages", RFC 4475, May 2006.
[20] Rescorla, E., "SSL and TLS - Designing and Building Secure
Systems", 2001.
[21] Rescorla, E., "SSLDump manpage".
Appendix A. Making Test Certificates
These scripts allow you to make certificates for test purposes. The
certificates will all share a common CA root so that everyone running
these scripts can have interoperable certificates. WARNING - these
certificates are totally insecure and are for test purposes only.
All the CA created by this script share the same private key to
facilitate interoperability testing, but this totally breaks the
security since the private key of the CA is well known.
The instructions assume a Unix-like environment with openssl
installed, but openssl does work in Windows too. OpenSSL version
0.9.8j was used to generate the certificates used in this document.
Make sure you have openssl installed by trying to run "openssl". Run
the makeCA script found in Appendix A.1; this creates a subdirectory
Jennings, et al. Expires July 26, 2010 [Page 35]
Internet-Draft SIP Secure Call Flows January 2010
called demoCA. If the makeCA script cannot find where your openssl
is installed you will have to set an environment variable called
OPENSSLDIR to whatever directory contains the file openssl.cnf. You
can find this with a "locate openssl.cnf". You are now ready to make
certificates.
To create certs for use with TLS, run the makeCert script found in
Appendix A.2 with the fully qualified domain name of the proxy you
are making the certificate for. For example, "makeCert
host.example.net". This will generate a private key and a
certificate. The private key will be left in a file named
domain_key_example.net.pem in pem format. The certificate will be in
domain_cert_example.net.pem. Some programs expect both the
certificate and private key combined together in a PKCS12 format
file. This is created by the script and left in a file named
example.net.p12. Some programs expect this file to have a .pfx
extension instead of .p12 - just rename the file if needed. A file
with a certificate signing request, called example.net.csr, is also
created and can be used to get the certificate signed by another CA.
A second argument indicating the number of days for which the
certificate should be valid can be passed to the makeCert script. It
is possible to make an expired certificate using the command
"makeCert host.example.net 0".
Anywhere that a password is used to protect a certificate, the
password is set to the string "password".
The root certificate for the CA is in the file
root_cert_fluffyCA.pem.
For things that need DER format certificates, a certificate can be
converted from PEM to DER with "openssl x509 -in cert.pem -inform PEM
-out cert.der -outform DER".
Some programs expect certificates in PKCS#7 format (with a file
extension of .p7c). You can convert these from PEM format to PKCS#7
with "openssl crl2pkcs7 -nocrl -certfile cert.pem -certfile demoCA/
cacert.pem -outform DER -out cert.p7c"
IE (version 8), Outlook Express (version 6), and Firefox (version
3.5) can import and export .p12 files and .p7c files. You can
convert a pkcs7 certificate to PEM format with "openssl pkcs7 -in
cert.p7c -inform DER -outform PEM -out cert.pem".
The private key can be converted to pkcs8 format with "openssl pkcs8
-in a_key.pem -topk8 -outform DER -out a_key.p8c"
Jennings, et al. Expires July 26, 2010 [Page 36]
Internet-Draft SIP Secure Call Flows January 2010
OPEN ISSUE: The information in this section needs to be verified with
the latest software versions. How to do conversions between
supported types needs to be updated accordingly. Any Windows users
out there want to volunteer for verify the Windows side of these?
In general, a TLS client will just need the root certificate of the
CA. A TLS server will need its private key and its certificate.
These could be in two PEM files, a single file with both certificate
and private key PEM sections, or a single .p12 file. An S/MIME
program will need its private key and certificate, the root
certificate of the CA, and the certificate for every other user it
communicates with.
A.1. makeCA script
#!/bin/sh
set -x
rm -rf demoCA
mkdir demoCA
mkdir demoCA/certs
mkdir demoCA/crl
mkdir demoCA/newcerts
mkdir demoCA/private
echo "01" > demoCA/serial
hexdump -n 4 -e '4/1 "%04u"' /dev/random > demoCA/serial
touch demoCA/index.txt
# You may need to modify this for where your default file is
# you can find where yours in by typing "openssl ca"
for D in /etc/ssl /usr/local/ssl /sw/etc/ssl /sw/share/ssl; do
CONF=${OPENSSLDIR:=$D}/openssl.cnf
[ -f ${CONF} ] && break
done
CONF=${OPENSSLDIR}/openssl.cnf
if [ ! -f $CONF ]; then
echo "Can not find file $CONF - set your OPENSSLDIR variable"
exit
fi
cp $CONF openssl.cnf
cat >> openssl.cnf <<EOF
[ sipdomain_cert ]
subjectAltName=\${ENV::ALTNAME}
Jennings, et al. Expires July 26, 2010 [Page 37]
Internet-Draft SIP Secure Call Flows January 2010
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth,1.3.6.1.5.5.7.3.20
[ sipdomain_req ]
basicConstraints = CA:FALSE
subjectAltName=\${ENV::ALTNAME}
subjectKeyIdentifier=hash
[ sipuser_cert ]
subjectAltName=\${ENV::ALTNAME}
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
extendedKeyUsage=emailProtection,1.3.6.1.5.5.7.3.20
[ sipuser_req ]
basicConstraints = CA:FALSE
subjectAltName=\${ENV::ALTNAME}
subjectKeyIdentifier=hash
[ sipdomain_noeku_cert ]
subjectAltName=\${ENV::ALTNAME}
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
[ sipdomain_noeku_req ]
basicConstraints = CA:FALSE
subjectAltName=\${ENV::ALTNAME}
subjectKeyIdentifier=hash
[ sipuser_noeku_cert ]
subjectAltName=\${ENV::ALTNAME}
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
[ sipuser_noeku_req ]
basicConstraints = CA:FALSE
subjectAltName=\${ENV::ALTNAME}
subjectKeyIdentifier=hash
Jennings, et al. Expires July 26, 2010 [Page 38]
Internet-Draft SIP Secure Call Flows January 2010
EOF
cat > demoCA/private/cakey.pem <<EOF
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4B47A0A73ADE342E
aHmlPa+ZrOV6v+Jk0SClxzpxoG3j0ZuyoVkF9rzq2bZkzVBKLU6xhWwjMDqwA8dH
3fCRLhMGIUVnmymXYhTW9svI1gpFxMBQHJcKpV/SmgFn/fbYk98Smo2izHOniIiu
NOu2zr+bMiaBphOAZ/OCtVUxUOoBDKN9lR39UCDOgkEQzp9Vbw7l736yu5H9GMHP
JtGLJyx3RhS3TvLfLAJZhjm/wZ/9QM8GjyJEiDhMQRJVeIZGvv4Yr1u6yYHiHfjX
tX2eds8Luc83HbSvjAyjnkLtJsAZ/8cFzrd7pjFzbogLdWuil+kpkkf5h1uzh7oa
um0M1EXBE4tcDHsfg1iqEsDMIei/U+/rWfk1PrzYlklwZp8S03vulkDm1fT76W7d
mRBg4+CrHA6qYn6EPWB37OBtfEqAfINnIcI1dWzso9A0bTPD4EJO0JA0PcZ/2JgT
PaKySgooHQ8AHNQebelch6M5LFExpaOADJKrqauKcc2HeUxXaYIpac5/7drIl3io
UloqUnMlGa3eLP7BZIMsZKCfHZ8oqwU4g6mmmJath2gODRDx3mfhH6yaimDL7v4i
SAIIkrEHXfSyovrTJymfSfQtYxUraVZDqax6oj/eGllRxliGfMLYG9ceU+yU/8FN
LE7P+Cs19H5tHHzx1LlieaK43u/XvbXHlB5mqL/fZdkUIBJsjbBVx0HR8eQl2CH9
YJDMOPLADecwHoyKA0AY59oN9d41oF7yZtN9KwNdslROYH7mNJlqMMenhXCLN+Nz
vVU5/7/ugZFhZqfS46c1WdmSvuqpDp7TBtMeaH/PXjysBr0iZffOxQ==
-----END RSA PRIVATE KEY-----
EOF
cat > demoCA/cacert.pem <<EOF
-----BEGIN CERTIFICATE-----
MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
eTAeFw0wMzA3MTgxMjIxNTJaFw0xMzA3MTUxMjIxNTJaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEOMAwGA1UE
ChMFc2lwaXQxKTAnBgNVBAsTIFNpcGl0IFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDIh6DkcUDLDyK9BEUxkud
+nJ4xrCVGKfgjHm6XaSuHiEtnfELHM+9WymzkBNzZpJu30yzsxwfKoIKugdNUrD4
N3viCicwcN35LgP/KnbN34cavXHr4ZlqxH+OdKB3hQTpQa38A7YXdaoz6goW2ft5
Mi74z03GNKP/G9BoKOGd5QIDAQABo4HNMIHKMB0GA1UdDgQWBBRrRhcU6pR2JYBU
bhNU2qHjVBShtjCBmgYDVR0jBIGSMIGPgBRrRhcU6pR2JYBUbhNU2qHjVBShtqF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcT
CFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQUFAAOBgQCWbRvv1ZGTRXxbH8/EqkdSCzSoUPrs+rQqR0xdQac9wNY/nlZbkR3O
qAezG6Sfmklvf+DOg5RxQq/+Y6I03LRepc7KeVDpaplMFGnpfKsibETMipwzayNQ
QgUf4cKBiF+65Ue7hZuDJa2EMv8qW4twEhGDYclpFU9YozyS1OhvUg==
-----END CERTIFICATE-----
EOF
# uncomment the following lines to generate your own key pair
Jennings, et al. Expires July 26, 2010 [Page 39]
Internet-Draft SIP Secure Call Flows January 2010
# openssl req -newkey rsa:1024 -passin pass:password \
# -passout pass:password \
# -sha1 -x509 -keyout demoCA/private/cakey.pem \
# -out demoCA/cacert.pem -days 3650 -config ${CONF} <<EOF
# US
# California
# San Jose
# sipit
# Sipit Test Certificate Authority
#
#
# EOF
openssl crl2pkcs7 -nocrl -certfile demoCA/cacert.pem \
-outform DER -out demoCA/cacert.p7c
cp demoCA/cacert.pem root_cert_fluffyCA.pem
A.2. makeCert script
#!/bin/sh
set -x
# Make a symbolic link to this file called "makeUserCert"
# if you wish to use it to make certs for users.
# ExecName=$(basename $0)
#
# if [ ${ExecName} == "makeUserCert" ]; then
# ExtPrefix="sipuser"
# elif [ ${ExecName} == "makeEkuUserCert" ]; then
# ExtPrefix="sipuser_eku"
# elif [ ${ExecName} == "makeEkuCert" ]; then
# ExtPrefix="sipdomain_eku"
# else
# ExtPrefix="sipdomain"
# fi
if [ $# == 3 ]; then
DAYS=1095
elif [ $# == 4 ]; then
DAYS=$4
else
echo "Usage: makeCert test.example.org user|domain eku|noeku [days]"
echo " makeCert alice@example.org [days]"
Jennings, et al. Expires July 26, 2010 [Page 40]
Internet-Draft SIP Secure Call Flows January 2010
echo "days is how long the certificate is valid"
echo "days set to 0 generates an invalid certificate"
exit 0
fi
ExtPrefix="sip"${2}
if [ $3 == "noeku" ]; then
ExtPrefix=${ExtPrefix}"_noeku"
fi
DOMAIN=`echo $1 | perl -ne '{print "$1\n" if (/\.(.*)$/)}' `
ADDR=$1
echo "making cert for $DOMAIN ${ADDR}"
rm -f ${ADDR}_*.pem
rm -f ${ADDR}.p12
case ${ADDR} in
*:*) ALTNAME="URI:${ADDR}" ;;
*@*) ALTNAME="URI:sip:${ADDR},URI:im:${ADDR},URI:pres:${ADDR}" ;;
*) ALTNAME="DNS:${DOMAIN},URI:sip:${ADDR}" ;;
esac
rm -f demoCA/index.txt
touch demoCA/index.txt
rm -f demoCA/newcerts/*
export ALTNAME
openssl genrsa -out ${ADDR}_key.pem 2048
openssl req -new -config openssl.cnf -reqexts ${ExtPrefix}_req \
-sha1 -key ${ADDR}_key.pem \
-out ${ADDR}.csr -days ${DAYS} <<EOF
US
California
San Jose
sipit
${ADDR}
EOF
Jennings, et al. Expires July 26, 2010 [Page 41]
Internet-Draft SIP Secure Call Flows January 2010
if [ $DAYS == 0 ]; then
openssl ca -extensions ${ExtPrefix}_cert -config openssl.cnf \
-passin pass:password -policy policy_anything \
-md sha1 -batch -notext -out ${ADDR}_cert.pem \
-startdate 990101000000Z \
-enddate 000101000000Z \
-infiles ${ADDR}.csr
else
openssl ca -extensions ${ExtPrefix}_cert -config openssl.cnf \
-passin pass:password -policy policy_anything \
-md sha1 -days ${DAYS} -batch -notext -out ${ADDR}_cert.pem \
-infiles ${ADDR}.csr
fi
openssl pkcs12 -passin pass:password \
-passout pass:password -export \
-out ${ADDR}.p12 -in ${ADDR}_cert.pem \
-inkey ${ADDR}_key.pem -name ${ADDR} -certfile demoCA/cacert.pem
openssl x509 -in ${ADDR}_cert.pem -noout -text
case ${ADDR} in
*@*) mv ${ADDR}_key.pem user_key_${ADDR}.pem; \
mv ${ADDR}_cert.pem user_cert_${ADDR}.pem ;;
*) mv ${ADDR}_key.pem domain_key_${ADDR}.pem; \
mv ${ADDR}_cert.pem domain_cert_${ADDR}.pem ;;
esac
Appendix B. Certificates for Testing
This section contains various certificates used for testing in PEM
format.
OPEN ISSUE: Should we discuss certificate chains? We aren't really
trying to be a tutorial. Would it be helpful to add a non-root CA
and hosts signed by that non-root CA to help with testing events? We
do imply non-root CAs in Section 6.
B.1. Certificates Using EKU
These certificates make use of the EKU specification described in
Draft SIP EKU [14].
Fluffy's certificate.
Jennings, et al. Expires July 26, 2010 [Page 42]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN CERTIFICATE-----
MIIEHzCCA4igAwIBAgIIAVIBVAGQAEcwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDI5MTcxMDQ2WhcNMTIwNDI4MTcxMDQ2WjBiMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJmbHVmZnlAZXhhbXBsZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0D+gYLbGbk+9kaxnXg6z3rxI3
MEjfblUKzvcqGRdmvEKveq94bJbGwd5eOGeTjfJAE7VvB3neMiwj57rkqDYyg4p1
eYaFolDRu7WBNn5r8mSbtlTTi8RNTSaUrnxQ5LLmX6w04JdRzf9muZKYxcwi5www
pEymN7ohMbKBkw0k7qcnybPsRuP5etJCClmr56OLMGY9MYhv7sSNJMqZ8chMUA1L
a3OArHRvRbEpKaGJQJQCVyOLbWBcONMfw7t0PRWHry0pFmwwAU7jORMXa+pYl3Wf
YDiELDGVbthtaYG7LvpZovsIU1nfHpQX5RD4clr7Tk8vzTs9MMW2yDvg5zLtAgMB
AAGjggFKMIIBRjBRBgNVHREESjBIhhZzaXA6Zmx1ZmZ5QGV4YW1wbGUuY29thhVp
bTpmbHVmZnlAZXhhbXBsZS5jb22GF3ByZXM6Zmx1ZmZ5QGV4YW1wbGUuY29tMAkG
A1UdEwQCMAAwHQYDVR0OBBYEFNKiIvtNoTe5FQse/Ce8+gCnHPIpMIGaBgNVHSME
gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
eYIBADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMU
MA0GCSqGSIb3DQEBBQUAA4GBAICg20XdfbZQtpMnNs3NKDw5I6rkbpz32YyWTbc2
9qzBj4bYapE6T1poMjffD91AtzRokc4P8BYC7r62HeGSh8leqUJ4JkW7Fwjug+rp
2DCEZpBpuHj/xAlc6uKKEOb5ZOvbRw4QKU0Ou1NlcOFxgsjQFPQkMEmm/ICosYS8
6XN1
-----END CERTIFICATE-----
Fluffy's private key
Jennings, et al. Expires July 26, 2010 [Page 43]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA9A/oGC2xm5PvZGsZ14Os968SNzBI325VCs73KhkXZrxCr3qv
eGyWxsHeXjhnk43yQBO1bwd53jIsI+e65Kg2MoOKdXmGhaJQ0bu1gTZ+a/Jkm7ZU
04vETU0mlK58UOSy5l+sNOCXUc3/ZrmSmMXMIucMMKRMpje6ITGygZMNJO6nJ8mz
7Ebj+XrSQgpZq+ejizBmPTGIb+7EjSTKmfHITFANS2tzgKx0b0WxKSmhiUCUAlcj
i21gXDjTH8O7dD0Vh68tKRZsMAFO4zkTF2vqWJd1n2A4hCwxlW7YbWmBuy76WaL7
CFNZ3x6UF+UQ+HJa+05PL807PTDFtsg74Ocy7QIDAQABAoIBAGAETgQNHf2eAqVX
+U+vLwI2bw0lQtYb+vsIl3aJboptcDLHKndPCTZimRAqUp1bT73jwxJON6SxymnJ
xd4lS0UuOO+kgsbaJ7+LgIm4HZ5sOyaDYfXj27OpsY724lOU1ckKRJ586Ss2xs7s
HP9beccVbNdKHBmcfO6INbkCWD55nLspPlNOaRZwW/h7ID0hT+Kd4e+U4Kz9TeeD
NsmugwrPaNX3T1R1QBPK9HDLv8cyo3AJskfN7K+14tY+bkwAH+6IySq2JvhUBHnZ
xI/ieO0SeX+kG2nEk8nkXlphyrUJ5o+HQBeWec8nx9jYH6jFN1fvB5GsLUEw9GHo
AOe5YgUCgYEA/KwR2E/pq4oRy3b6WbH3tSktmCcF9nzmBn0fUGYliX0HRtnp1pwx
x+OEUMsDmnwE4TmMJudzFYLRWbddm4pYHiqZGLjmd96UDUsjU+eV0INw4sebsoP4
ymO7JEPt+ewOz07/+aKsqtUCeJUFXksqUmz8yPOkSRgwG7WdJtZvcm8CgYEA90bO
gtR3Owc17X7i1eeNmpo7PHFuAK3b3ULqmLSQebIPBYTMBJ0GMPqSqHcCSYwAuT3O
HIH6i7B7I2GniqgC2nGaN962yy1nh3S8NnUuJ0LcxoMoDSpy6d2INlL27XG6K9dv
ROLhVylPlFnlo/QEWJy2OrzXtRPQOYAMJS2iLmMCgYBZLPmXWIzl5/Lj1ngBFBiS
rZfT7WHjXq1oeNyGaaax4Zih3uLyxWmkXJ4kTaJV8ZNfUgou6NzrKKJugZLeBHOZ
IfuqiAd/IuUp0+0B/egYEWvT/hLrbDxwYcZ4xCjHXhLUA9O/7TP3jvoySJX+c5Ta
RnDpE2RWD91ayjxOqrvmrQKBgQDw2OWiJoGvW9mZ5mHYiL2y3RBfUfgb7ztcaqYH
cK/b6KOa83qn762tHRKlxazTp+q4gstzluJLFu0JTD+c3QJSdB4K1wFiKmpRVFFS
FZaLpSNWsz7afAMLaLwYdXyPT5tOwnpdNULY26LoUxtKMw3cpV8VHQRZGeBRcTfj
KmxyEwKBgH/8LJfit80sEYSUB0MDa8diI8Bc/BJwHJYgZpihpjGXh0YFGN+laX9+
CSgbG9FyvSTO6fRhRlhRSVlZt4fcx9woMXcmG+PzITLcCdaJHFOuqWUS8cPa+II2
NW30dkcLPKpxa8bOBC7x6mxYzdw4GfpZmQlIo9SS6NwqU7sHuqpC
-----END RSA PRIVATE KEY-----
Kumiko's certificate
Jennings, et al. Expires July 26, 2010 [Page 44]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN CERTIFICATE-----
MIIEHzCCA4igAwIBAgIIAVIBVAGQAEgwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDI5MTcxMDQ3WhcNMTIwNDI4MTcxMDQ3WjBiMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJrdW1pa29AZXhhbXBsZS5uZXQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9KZU33jUDzO1UjmSEWEjKPjA3
yzJJTZuKTRq0BOmwtYwPBeGzp3gePo5jTOUB3PAqzm26PlobjqmobPOErKuIFLsX
1Wz4BsQEArBqm8951Z5TreerajP1SgIvCFHw9B/QOQQaLr7r9JSEQCYSM2mh/w9j
QzbB/cvl3EV70rPgtOoDxvWu0X11YmblvRjDUum1sECSPOsMbj+a+lZWR/VRkUoz
/nrRCy1JGLm6U7ZJ+It2ZTXOQHbAHhuOm4g+JduG20vqefF6hWyu7FuPFKSQqynk
LEqvxU5gf11T50b4cesE3beqUZjfA9Pnuhi80oSmJ4F8t5eLkli8+5CQgkX/AgMB
AAGjggFKMIIBRjBRBgNVHREESjBIhhZzaXA6a3VtaWtvQGV4YW1wbGUubmV0hhVp
bTprdW1pa29AZXhhbXBsZS5uZXSGF3ByZXM6a3VtaWtvQGV4YW1wbGUubmV0MAkG
A1UdEwQCMAAwHQYDVR0OBBYEFP2goFhmLdm2DfWUq+4yspNxHAkAMIGaBgNVHSME
gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
eYIBADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMU
MA0GCSqGSIb3DQEBBQUAA4GBALDTtkB6X0HQ08QnmVQBCex1/TuZ5I+sT8IWayp3
6rXEtRrAvnzgC8wF5qIVevL6jo6D2lShR5EEeu1ICxJzZuDKTZu3aen2XJgyhLds
MuxlHWCZ+Gxlo4EPzx9cc7NdW7x62qoHr2uyhrdvkNsqUfBl1TJRNc9l+RmdAzwa
t4NG
-----END CERTIFICATE-----
Kumiko's private key
Jennings, et al. Expires July 26, 2010 [Page 45]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAvSmVN941A8ztVI5khFhIyj4wN8sySU2bik0atATpsLWMDwXh
s6d4Hj6OY0zlAdzwKs5tuj5aG46pqGzzhKyriBS7F9Vs+AbEBAKwapvPedWeU63n
q2oz9UoCLwhR8PQf0DkEGi6+6/SUhEAmEjNpof8PY0M2wf3L5dxFe9Kz4LTqA8b1
rtF9dWJm5b0Yw1LptbBAkjzrDG4/mvpWVkf1UZFKM/560QstSRi5ulO2SfiLdmU1
zkB2wB4bjpuIPiXbhttL6nnxeoVsruxbjxSkkKsp5CxKr8VOYH9dU+dG+HHrBN23
qlGY3wPT57oYvNKEpieBfLeXi5JYvPuQkIJF/wIDAQABAoIBAQCI9zv5WOawGsjZ
icTUYwxJjB/jtjhyBUSTLmMgZ9JBxiJkmlCjgaYi2A7Hbdz/rVck15Vx3kXmYDUO
I91reo81GDWj+0BMkrGJad0NREZFJFzgoDH31w1KFU1herfCLTF/1ljXEHPja5PB
8qTeVuWsi38702YprrfddtHE53qhP3xWgzhYS8jcGfBYCccC8lPYPiHaU4gqErF9
Uxk6JGOS0D4iCY8Y4mvSQvWHHiYFVegnx9uuUCChX8CQtYZJvfNdOHJszlxxnGy7
O8/EvrEVrO9hmTrbG10nrFu/RVFUQDrY8N2ngtsVXYeso2aUT+Hnhzg6FQBLZXKh
lOWejTCxAoGBAPnY0RO5JAoaFjhYmlCd79GySUfBsrI50np6KNdrtWsylS6EETdv
QR5PFZG/sr3U/ez2FD2NadGABl1rMthSf4MT6J4oiMNuffLocXkVeXwUMgg+eHu7
rn0gDL8ZjzVVcwQPVsodjfJzC76Cbjb8JZoLxU/pa09agFTIDe2YDF/pAoGBAMHS
LNA6w0b1O/ZvQj0bZ6SLiPgydufodU6wvkxNBj+93k64eq/+S53SeDQA7oJpFBMZ
2kEhgEObYbYY+ZH9GGbsIJMGYcCG7dqXqpMljs4RM99ef5QrdzdDFUDRmRbd2Z+d
/28cEFsPeMKqU/kPTWZtjrJf+HMybQU4Dvb0Xe2nAoGBALJtX+r49j7soF+/Dv1x
vToBXAoNz6MuXh0vrokhl58lsZpVoMH5BwUxL1M2Ft0xBeK7XnsSybZe+qyuiNIq
IHwotKB2jC0ddH8L9zWk22x8M7rlej/LKfKb995lz3skOg51MeMHtj6mYIW+Oh20
dtoLe+704Lj8BdgGQsQiKPw5AoGBAK/biguY9auBQNm1Uy1smxpB/JHt/9MlKKKw
XMmQLXZSSM22NqNOoL9ewu+0VLQAsVUvZMcppV4yMnLtsCvUr3pbDqc36COuiUuH
xx3huvOfyigGbs06rt12QWdhhXyo6BcaXTQsC28D17cQokZdqwWfrBSOXTfwbdiJ
Z5KMYFkLAoGAGL9UX9Dea9qnsJZUryxhTxo55ggbKBcJQv+syT8veEJFL9oBsU+b
bz+OXOmw0GauPywgok3qpLZ+4mxWs4sX4ca3c/eVCKmpUJ4oWnarhEn5n+jIiWVo
wJP99QCcEdajdf4r/E8tywJ7LgiE37YMQYl9oWOYexOQNg/HRqtM1VU=
-----END RSA PRIVATE KEY-----
Certificate for example.com
Jennings, et al. Expires July 26, 2010 [Page 46]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN CERTIFICATE-----
MIID5jCCA0+gAwIBAgIIAVIBVAGQAEMwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDI4MjIxMjAwWhcNMTIwNDI3MjIxMjAwWjBbMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMdgCSziC6aNLI+G60dyTdwgpUhpnMZ5czpl
5HS2gJlPbqQbG29ckSl8EaG9rSXGQqOWu9jIEdgqvDlf41+aVPUMd0TG8O6nc4XQ
0dc0ltgkg/4dp16UaqZ55ovWlgYxjdpN8XLAopxIydIfgCdgUrgSzEN852ast24H
vOfVD/pBszdPFjNx/G1zF7Vli2UDNIOOmH2LozbxpzeUZa/dEyn4G8KL+gUDa0sm
rqmTq10M8wiEnhbAE/rajxy2aZUEbcjPwBKP/ScqyxYW/cL6lP7oeEDkWqyn79cX
fej4howWNf8+Mv1DHMEgCCyqVqYXT7x0sF1XuqUZtCBG3TY9FbMCAwEAAaOCARgw
ggEUMB8GA1UdEQQYMBaCA2NvbYYPc2lwOmV4YW1wbGUuY29tMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFCjMmytPfENcna2Wi3OiT1hdMNQEMIGaBgNVHSMEgZIwgY+AFGtG
FxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoTBXNpcGl0MSkw
JwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eYIBADALBgNV
HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMUMA0GCSqGSIb3
DQEBBQUAA4GBAB+3woRDkNIGgUdI5xQ5Wq2gUzb7b9fhv7FlmP2mxeBat1+QCKvU
hSrRV/IOwSZD3uEmHu+QlZRudEU2AUHOQ8KRVN01qG5XO7I0carU6jSqjI7d4aQs
BUX7uDgMex9P1zzXaHxXV20Txj9E3f1r+2WWm4eSlRCv50fNcmxu12D1
-----END CERTIFICATE-----
Private key for example.com
Jennings, et al. Expires July 26, 2010 [Page 47]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAx2AJLOILpo0sj4brR3JN3CClSGmcxnlzOmXkdLaAmU9upBsb
b1yRKXwRob2tJcZCo5a72MgR2Cq8OV/jX5pU9Qx3RMbw7qdzhdDR1zSW2CSD/h2n
XpRqpnnmi9aWBjGN2k3xcsCinEjJ0h+AJ2BSuBLMQ3znZqy3bge859UP+kGzN08W
M3H8bXMXtWWLZQM0g46YfYujNvGnN5Rlr90TKfgbwov6BQNrSyauqZOrXQzzCISe
FsAT+tqPHLZplQRtyM/AEo/9JyrLFhb9wvqU/uh4QORarKfv1xd96PiGjBY1/z4y
/UMcwSAILKpWphdPvHSwXVe6pRm0IEbdNj0VswIDAQABAoIBACW1MScO/ZsbekEP
CHKz2Kv4dKo0Z1VWZQe3e7TjS4Ezd76L7e1q+X16HK+Veyj4zWO5P3/pnw5eTskf
LJbJTqYmHGyin7DTdNLrQrTMGnd4uIoYO650rZMc3RC3nho/xw9xzGeirV6Xmawn
DwrjeeGclItzFSTjJ7IkvoKuVl5DNzDAY2DA4YIb8uTYPsqX/jFMaPwxFFhT+mXJ
LX+oniwAsnihfHeXbFiTF1yEw4UCxn3xQ5YE8wZshG+8yjHyLzLAc8NQ7XnCkze8
G/En/LwwTAaX7L5yRSjBeb8Mp+96s11LtlzR+8uGVbu6nfcXbVTD2zYxuLiyp2VB
EZDaMQECgYEA79YZvUGhNt7F59N+oFpL1xaOjPprN7HV3OevJ5k2sue8B/NjVb5U
RNDxpANkyKh4wARzR25DEAh103XKlfsPOMCdZ9t/3zdOrl5SC7URPPEd4QGvWyKb
0KiNbwIQdSmiPHeMLsT/+pXu9HbH7key7Sl0pdGwvgNI1oy5xy3dnTMCgYEA1M/b
mviLD48Zzb3GtMnZHf4uh7W58muNsy9gAEFb4eNLFSpi11m/5s1+YiqB6WwkGjeF
Rrp8tGcNyOK6oaAa0G4g/CrSY1GHdDhketD26mFVhbwpYkvr3oPjFcTMnqbS1uTs
c8dniGnknMlP5e1jh4+GyPg6o+/1/6LIp4nFpYECgYBkg2wiHwE7h72VXNOyzGUA
bZmsh76rhsJEZGzJwbJk5C2vf1dgNfYHKTI8NJfmaITCpJrTkuhULdeDmdgfZyqH
9GGDh0BeAkXdWfY0pdvlmH+XLyeYoDaBCkLMBSd0ktBFWyzK5REKqg+NMMK1oCLi
tf8HB4x09ddu42dwjE5WdQKBgF3SSbIX008HusuO2DTKLHNhpWflQVZT/oO55iwW
pIiA6ZAqQKtKgSUjAY4LyXx8VapNQe+9tc7fBB/FfZxV9pxfgSFLS7fHsN0XI41V
5RXN1aOBIgmZCSLvqETnn4Jub9OX13rvtYBZlxVcV2I590BDkZu2fDvcReru/GGI
ht+BAoGBAKpKk0umVaTdJyrZQQtXy+vTomQPKA9CkAkY2UEtlaMYe6+/NfxG0Kwz
cWBUlm18LQkN+Xxzfv+fccqgq9bWDxXQOQN4+4kzNALCtpRiVT7PetXyxlIqHSvW
dR/DaSj/2QyIkamHYlQ/38X/dfgIXWSSRz28HOfBl+KRY/Hr+McO
-----END RSA PRIVATE KEY-----
Certificate for example.net
Jennings, et al. Expires July 26, 2010 [Page 48]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN CERTIFICATE-----
MIID5jCCA0+gAwIBAgIIAVIBVAGQAEQwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDI4MjIxMjAwWhcNMTIwNDI3MjIxMjAwWjBbMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLm5ldDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAOQ2eHy6Rcp2qJwG5nOtjPapW28C0KJgFDWf
VF3cFearrhGJh5HznphcjhUnyfIoVSn3PA138ZWZ4ecZFDyAgB5gXYfgs3rXGAD6
3d5iGYeTCT2jV3z69ppZdlDK+sMmySa2N/oZYaQfkHz62MdA0pT58oLPvi/PKWrz
4EEOAYUrt3u5bCaIK+jt1KkpVkXBitxdlHDHmne6sZ+9foBQnPxiB3FRVPvX3c2K
fzdMfru6PCAyC6wqR/ZJ2ExoH6AZKB/mMn27WLs1IKdgJecYMh3jWHnm03ZN7sG9
JT3lSh7HDmbPtTzf8k/v9khx+0jOF9oGAuubRDB7Jmu3Fzr3wGUCAwEAAaOCARgw
ggEUMB8GA1UdEQQYMBaCA25ldIYPc2lwOmV4YW1wbGUubmV0MAkGA1UdEwQCMAAw
HQYDVR0OBBYEFC2E2M9LFIlojb9rx+9mOPAye5W7MIGaBgNVHSMEgZIwgY+AFGtG
FxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoTBXNpcGl0MSkw
JwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eYIBADALBgNV
HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMUMA0GCSqGSIb3
DQEBBQUAA4GBADsZEm9o1Pjs0zA7AST1fu7IdkxIn6aEdXCRQ/HQn5QCg2qzVYjb
5rvv+Fj5Jdj0SNm2fXD5NX/ny5Bcq26mmMzrB5GtZAYPyNxmWvX4cN1MrKLGVVtB
wIguHgGYgF1AWhCguOMqSBxaI98+J4VMQuJ+w2NR7sW+wtyc9KMCW3OT
-----END CERTIFICATE-----
Private key for example.net
Jennings, et al. Expires July 26, 2010 [Page 49]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA5DZ4fLpFynaonAbmc62M9qlbbwLQomAUNZ9UXdwV5quuEYmH
kfOemFyOFSfJ8ihVKfc8DXfxlZnh5xkUPICAHmBdh+CzetcYAPrd3mIZh5MJPaNX
fPr2mll2UMr6wybJJrY3+hlhpB+QfPrYx0DSlPnygs++L88pavPgQQ4BhSu3e7ls
Jogr6O3UqSlWRcGK3F2UcMead7qxn71+gFCc/GIHcVFU+9fdzYp/N0x+u7o8IDIL
rCpH9knYTGgfoBkoH+YyfbtYuzUgp2Al5xgyHeNYeebTdk3uwb0lPeVKHscOZs+1
PN/yT+/2SHH7SM4X2gYC65tEMHsma7cXOvfAZQIDAQABAoIBAC1K/kjK83UGbdph
qDVHOZXu8N2scln3tasazzS9rH8WjbqfUA/QiSZ2ICDkv7jW9mgY0ItfxcvKOcKT
AKgtXMAqogWIvDZiIDp5j7VGRQjaTtgz5fZBHNZvcQMB9hjrRrrvKVby2KUpOpUD
eCi7nc/Bd7csofN9Kxw2AMkIjZavQXvNLpOCxoNj5k8XwOyCvrQ5SUoqeeA2a+Vq
FE1YNgmtVE2oFOXw/5xvrPIZyjfR9rwIijD7pUs1Inmrc/WZRYDKuYUfQ+DG0TiA
IFv1zYcamjVEaOqBErI+G8wM0PA6bVQz/J9gdsmIUtXIXLWkxdD7+5VgVqkLXbOX
kP+J4HUCgYEA+1zg6p0pMUdh54AU9qghMv1s+di8gBtxHLCF8LP3wFe1AHRgopfn
NppDz6TjQjcc6+0OeHwLlgoEwSnR3+3ik/Ae4dn1Ynfzrw8RqLuc/hfRgUC4zHxr
9kvqTIpV0R2Ytj4GaZW+xKTjzVHYR3gEkP+ItDGUXkT0T7w7I1UvAR8CgYEA6GxC
rm/HIlhwyo9nT9hxGliw7GbiENc2ql79a3H/es7EkSdn4NvDq2dUHvSCinISHQH3
+b0znHkGaQ3iFvlCdvA4yylRYx8WLvJI19J1K8dmi26BTAVvorNpWgvmSfbmZZHh
Y61T4BAwi1SToXjcCcfu/2Hz7Jqxg3jXrXRmefsCgYEA5mMGs4NA0i3/ClRW4ozP
gRDO5WFFxJViY01YNnp9RgodmEESoXRhM6bJKHSU54fkNkmczcnERM0B9poCByDe
X4HijFddldcjvvwsz17GUg46tCFCQAp6WdDS+zx/058w7TiEYBokM9B+Cx5NAZR7
evr7rU0UFCNXWg3IlmXpIzkCgYBVQol/hd+N2NWfaNWkM6jh2lEkl2UselZCT1A1
Xv8yJLF08fioQtXXhbMVG+rbMJc2budxhJdvOfJBDWe3t75K9TpQRJrneprfo99W
1IxI//+8/E+P/JqEG7502tKipWDFN6tvrkCLfETih6cUX8qQB/jDVEJvtBuUN/se
VQnWiwKBgGrvslD5N2wGmnCxjBdMb2KvCPRq0t28t/D5plHgGpEC6k1rhRHCtXpE
IK+QEb6/DWjqGYaWHamaVEfUVLrKPVA25hAl+nMg9qQYC0cufmN+Ufe9nLn47IY0
NXOdHuhaYsf6g/UQEZKSj2wX9poBfAkXZBWnBYKOn0gfq6KjvW82
-----END RSA PRIVATE KEY-----
B.2. Certificates NOT Using EKU
These certificates do not make use of the EKU specification described
in Draft SIP EKU [14]. Most existing certificates fall in this
category.
ASN.1 dump of Fluffy's certificate.
Version: 3 (0x2)
Serial Number:
02:55:01:38:02:00:00:6a
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=sipit,
OU=Sipit Test Certificate Authority
Validity
Not Before: Apr 30 21:37:01 2009 GMT
Not After : Apr 29 21:37:01 2012 GMT
Subject: C=US, ST=California, L=San Jose, O=sipit,
CN=fluffy@example.com
Subject Public Key Info:
Jennings, et al. Expires July 26, 2010 [Page 50]
Internet-Draft SIP Secure Call Flows January 2010
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c8:4c:e9:f6:18:17:0e:99:48:d5:b6:d9:aa:ea:
c9:78:14:a8:a1:2c:c9:ef:6b:00:7b:0d:73:64:bc:
51:74:5b:bc:9a:48:2a:6d:67:af:53:ae:17:75:61:
55:33:16:c2:8f:f2:1b:7b:e1:f9:64:44:50:3a:48:
42:e2:91:8b:44:25:b3:81:32:d8:03:cc:c5:fc:4b:
2d:10:83:3b:e9:a9:a8:f9:b0:e5:6a:8d:80:82:84:
7e:f9:95:17:c9:2d:d0:50:28:a0:c2:ae:44:53:90:
4b:53:d5:f3:44:85:22:cb:96:99:d3:8e:ff:22:97:
1e:24:e7:3d:c2:89:ce:10:c7:05:65:6a:6d:18:44:
ea:20:ff:25:e1:95:be:1f:03:51:bc:27:fd:70:da:
24:cf:d1:43:33:d0:fe:c2:85:0c:f2:75:51:3f:bf:
bb:b8:8a:ed:99:2f:74:a7:6a:60:a8:31:1f:71:78:
07:c8:d5:63:38:2e:52:3f:2c:27:b6:42:12:0c:d3:
b5:f5:90:89:f7:20:af:0a:0d:a0:a2:99:46:40:6d:
ac:2c:7c:a2:93:7f:f5:70:28:18:af:14:e0:6f:0b:
dc:a9:e6:22:b2:47:0c:91:68:20:1f:ff:18:5f:be:
d1:85:5c:1a:28:f1:71:b4:d1:3b:68:e3:c4:03:d8:
f6:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
URI:sip:fluffy@example.com, URI:im:fluffy@example.com,
URI:pres:fluffy@example.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
2F:A3:00:77:AC:EB:4E:0C:16:99:01:3A:11:A3:6B:29:04:04:44:1A
X509v3 Authority Key Identifier:
6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
DirName:/C=US/ST=California/L=San Jose/O=sipit/
OU=Sipit Test Certificate Authority
serial:00
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Signature Algorithm: sha1WithRSAEncryption
08:26:de:cc:56:64:ae:39:24:9b:07:19:13:28:b4:67:4f:11:
81:97:56:e6:f3:dc:84:12:e4:a6:08:d4:b3:f5:46:35:6c:e5:
90:65:55:52:e6:92:de:b8:2f:f9:e1:fc:ff:45:1b:fe:5b:b0:
37:97:99:b6:d7:54:30:d6:cb:08:e5:55:32:9f:0d:41:c3:76:
49:fa:e7:e6:33:9b:ef:3b:dd:f6:f9:01:a6:61:8c:34:91:33:
86:de:1d:8e:3d:ec:58:a0:f8:d5:f0:db:33:9c:97:40:b9:5f:
7c:7f:b9:01:56:05:85:ad:35:af:9b:0d:c9:82:84:c1:0a:21:
ba:99
Jennings, et al. Expires July 26, 2010 [Page 51]
Internet-Draft SIP Secure Call Flows January 2010
Fluffy's certificate.
-----BEGIN CERTIFICATE-----
MIIEADCCA2mgAwIBAgIIAlUBOAIAAGowDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDMwMjEzNzAxWhcNMTIwNDI5MjEzNzAxWjBiMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJmbHVmZnlAZXhhbXBsZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDITOn2GBcOmUjVttmq6sl4FKih
LMnvawB7DXNkvFF0W7yaSCptZ69Trhd1YVUzFsKP8ht74flkRFA6SELikYtEJbOB
MtgDzMX8Sy0Qgzvpqaj5sOVqjYCChH75lRfJLdBQKKDCrkRTkEtT1fNEhSLLlpnT
jv8ilx4k5z3Cic4QxwVlam0YROog/yXhlb4fA1G8J/1w2iTP0UMz0P7ChQzydVE/
v7u4iu2ZL3SnamCoMR9xeAfI1WM4LlI/LCe2QhIM07X1kIn3IK8KDaCimUZAbaws
fKKTf/VwKBivFOBvC9yp5iKyRwyRaCAf/xhfvtGFXBoo8XG00Tto48QD2PaZAgMB
AAGjggErMIIBJzBRBgNVHREESjBIhhZzaXA6Zmx1ZmZ5QGV4YW1wbGUuY29thhVp
bTpmbHVmZnlAZXhhbXBsZS5jb22GF3ByZXM6Zmx1ZmZ5QGV4YW1wbGUuY29tMAkG
A1UdEwQCMAAwHQYDVR0OBBYEFC+jAHes604MFpkBOhGjaykEBEQaMIGaBgNVHSME
gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
eYIBADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEFBQADgYEACCbezFZkrjkkmwcZ
Eyi0Z08RgZdW5vPchBLkpgjUs/VGNWzlkGVVUuaS3rgv+eH8/0Ub/luwN5eZttdU
MNbLCOVVMp8NQcN2Sfrn5jOb7zvd9vkBpmGMNJEzht4djj3sWKD41fDbM5yXQLlf
fH+5AVYFha01r5sNyYKEwQohupk=
-----END CERTIFICATE-----
Fluffy's private key
Jennings, et al. Expires July 26, 2010 [Page 52]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyEzp9hgXDplI1bbZqurJeBSooSzJ72sAew1zZLxRdFu8mkgq
bWevU64XdWFVMxbCj/Ibe+H5ZERQOkhC4pGLRCWzgTLYA8zF/EstEIM76amo+bDl
ao2AgoR++ZUXyS3QUCigwq5EU5BLU9XzRIUiy5aZ047/IpceJOc9wonOEMcFZWpt
GETqIP8l4ZW+HwNRvCf9cNokz9FDM9D+woUM8nVRP7+7uIrtmS90p2pgqDEfcXgH
yNVjOC5SPywntkISDNO19ZCJ9yCvCg2goplGQG2sLHyik3/1cCgYrxTgbwvcqeYi
skcMkWggH/8YX77RhVwaKPFxtNE7aOPEA9j2mQIDAQABAoIBAQDEaOdiseyqHBUX
u91lhCVa4qcYpNq/MqWeBGqK9T7KYspmXy17api57ZSDPZZWKpNOo5HfwI7Ui0hA
Xmt30FBH2tBSeJDp6Pqbkvv1nTo6vms7rQLJoUfKtDHuewx/8bS7ZZt+S3QknPHA
m6OYJRUhnePpV+dG+/hLJ5WgFZFDUKhXf6+xkfks3N/gi4iqO/fpJZM+2xvjQNqf
l1YmzhWoDWI/mmDR0CSnomlUOKc0khr0WOO2K5yeJTJO8cc2S08KX9Tr+idHZoqK
FC/brIM0J9v5ObNGUqhtpSz97MJ5cvms+QO7gmOJkC/wbeGhIyY19xLJSmAtGso6
mBz/89iBAoGBAPAKzgZOHZgaMEWKaBBqg5QU/M39YXYHCYPDv9UNyPE+amAvGfuV
JZHAz4pOcVzfdkf7eOsX2YcGV4qC/THHfG6/rwIsQcAF5ovuIm28XH60VrMwlcES
jfgx8wZXMIgJZXw9+7fHALh6nttFN0dK7ZyFcZazq1qwoIcFnjSCBX41AoGBANWd
wgJ2ZXwpVFrSVjXjZBotypsuUr+NvadoODX7l/OWlYdee9+jugoimahKHTQr7nBP
AYiqa+5B1GuOBYHNrrQCetiD/1Pc96bRu93Hb1v8/N8qiOobrN8P8ZhvDa1doRLz
BxCNv38Yhi4Anf87GqqnZWVG8r9xlUjPXEjSi7NVAoGAbPRKjZwZXLfOX1IyZ/kg
3i8kjI9NFJifHfrU8Oy/35h4Ck522bXaBq1gxqNSW1hmxMeFHBiIOPyM8acBK/4j
IdXJpw/VjEZhXfRqFisgRLawf8c2whsc66IocCFVOvog4WL1BXbDgfjOcDKbo7WD
4r7DTycgSRrQ0lifda/qtF0CgYBKTZGKYbxzL70Tyk4KeIn9QShUSgymbJsne+zx
eg4kwKBKcecMp1qy484m54C5AP7zOcgCzaS1P1iwALqRqAW4v5QTc/aAKUBLWnDK
d/CYQquCxLzTEcVT4avbpeVQBF1exgITE/skLled8MEEYn6oFYoDbGZLiSqwJNCo
0/Ob8QKBgQDh5zhQd7wfV7DCHhxacso0co9SwIk7IX6/MsrL9vRoPB9qJlJLcLUR
SjJxCycnJq6uA1Fk24KDmiFppe6VB3uAHsOktzGFQ6rN2Y4F6h+XiwlY+pu2nK/3
2dL4K6mIQzObQRvjChesqs/HmdmKxpDGCFH1H7JKEHjoTdHLWie1tQ==
-----END RSA PRIVATE KEY-----
Kumiko's certificate
Jennings, et al. Expires July 26, 2010 [Page 53]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN CERTIFICATE-----
MIIEADCCA2mgAwIBAgIIAlUBOAIAAGswDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDMwMjEzNzAzWhcNMTIwNDI5MjEzNzAzWjBiMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJrdW1pa29AZXhhbXBsZS5uZXQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMo9o0vL0mReda5lLtBEyQFrr4
SG8/bHQ6vgYls+5+S/rwLcEayXRHyPqYoBc5Homl4FZkvtTQFJ96A85SeIhErf7J
yVagTRSUcpk0eOBtlxur0y1O72tmUujMycoa/mMepbHSzvfJtLr4b8BEVA8PluGY
kw8LV21tl8wOExpX9of2QY76Rk8/lhvcW5SGBiKzbTiZaKuyySdGSb6bZKKIeQUw
Hv80AeaacdSk98VxJsMwTypRSLJfRSfPCOTzu5XtGB8QVjIINjnzJRsbt5i/h3Iy
I1SGW/j3RrgKOBP02eg5snoGbfJRwxvuC1nh90k3CmXs/3k+xugIF6Yudz5nAgMB
AAGjggErMIIBJzBRBgNVHREESjBIhhZzaXA6a3VtaWtvQGV4YW1wbGUubmV0hhVp
bTprdW1pa29AZXhhbXBsZS5uZXSGF3ByZXM6a3VtaWtvQGV4YW1wbGUubmV0MAkG
A1UdEwQCMAAwHQYDVR0OBBYEFJRQpMOT7qyBSBOm6uIyMQdmRo+tMIGaBgNVHSME
gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
eYIBADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEFBQADgYEAfqRaxNc9QXObxn3x
LWD4NRLvzrYDKdGeIpHBfqoobA7QrP8Z0eAO2ec8z6p5/MR9gqTRi8eHB6z/DoFx
l0Ilbs31UNUBjS/ymB6+dInXfHbrjOINi1y1i1hRx2gftvMPaTX7eBD+CZLap9j6
wsAIErFUgng4nwt7K4rHOz49Op8=
-----END CERTIFICATE-----
Kumiko's private key
Jennings, et al. Expires July 26, 2010 [Page 54]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzKPaNLy9JkXnWuZS7QRMkBa6+EhvP2x0Or4GJbPufkv68C3B
Gsl0R8j6mKAXOR6JpeBWZL7U0BSfegPOUniIRK3+yclWoE0UlHKZNHjgbZcbq9Mt
Tu9rZlLozMnKGv5jHqWx0s73ybS6+G/ARFQPD5bhmJMPC1dtbZfMDhMaV/aH9kGO
+kZPP5Yb3FuUhgYis204mWirssknRkm+m2SiiHkFMB7/NAHmmnHUpPfFcSbDME8q
UUiyX0Unzwjk87uV7RgfEFYyCDY58yUbG7eYv4dyMiNUhlv490a4CjgT9NnoObJ6
Bm3yUcMb7gtZ4fdJNwpl7P95PsboCBemLnc+ZwIDAQABAoIBAQCF9kVj/KH+Kgi3
0ss6aXQNZzPiUNiytjaoNbkkeVOIzghprioZdQNv8rtJqpNJSxpkwiUMMnhx9u4n
G9K23jymaRi/09OngI4WV6a/WNniI+dzZfzlDYpLI79OQFLTtPACIgn0rJQ9MNis
xcshb72kQOtRzAMvM35pHdPw6sR2C7tgJARA+kd01KWQsDdoUbmoFNus5BIJ2O8f
12fbYmX4BPCByGi3uXywuOKkXrxfVwmP2chlz3NjwA1ptdad6Yfa7vy7Yp2Jg0mN
MHuIohLwolF1jTJExCWe9QPpWzkT5zTTCqFnRyDX953UWiJiizPTDGySsjKcS/Uq
ljJg27ihAoGBAOlLrH6+SIevLq6Z72f73P4xEdZzhXJogOOskijNbjw/uuSHsdEy
SL4mSRL3/GBCpWXjurOJcBtjX98qwdrscZhQ3HW6cEFX9BrcC8LssYk6jcinIIK2
FMh9JpF637wWvo+kiK9dJLSOUW+KTIHSdCOqIEqxVRjfN9Ndk3a0PYIvAoGBAOCO
QRF+UXu3PLlU9Sdkkr+PJbeDwFvHycelwWu1PsvOQb8Xev8ayKh1XfmOU6r79Ke3
IdWyESyqy1gGuhtGXDo7rjg4oKgjz96GA9jBfoC8F3kpotuiuQ0Pz+l3eE/y0qaP
ILgRgQt0UVU/GIlvJ72aLw1oF4TFAgiuULIXOBFJAoGBAI4H1yV2fTu16Gq+JuWc
jadngl+YBwdnHgj+OCGFJ/agKg0Vm6krvuOc9WIJ/ekwyfdlFHZXVxwlfOml402A
I4xCtmUqM0tk26U6kCKE7XUJY+Zj8UQCzFZe8wsgznN5OVzEI773qvANsQCCJx/m
W3SXD3/JxHAW/aq9zpg3FTdbAoGATwJebJxIaUIwsHjvBRxC8fmY6LgHr4NdQMzW
gGI2JRl+UpEdarLu1S7ukMb+M1QRYg1ybzEHD/NMNr2vL7eS7b5f71IlXOO02PPI
WLTEIOGNVMlMjwDzIWBl5BxwDZk/evEzLvChufkEQP1BUeH1VqXwVkRAuitjKtDC
fdbjmFkCgYEAruDA4aeOd6ElmvAXR075Qf+0fg5kgmjq624GGauxfG5armQtvxZe
guoYUETHIzUiyjAnOCak5k5Jad0ZMdOth5vvjSiGfnGDq2U7L4xcQObpZjCdIUVt
tfVJqzOZxpiSeGZEsDbhgXo19ydHxGcPiTs6XD/2h3MlEVoNUT+t9b8=
-----END RSA PRIVATE KEY-----
Certificate for example.com
Jennings, et al. Expires July 26, 2010 [Page 55]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN CERTIFICATE-----
MIIDxTCCAy6gAwIBAgIIAlUBOAIAAGwwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDMwMjEzNzA1WhcNMTIwNDI5MjEzNzA1WjBbMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAK2x9ZEaSvqBVpvdG2iyCO66Ryp0ZY0YI8EH
v/nx1F9ZqUcaJrN8Kv0DGP7mJFxQWy9xaJSL4LU2xvdVEqusr2TXYhTzbTJvFO9S
TdRGqQqwpqKQSvyaxjrTTGC1B2RRUdVvqr+Q1eyiACxiXjnPJxnFAdRVNj/bxz7a
sekrkw2jChBdLBsmq6RRbLpmmxOB7/IIub+pZ+QthqHUFS/I/Y5mHd2QB9VCwMfO
zQUVtik/D4JfwwWFPRR9ScjT2kuIDL55eeqgEfyultBv5pex4O0AHaoU+Ja2o63H
5jcdzuV26Z5A7MoIg1+Xjg5RE0K2OOpMn642lIh2WydqsHYXI+cCAwEAAaOB+DCB
9TAfBgNVHREEGDAWggNjb22GD3NpcDpleGFtcGxlLmNvbTAJBgNVHRMEAjAAMB0G
A1UdDgQWBBQxQBBUszDzhuSJyTDpNZQ+BBLxATCBmgYDVR0jBIGSMIGPgBRrRhcU
6pR2JYBUbhNU2qHjVBShtqF0pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcG
A1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwCwYDVR0P
BAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBABUwuaPt8wiTkxjT0uKn7ouOidr6F9aV
WyZ5KuPnkTPiZWKwyW8SAN9+6iU4BJNvj/3sPxu/lrQy9k+YzJ/a7JHbZgVPVI37
euMOu9SgV2Nc2nakkYwONRnQsnsMBd3NkcL2fgBfV2vVbLNHygaqb1u9XXRr2VWP
x2FiTk+jxdye
-----END CERTIFICATE-----
Private key for example.com
Jennings, et al. Expires July 26, 2010 [Page 56]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEArbH1kRpK+oFWm90baLII7rpHKnRljRgjwQe/+fHUX1mpRxom
s3wq/QMY/uYkXFBbL3FolIvgtTbG91USq6yvZNdiFPNtMm8U71JN1EapCrCmopBK
/JrGOtNMYLUHZFFR1W+qv5DV7KIALGJeOc8nGcUB1FU2P9vHPtqx6SuTDaMKEF0s
GyarpFFsumabE4Hv8gi5v6ln5C2GodQVL8j9jmYd3ZAH1ULAx87NBRW2KT8Pgl/D
BYU9FH1JyNPaS4gMvnl56qAR/K6W0G/ml7Hg7QAdqhT4lrajrcfmNx3O5XbpnkDs
ygiDX5eODlETQrY46kyfrjaUiHZbJ2qwdhcj5wIDAQABAoIBAQCRYwvxUNjBpdEg
1YpDsAHaEQHQf20hFLuYryv5wnnI9fvDEBik06IH9bfOZES7IGey5nJrJEoKZLdV
/1eJaxnEhqQKdVdJh8E2MOYEcMC9ue9A0xZxKfwS8RpVODHfvlGJHdcGUe0+DLuo
aw4DxWktIMHPQSQPf57e9Z9FVLvaBOU8cgqhK62YpzSe53g97EXGKF+rMres/6Mx
hLZIgNKAyPzS7xhUJSYScMk8aWubj/yJ0soGCmB8KWPaFyFsDd40mz0M3I6qEVYc
dFy9cCgsTHdPLRbUqLon5ferQFQhQpZjKhn3a0PxjjnRXcKXqDHSBpVAla5P8ykN
A59L5EBBAoGBANN+f5XZrKTiSYhLJsGC+PU66rUJiCsRNcjCvPKbLKFD31pw4xjY
AoFKwwmoU7NrA93NzC7ijwmnTuhS3IV9TDiEuX3lb5tQPi/fs4LxJwD+p5gd1X7s
rVUjubqtLljPTzRtjnV0vkDgmpl0YubtvQfCzqpARfUxSNeGb+ODAIOLAoGBANI/
LIP8AXr1dG9wM3V759P9DX1SP/zMI4igqw3C1aeDCLJ+baMS6qFq8bler9Qzl8hD
8U6BLCfSiNdYfuACd6pAIJjvYPGyJrQoWihbB7GdrrWUcOCpLgMCa4HjDUtLUyqU
Q9I8EKzDhf5F0Y6IXpWlt35zFA7Br2UWtazOojyVAoGBAMb+300/4xHBWS7Eh1LM
yTL0nKJ6tYTQTKr5kI81MmkKU73lOcjGdpTwo1MS7q6CosCwQs5anfuXUMeIL7Xq
jy0etOmgV8LrXZfuBBnQjcKB2W9notoqF21kj/z1tgYaCYxrCP+7OMgSjWSV/fkK
+DG1On82upxaIw+njt+jA3jBAoGBALVbsTaYp149ZRbLnlf1beC7JGu6C2AxZ2Vv
0p2oN0ysB1CRJlnI84QSEDlqqBlP99nUYc7qNgCT5157A9aPylGdx4Ck3OcgWaqG
NF8jRtu7vPz88vGYfgwyhjIgfVM5wp+0DVzIW0nrzyWrbDya/ZvwuvvkoKSqBnYY
xNYv2FqRAoGAXjAUgIfsjZcx69SwC4GkZdrq3ipoqEUxgPqZl46Nl79WAYaBmCd5
4R8sdhVY8j4+CHxmluv9f3FTqtomCkp1XtjihUtyihKl/xC6Xgk4EnPg88ZaIX70
Dok3E3dzccrCjhdhogYPhKV4vp7n3yB4fh+FutmD7GhTDFM34NlEBuA=
-----END RSA PRIVATE KEY-----
Certificate for example.net
Jennings, et al. Expires July 26, 2010 [Page 57]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN CERTIFICATE-----
MIIDxTCCAy6gAwIBAgIIAlUBOAIAAG0wDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkwHhcNMDkwNDMwMjEzNzA2WhcNMTIwNDI5MjEzNzA2WjBbMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLm5ldDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMbRhCP0KuQJqmOR2Fo/DZx6tx/PpnKhZBpu
Euw8PkFpmQBm/p7MvpzicT/iEwWP48PokCRwwK9uB1tMTMXObyM2cv4q7vwqV8Bp
3afhG2GLwxuoUAl4quS3/31nnnwE2+sKORLrFDQ80lm9G6DRua4AKTXbpsNbHB49
MW6bHe6Yil7YUd5/n+OMu7EDWgyham0rrzjNdbR8gLl+Z6Up9jARWwwaWRKGxJGh
Dl5kWLS5bmlOqNOnomxisttnDwzbrq5aWn5Wz3kjRqlAjgvhtEiotYLDetpILlSt
m3jUYGx8OUzPUSGNYDBxrr4kz2ltidJfdtcbQkQJ/w8NKxeZWekCAwEAAaOB+DCB
9TAfBgNVHREEGDAWggNuZXSGD3NpcDpleGFtcGxlLm5ldDAJBgNVHRMEAjAAMB0G
A1UdDgQWBBSxkh6t3TKqE/MN9yVjRnNfwUyUAjCBmgYDVR0jBIGSMIGPgBRrRhcU
6pR2JYBUbhNU2qHjVBShtqF0pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcG
A1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwCwYDVR0P
BAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBAByhC23DAxjh3PII0wvqZxMh6WbQJ+JB
x2tpAywGbNvEpL7yRqJCwLoMofWsBOnWRVEHl020h9hpqjFTNWhq2XuUh45yedEI
jhFBgOpGn3qWUnGLmbT6iLzCPayrvTSRWpt7NnMyAQJdfRXlZN3gl+czyKegtfki
l9Lb3Ne0UpV+
-----END CERTIFICATE-----
Private key for example.net
Jennings, et al. Expires July 26, 2010 [Page 58]
Internet-Draft SIP Secure Call Flows January 2010
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxtGEI/Qq5AmqY5HYWj8NnHq3H8+mcqFkGm4S7Dw+QWmZAGb+
nsy+nOJxP+ITBY/jw+iQJHDAr24HW0xMxc5vIzZy/iru/CpXwGndp+EbYYvDG6hQ
CXiq5Lf/fWeefATb6wo5EusUNDzSWb0boNG5rgApNdumw1scHj0xbpsd7piKXthR
3n+f44y7sQNaDKFqbSuvOM11tHyAuX5npSn2MBFbDBpZEobEkaEOXmRYtLluaU6o
06eibGKy22cPDNuurlpaflbPeSNGqUCOC+G0SKi1gsN62kguVK2beNRgbHw5TM9R
IY1gMHGuviTPaW2J0l921xtCRAn/Dw0rF5lZ6QIDAQABAoIBAHxgwCDZ9CcaoNyP
deDnRzWYU410EzXtHzmlmPLusSeszwnAZROlFK4Cv0RuwuWc4alCiUIyw2g8FiAY
eILapQ5LVt8Irt9UAfeegwsuOTnp/FIGFqQGOCrDrPKf6za8t3OvvorGQ6p2TkXT
l0AhU961vRIzan0WN133fEAsjCohavopWJfPKVYROsdqOEeqtw1m1QW7a9p3jo/L
4jBw+xyLnlis5D2xxOjDjvRWDP/NEKAoWPBS4+VFRAnLdqOEIAqBVG0Q+SvZ6efy
ViI8xhBMq2rda29rNMZkdK5cEr3X0g44YzC70zWgMuXiOIzLYxCEKw9BfhLQPOFw
YOTNGYECgYEA7Orf2TDxScuESMJh+tlqXjssEbU43K+ox91NVh+U4gvmtWLUHgxC
EYT/j+Fvd2FoRKfhWEoVJ9K24k+admPdDv4YIPxaUuRlSxmo8FeHhzY62Fkv8Gss
sCf7SsJ+HLGZcOlkF7ed/eMn+XzvWgHR6bHqLOIQS2hhslIlm03mVjECgYEA1tUO
sHSDCJ3AjLQeCU0iVn4aDMrA8HlJ4NBJqFnl2sSCZT7nxvs3YIfkTQ35hg6Zz12A
6gF9hcHk87mHDB579qVBHRauAO5czTy1CAGF6e3gzMy1oz4eaFqoV9NMZfkSuaok
egBl4k73C8P9Y/o7L9v6aJZ/hrgaEX8P0j4DeTkCgYEAwNFfocp9dkvWu8jIKXqt
YUfTVA4j2yhzu0ZXXNKTP23kNJfcfyAG3W9a92TIbWavj8D6W/rfQOvzwDh9RAF+
tmcCiEYZ1QDhl7+oiQMT4G24csATjh4L3sqLcIreTMgWU5j/x3W/dhRcQmb1/lEg
4IvWRPUvwc+QQ6srxDwgTOECgYBK0i9og1uzn4WVO5IOeT/RUd/uvprN5eA2HTTa
Hl0wgSpM6si8g3f49bssnwZdiy5Ei3M/jL9T24DK5b3EGcXg1BNGd0So7FuD23XN
UQJ7w658hXtpXFQo0hI5bEz6YvIDmd9UYlkZpZjjDyJsNJVyiLHAxVGq8OmbWF6B
Qbnh+QKBgQCF4xV6Ha7dSRZoU6iPYp2t6y4JRCXf9H1kIJVrFzPv0sfysdwflbJS
XAn+206ShYN6OBPt6f9As6oggw+xzKiiAxHdlhsipuUlQRIUGMIxJ1DQcXtsLp7L
8YeoLWCvYknXw/k5TT3uzrZ6I5GsqzNSzh0jsay91zp/4qrdcnr7fg==
-----END RSA PRIVATE KEY-----
Appendix C. Message Dumps
OPEN ISSUE: All of this binary bit-exact stuff needs to be verified
by other than myself. I'm looking into ways to make this easier for
someone else to review and verify. Any code I make available will be
OpenSSL-centric. -BCH
This section contains a base64 encoded gzipped, compressed tar file
of various CMS messages used in this document. Saving the data in a
file foo.tgz.b64 then running a command like "openssl base64 -d -in
foo.tgz.b64 | tar xfz -" would recover the CMS messages and allow
them to be used as test vectors.
-- BEGIN MESSAGE ARCHIVE --
H4sIAOoQWksCA+xcaUATV9cmYV/CIoriGilisQRmJjNJAEHBhEVJEAjQpFqZ
JBMSyGYSBIOoRaUW14ILWkVcEVRk0brgjhuyVdzB7QUtiFvFutRafYdqK0UU
v764ftw/Se7MPXMyuec8z33OnQjlGopGLpVjFLkm2lWEavU6vwF4o8Hwn690
GvKPV7xBCEDTA0GITqdCCJUK6AEgFQJpemRA7x20OI0WVZPJegK1FFW85ryO
jn+kjc0KC/PxZ5E1UpVHbJxcGqscjiWgcpUMc1VgWnJY4Gg3yBUgmUVIUY+/
Jennings, et al. Expires July 26, 2010 [Page 59]
Internet-Draft SIP Secure Call Flows January 2010
PrlxR4wmQwDDlU53BRkMV5BG8wARAAA9BWpUIZR46dwl/rBgFEXEoCOwjgKL
3SEUpjEAOgohGABQQArlr2OeapVSrfVCYAQASWZsNIHip1THo2qRxoNMx687
QqnQokKtB3loi4diWZxYPPFvD4VKuTfJjKt8fvRl//Gjfmql/NWjPbVotJcA
hejuEIDgV0NlMkog04PMhvxkHGiklC3nxPJj+HKOPBxmR4YAnEiejiMPBIO5
khgeVxbDjwx3xYeFYeM9yCD5+c0kmfkIhZgKd1oeJ9NKVaha66aRRiswkQtZ
iyVo3VQyVKpwIaMqlUwqRLVSpcJNFSvU0CktgfjPfo1I5dLKDCrTYmoFfmgC
9uzeYAothTtRhb18LU+BMk4hQtUTvQQwDQIhWCymCWkoCoo85bh1WbSXRoKC
niq1UqsUKmVeDi+702II1capMYcXFwvCFNFaCf7j0BgkM5IZhdLWelu/Xnzj
VkfweaIRY2oKSyFUiqSKaA+yQKrAfW0xKcFkMuWbWH6Nw54KVI55/ZnYXFV0
zYuRTKlGpdRIW8bgBrT43JLI8X5PCaoQyXBHvNTY+DipGr99YqkMe5WV1/oP
JBNOGJkOSQlIeUAiGBOzkgkH8a59RAIBNAWMjQy/sNQn9gbMX5xCAJMJK/FT
luOnAJMAFWgOmBrphxsY2RLDw0BbwKblg4ntn9NTKlaqFVIUtAGsWnqNbU3C
UAV5pFKDgZaARUsXyczWEJ/tUi3oDAxu6TC3JYe1fCZzMY2WPAJTa6XiltuG
kX3itBKlWqqdSDQhhBK4hPl6/i8cJP3tIIFgqGeQTNArMNHL7bGRJ+8tFqPD
s4sLTk+CzlbyMurnSReYrm0+CCsD2RGiJ9dzmsaPZW6xiN9vufcP357101dN
/tpWtu7hFzmOw/bkdQ+xJHkvTV9qFzpow+e5h+b0uL7Ied8P50K9GWeNUygO
n68QW2kvFQjNnUghNrc3cQnyNaXYYe+E+sq+CXyfGVvJDivMVXxzwYDbaRFx
DoN85n9xr5tJlLHpAw3/ux2kOwHcp30flay3/lL+ZUavteZFjo6nKmupj8G4
axt7DCA2r7/sMax/tcN2dpMNycxkQnb3PuHzGhr6XrZr6CM4ebKZZDZpQ76L
H9Fk27Eh/U3K2H1zTeHcsHG8hV5Hvr3Qc06CAaG9WUmhkMw+3vwvxzQaNBqj
aGUaihrTqN4GBegA/wEEgdviP50Kd+H/u2jPIR2Hc4AcPKotzgeF/V9wnirA
6DQaXQwyRJAYoQrbxXnY3b0tqre5BE4HQU9tS4b9cwjuRCuQ17SD8n+OeAbl
AIDRIHcarTXua9oB/mff49kYCMNjGaWJW8E/R84COcxYkKfzk/PkbB2bGRET
zGXFs3URMn4MJ5bN9Y3h+/NlbB2vPfhvi5VACyx8mFmiVfy/JfbfYfyDAIi0
iX+IjnTx/3fN/18ZWq9aBbyt7NDBKuA18fwmeeL9pob3sTJoj4H/lZpoLYkp
oIVxD/yYaUxX+5dNocRi4yjCt6oCdaz/tM3/MLWL/306+o+7u4CKQDSaO4yJ
hCJI+Ar9B3lv+o87SBe406mtsjyfGYJwuDxdMFcWy4ZYCcGR4fEcJieGExkS
z9FFI2ydnxTP/SAP4n34+g8ECGEhADMwDBIhCJ3WufpPW+udp/90ZLlL/+k8
/YcYTmAQ9fRiXqf/zMcysW+epHVXBXkmFP7MEAyydZtsN6Zf6ObEG9HZhw/3
n+PiYHdySeDF81mohcn4mNSaL6pzhzUOoVlXVaiLzntfRU/S1ydklrrs2Kw8
kzrkqMZZ1zTm5x22N09v/kn+6ORYpNd1eKZia9WRtAaRO+J/fLspp98BYWV9
tdWi7sk7XK/dqIo2spvyc9gC/x1bClnF3YMSo9luO46ZW0ROSJ5rtYBkNjPM
Qj+XUv3ZKPvU/csz1+ZbQVM05uUpCbnOEwsr5xyaPKnh+Kbfk88mCtbHR+Xs
vfd4burxXy+s3TYn9/xn/Ysr1xWvcTy8Td4/4MbRZQ9HLFjUeP7YUhfehuyG
HRW/AMeSmE9WlLc3KT9u+ec5/j/DfkwhVE9UaTFRJzOAjvCfClDb4j8doXfh
/6eC/xACugupCBUBaUIc6KFX4D/tfeE/jQbScbfcW+F/MJMj4XOj41tWe2yI
h2O+r5QD8WCeLlTO8WdROVwWwOMG6oKZ7PeP//8Dpr0RpHWEui22PJ+lEC1+
ihemmIDJlCpMRMHzCPpPKJa/zCQQGvwMNonAC0zUz0omDsS7+hEJejg8ZuDw
uAB/+57hMbYdVNyxRGBY4ZpeZroI2UgoScxb0fTQ2ubXykeBRXtmjxvAzWYH
DGaOu0EpVZ3o/0u9MYG8d9jNhFnM5RtT2N96psSbP8krdYnxTZ49uFoJH7/k
1ONOk0WGzKVxV92qlHTYEawqvONUNVl05LuhV5ftbl5svNiret6FE92Xg1dP
px+grm46sV4xU97HaZOxgXURj3VO3+C6fdq5p2vsmZd9L+y8xpxh1WvJvWSS
2YDrMv0JpYFG3ylM00e5Nk8g2oWM/aFfyboUtFdOuKxSJPvcy+Oh8Yb80slZ
qURf0oF56daD9gY4C43lP/UpehywLCBKebJ/t1vbyoKGgNvKvfJcgp6mOgDW
X265Y5IGTGpFZYB+RqZRKQEETN+AQDSwZk8tMD7dPNTm9LxjS+8OrHSYOrq3
/QxggE++aYa+XlZSpLHy212iUq9RfCCzpGKoTHXbzWJdcACdtX3JrW5FA8+u
XTE2qmcS+es+hcRh9a5nDD3K5s6oS6uddtT/0ee/b2avRYZUd6kWnYb/b2sH
SIfrfxBsW/9BELAL/z8V/KcJ3AUABlAxqjtMRWDGK/Affl/4D2MwKsCA1vjP
Jennings, et al. Expires July 26, 2010 [Page 60]
Internet-Draft SIP Secure Call Flows January 2010
gfD1P7MF7yUyvjwE5wBsgBcjBDlMkTTYPzQmmBmN8JmBENs/8CPY/wEKUSEE
CwRUmlgE0Tpp/U+Hnu//aGO9E/d/dGD5w13/n/nn+v8o3nWwZf3fwlyeLa8N
9doqAKvxk1Z8CApAKxe7NIB2NYC2E/Mj1gBa439L9PwlAnQmEegA/6l0OtAG
/xEYRLrw/1PBfyoDElEZVBj/ccU0EHR/Bf7T3xf+i8RiEGa0rEJbrf/5sWwd
P5Yv50t5MSwq23+kPJjpo+PofGXB3HAw2J8N8bihsRzoI8B/nGKjIoRGFeP0
i46CSKfgP4j/nM8IQFvzb00weNs6xweuQTzfohnQDiojR369a6e/uKjW5Lfd
N36zuUwyI5ZmLTIXV56asRysT/4+c1eS/a8B5aSrTTdmLZul1BDWlC/ITllA
9LM+Yc7h9asffr25/KdB5MaHIr5J3K0jOUf2je12Tew+J79OVJ4knS0wmqDs
pX8ksd54RbfqncftzxYX1+WkTM3s7t3Ul0HyDKoq/M9XynPU2IzCo/dZvX5n
WZw/tWRR0aRpDjM2htYyajGkW1G28Jv8U5nR5y3rYrNuPhp7aYulXlaDfv1t
noUb/TJv4HhRWFTzN/pboxOH+NaM2mIxb+lTwjLi1mzPHpGTizKsfUq8c6Zd
r9BE3Dd6mnPAxJl7YOFuB85I98wtVk9y7Y+vXfw6DcJy/6ru1uiV4CCS2co7
Q+gn2VNHNzuv29nktoFktlRbe2ZQt4NaG1/jJzfXKafWLZx3/2tH75KwuVFx
9k7BdzaEx+sdy3QtJJlt2Oh7qGA2ewjQ90Dx5EH3F0hslg+ijI+09SnYMHe5
X96/C4QuvtoJO5Zfy1evGSzal27R749su32z+WtWS8z3R0tSqb+Lo24QAkck
m9y+fmji17YD70XJoeq+rGuzfTYfIlaKllr0SHq41pSbBvZZL7maqGF6iHtt
OJw5ZcrdZrv1f2y9UXr7+z9gmxlO1+sGj9XbFOc7d0vQmAECeI/F+aC0Dc21
lslryhgWsanoV253f05XPWU3Oh5XXlgpWKHo75jVPQ/LiBcsXUYkV3iPGXD2
aWNtv4bpT1bGyS9G+x1pdhLv+aXOqsjoztKMhT3G1DbQ0rXChBqDisV7nUzT
M26nRF64ywwft47huCf2xrYbuX2WHbtk13i1+wl2VVpST5Ns/8t6zMMMxPua
2mrGFL+iEZPutjcvW9PVt1v5edP6T9v9H1QaDHXxv0+F/4FCukgEAygiFoth
mEZ9Bf+D3hf/Q1AQwC+PteJ/PG4sNZgZGM+B/KQ8bng8258v53HZIJs5UsrW
8aBgpnAiT8eC2f5d9Z//D/Wf13AvRcCqBGMPf9N9kcoyQq5lg7dLn4R5seYH
Tjbv9pnrXbawAlnmypvVeBXhKS0fexavcRWTJAqWwbFRV533YHdCVtYPn7Zw
0rz8nIgq+OTFg8I9TuH9IkPqUmYPSSqg2259OGf70DvTQYvIQsf66vsLxq6a
6sraRlsku716/mdzlxeNJpkpaxv8uU2Urxlx8WWGt1jjfyxemL6ZB+4qsn7w
RL1jhkPI1HWT71/N9INcUotvRh29n0jJrBqXeW6gxGSPXsjg7D7csCrWkC9R
4VD7uJRogxLDeHm8vecaO4jRd6Jh4nibxAjHOMfYB3HHU2vytnuksEGSWZ/q
qTNFobY1T9Iv5JZeri57HflqvAIL8yQP9gsOZSYqBzlsnjraJ+jJozVbVL0F
Kbv2X5y/QJpEMqu2ustJUqrddNmjtozkle4ru7sp7TQoXmBZFEgQntrJz3O+
WZr6bZPe41GLBdyI72sTRv+4adv2sfdtfIbuI1/oqgD9D+3vyg8lXoJqKdFK
LeVZqupEJtDR8z8gAL+k/0Bd+s87aZ2h1XdF0ScQ/2/t6Z83qf9CbZ//ganU
rvj/ZPRfmhjBUzqNJqaidDHyqv3fwPvi/xhDKAQFiLB1/TcmIoYXw4nh6EJ0
HC5fxtOJYtiR+DoAaukXxgdzI2LYUGgs/0PY/9WR/osKqaAYRSAUDzKACog7
t/7b1nrn1X87stylp717Pa3rPwDam5kfbwH47VZ+37D+S6O/9PwX0PX81yeD
/0JIRKeKaTQEAxE6A37V/m/qe9P/MFgkoiL/+P8fZgjE94+I5UeGwDzdSAmf
y5fwmaE4H2ABbObIWI4uFuT4ByZwuCEfPv5jgJAmoFOFmEgIw+40eifXf9ua
76r/vnMNMvVA82f5J20srzOiPPyXdKcmEHr/1i1zcfopSeF2TtWEHrcraJZr
t9PG/ccwgfXAsJs8nGS2cnRQzoP6Ain2kLH+gdtKrVUPpfOPY7QDAwfGG1/B
IzGHCPRguc3LM3ENPFcYr2n0MeFQ8vNvuQVuizujuhz1eHVpIONo0cTxfhkl
Pck5tg236pfk1g0oKdEVqYbX3B1uLl1y/voY65yn68XHI4p37JheJtcftqhc
zk+bpfdZ2awnv++1d5pSKi1Pz+BfuXgi/6LC0nlZo+GZYK+sBwcK51o+Narx
M7/pOX3vzJ7LhteEYoKc4nu6huMJ0uXoqYCwCJJZ8YW7SIkBad9uJ5/9VzLt
V416nQiZWWJD3X/P1/TorOpSLpTgN3X0d1/VTY+6yvpCW44Gr7qiTz9xeFro
6qrSxiNzNt+luUfsnZdU/xAboUCxGV8JNu71uLDkyKxtO7OHLUaHFtRdZu3q
OSJE/1ef2eENxHHlefeIsWf/XRx00dW3TVedS9KXjz+UHjp1lNUh8ZGKXm7s
LOP/OFf+5lqZZleRVMDiyw/w54eUkMWPJ/xy6UTeoUr2paOkM98WSW9+s3N8
05Z99fdWrznmSlvtTE+hl/w4P7spZnDo4WUbClwSo6ydrlFHTNtplC8xdJq5
Jennings, et al. Expires July 26, 2010 [Page 61]
Internet-Draft SIP Secure Call Flows January 2010
StKbczXZ7qsrekm9TEfamlK23lm3zz3KmQg5Op+mhwf51iRdy3h4+EkjoW/E
rE211YUHyVnlabt/WGFZmjlmL6em37krxPM1ket4N76r2CQ+sVo387dVNacy
fw/elHROKkEKMqxFvv28HP/bvh3iIAgAABQ9Ac0TUDQ4A1YO4EzOQiWSZQYG
m1mbxea8gMETaAAPoJvdZNJOdHYu4PbeGX79yfUyqU+veBv354P7eXgsimjU
7KtNnmfv9BkGs9VivFu3h/Jzmy7LR6+ryz8/FgEAAAAAAAAAAPj5Asq+2KcA
eAAA
-- END MESSAGE ARCHIVE --
Authors' Addresses
Cullen Jennings
Cisco Systems
170 West Tasman Drive
Mailstop SJC-21/2
San Jose, CA 95134
USA
Phone: +1 408 421 9990
Email: fluffy@cisco.com
Kumiko Ono
Columbia University
Email: kumiko@cs.columbia.edu
Robert Sparks
Tekelec
17210 Campbell Road
Suite 250
Dallas, TX 75252
USA
Email: rjsparks@estacado.net
Brian Hibbard (editor)
Tekelec
17210 Campbell Road
Suite 250
Dallas, TX 75252
USA
Email: brian@estacado.net
Jennings, et al. Expires July 26, 2010 [Page 62]