Network Working Group                                        C. Jennings
Internet-Draft                                             Cisco Systems
Intended status: Informational                                    K. Ono
Expires: December 16, 2010                           Columbia University
                                                               R. Sparks
                                                         B. Hibbard, Ed.
                                                                 Tekelec
                                                           June 14, 2010


  Example call flows using Session Initiation Protocol (SIP) security
                               mechanisms
                    draft-ietf-sipcore-sec-flows-03

Abstract

   This document shows example call flows demonstrating the use of
   Transport Layer Security (TLS), and Secure/Multipurpose Internet Mail
   Extensions (S/MIME) in Session Initiation Protocol (SIP).  It also
   provides information that helps implementers build interoperable SIP
   software.  To help facilitate interoperability testing, it includes
   certificates used in the example call flows and processes to create
   certificates for testing.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on December 16, 2010.

Copyright Notice



Jennings, et al.        Expires December 16, 2010               [Page 1]


Internet-Draft            SIP Secure Call Flows                June 2010


   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.



























Jennings, et al.        Expires December 16, 2010               [Page 2]


Internet-Draft            SIP Secure Call Flows                June 2010


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Certificates . . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.1.  CA Certificates  . . . . . . . . . . . . . . . . . . . . .  5
     2.2.  Host Certificates  . . . . . . . . . . . . . . . . . . . .  9
     2.3.  User Certificates  . . . . . . . . . . . . . . . . . . . . 10
   3.  Callflow with Message Over TLS . . . . . . . . . . . . . . . . 12
     3.1.  TLS with Server Authentication . . . . . . . . . . . . . . 12
     3.2.  MESSAGE Message Over TLS . . . . . . . . . . . . . . . . . 14
   4.  Callflow with S/MIME-secured Message . . . . . . . . . . . . . 15
     4.1.  MESSAGE Message with Signed Body . . . . . . . . . . . . . 15
     4.2.  MESSAGE Message with Encrypted Body  . . . . . . . . . . . 21
     4.3.  MESSAGE Message with Encrypted and Signed Body . . . . . . 23
   5.  Observed Interoperability Issues . . . . . . . . . . . . . . . 28
   6.  Additional Test Scenarios  . . . . . . . . . . . . . . . . . . 30
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 31
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 31
   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 32
   10. Changelog  . . . . . . . . . . . . . . . . . . . . . . . . . . 32
   11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 34
     11.1. Normative References . . . . . . . . . . . . . . . . . . . 34
     11.2. Informative References . . . . . . . . . . . . . . . . . . 36
   Appendix A.  Making Test Certificates  . . . . . . . . . . . . . . 36
     A.1.  makeCA script  . . . . . . . . . . . . . . . . . . . . . . 37
     A.2.  makeCert script  . . . . . . . . . . . . . . . . . . . . . 41
   Appendix B.  Certificates for Testing  . . . . . . . . . . . . . . 43
     B.1.  Certificates Using EKU . . . . . . . . . . . . . . . . . . 43
     B.2.  Certificates NOT Using EKU . . . . . . . . . . . . . . . . 50
     B.3.  Certificate Chaining with a Non-Root CA  . . . . . . . . . 58
   Appendix C.  Message Dumps . . . . . . . . . . . . . . . . . . . . 64
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 67



















Jennings, et al.        Expires December 16, 2010               [Page 3]


Internet-Draft            SIP Secure Call Flows                June 2010


1.  Introduction

   This document is informational and is not normative on any aspect of
   SIP.

   SIP with TLS (RFC 5246 [14]) implementations are becoming very
   common.  Several implementations of the S/MIME (RFC 3851 [9]) portion
   of SIP (RFC 3261 [3]) are also becoming available.  After several
   interoperability events, it is clear that it is difficult to write
   these systems without any test vectors or examples of "known good"
   messages to test against.  Furthermore, testing at the events is
   often hindered due to the lack of a commonly trusted certificate
   authority to sign the certificates used in the events.  This document
   addresses both of these issues by providing messages that give
   detailed examples that implementers can use for comparison and that
   can also be used for testing.  In addition, this document provides a
   common certificate and private key that can be used to set up a mock
   Certificate Authority (CA) that can be used during the SIP
   interoperability events.  Certificate requests from the users will be
   signed by the private key of the mock CA.  The document also provides
   some hints and clarifications for implementers.

   A simple SIP call flow using SIPS URIs and TLS is shown in Section 3.
   The certificates for the hosts used are shown in Section 2.2, and the
   CA certificates used to sign these are shown in Section 2.1.

   The text from Section 4.1 through Section 4.3 shows some simple SIP
   call flows using S/MIME to sign and encrypt the body of the message.
   The user certificates used in these examples are shown in
   Section 2.3.  These host certificates are signed with the same mock
   CA private key.

   Section 5 presents a partial list of items that implementers should
   consider in order to implement systems that will interoperate.

   Scripts and instructions to make certificates that can be used for
   interoperability testing are presented in Appendix A, along with
   methods for converting these to various formats.  The certificates
   used while creating the examples and test messages in this document
   are made available in Appendix B.

   Binary copies of various messages in this document that can be used
   for testing appear in Appendix C.


2.  Certificates





Jennings, et al.        Expires December 16, 2010               [Page 4]


Internet-Draft            SIP Secure Call Flows                June 2010


2.1.  CA Certificates

   The certificate used by the CA to sign the other certificates is
   shown below.  This is a X509v3 certificate.  Note that the X.509v3
   Basic Constraints in the certificate allows it to be used as a CA,
   certificate authority.  This certificate is not used directly in the
   TLS call flow; it is used only to verify user and host certificates.












































Jennings, et al.        Expires December 16, 2010               [Page 5]


Internet-Draft            SIP Secure Call Flows                June 2010


   Version: 3 (0x2)
   Serial Number:
       96:a3:84:17:4e:ef:8a:4c
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
           OU=Sipit Test Certificate Authority
   Validity
       Not Before: May 10 20:54:48 2010 GMT
       Not After : Apr 16 20:54:48 2110 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit,
           OU=Sipit Test Certificate Authority
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
       RSA Public Key: (1024 bit)
           Modulus (1024 bit):
               00:c6:4d:2b:8b:79:14:07:db:c7:61:88:98:4f:a2:
               7c:e3:61:80:fb:27:05:18:ed:3c:c9:0d:e5:f1:dc:
               92:4e:eb:ce:77:91:4b:e7:f3:68:60:b0:40:00:6f:
               74:5b:4e:1d:c9:97:c8:70:4a:66:fc:13:46:aa:d2:
               98:b0:3e:9a:86:de:3c:20:d1:0b:35:a2:2d:e6:92:
               e6:03:49:b0:db:4c:62:2f:59:86:94:20:69:69:7a:
               0a:16:5a:d5:01:a5:08:06:29:6e:85:a6:ae:a1:01:
               0b:f6:1f:53:c5:95:b0:6e:b0:b4:8d:0e:f9:e9:cb:
               5d:7a:44:21:14:ec:9a:a8:ad
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Subject Key Identifier:
           38:AD:80:84:E2:E0:16:6B:93:9F:89:F8:46:51:67:2C:DA:8D:80:9C
       X509v3 Authority Key Identifier:
           38:AD:80:84:E2:E0:16:6B:93:9F:89:F8:46:51:67:2C:DA:8D:80:9C
           DirName:/C=US/ST=California/L=San Jose/O=sipit/
           OU=Sipit Test Certificate Authority
           serial:96:A3:84:17:4E:EF:8A:4C

       X509v3 Basic Constraints:
           CA:TRUE
       Signature Algorithm: sha1WithRSAEncryption
   2f:08:4d:b4:01:9b:79:ff:af:c8:ce:e5:5d:30:3c:fa:99:3a:
   48:ba:1b:28:f8:7c:ea:d6:4a:17:85:82:e6:49:81:1b:24:bf:
   01:ff:fa:fc:55:12:2b:07:b8:c0:39:fa:10:73:88:59:56:b7:
   7f:96:01:30:af:89:0f:0a:6d:4e:ae:d8:04:ae:94:d4:67:78:
   2a:c4:36:86:4b:e1:4c:a6:6d:46:d9:2c:73:0f:da:fe:8f:ba:
   02:10:09:b7:1b:c6:13:a9:90:a9:02:15:60:61:32:79:c5:e8:
   2b:d8:e4:b1:ba:eb:c7:7f:19:0c:69:b1:c6:92:af:ee:1c:74:
   55:d5


   The ASN.1 parse of the CA certificate is shown below.



Jennings, et al.        Expires December 16, 2010               [Page 6]


Internet-Draft            SIP Secure Call Flows                June 2010


  0:l= 822 cons: SEQUENCE
  4:l= 671 cons:  SEQUENCE
  8:l=   3 cons:   cont [ 0 ]
 10:l=   1 prim:    INTEGER           :02
 13:l=   9 prim:   INTEGER           :96A384174EEF8A4C
 24:l=  13 cons:   SEQUENCE
 26:l=   9 prim:    OBJECT            :sha1WithRSAEncryption
 37:l=   0 prim:    NULL
 39:l= 112 cons:   SEQUENCE
 41:l=  11 cons:    SET
 43:l=   9 cons:     SEQUENCE
 45:l=   3 prim:      OBJECT            :countryName
 50:l=   2 prim:      PRINTABLESTRING   :US
 54:l=  19 cons:    SET
 56:l=  17 cons:     SEQUENCE
 58:l=   3 prim:      OBJECT            :stateOrProvinceName
 63:l=  10 prim:      PRINTABLESTRING   :California
 75:l=  17 cons:    SET
 77:l=  15 cons:     SEQUENCE
 79:l=   3 prim:      OBJECT            :localityName
 84:l=   8 prim:      PRINTABLESTRING   :San Jose
 94:l=  14 cons:    SET
 96:l=  12 cons:     SEQUENCE
 98:l=   3 prim:      OBJECT            :organizationName
103:l=   5 prim:      PRINTABLESTRING   :sipit
110:l=  41 cons:    SET
112:l=  39 cons:     SEQUENCE
114:l=   3 prim:      OBJECT            :organizationalUnitName
119:l=  32 prim:      PRINTABLESTRING  :Sipit Test Certificate Authority
153:l=  32 cons:   SEQUENCE
155:l=  13 prim:    UTCTIME           :100510205448Z
170:l=  15 prim:    GENERALIZEDTIME   :21100416205448Z
187:l= 112 cons:   SEQUENCE
189:l=  11 cons:    SET
191:l=   9 cons:     SEQUENCE
193:l=   3 prim:      OBJECT            :countryName
198:l=   2 prim:      PRINTABLESTRING   :US
202:l=  19 cons:    SET
204:l=  17 cons:     SEQUENCE
206:l=   3 prim:      OBJECT            :stateOrProvinceName
211:l=  10 prim:      PRINTABLESTRING   :California
223:l=  17 cons:    SET
225:l=  15 cons:     SEQUENCE
227:l=   3 prim:      OBJECT            :localityName
232:l=   8 prim:      PRINTABLESTRING   :San Jose
242:l=  14 cons:    SET
244:l=  12 cons:     SEQUENCE
246:l=   3 prim:      OBJECT            :organizationName



Jennings, et al.        Expires December 16, 2010               [Page 7]


Internet-Draft            SIP Secure Call Flows                June 2010


251:l=   5 prim:      PRINTABLESTRING   :sipit
258:l=  41 cons:    SET
260:l=  39 cons:     SEQUENCE
262:l=   3 prim:      OBJECT            :organizationalUnitName
267:l=  32 prim:      PRINTABLESTRING  :Sipit Test Certificate Authority
301:l= 159 cons:   SEQUENCE
304:l=  13 cons:    SEQUENCE
306:l=   9 prim:     OBJECT            :rsaEncryption
317:l=   0 prim:     NULL
319:l= 141 prim:    BIT STRING
  00 30 81 89 02 81 81 00-c6 4d 2b 8b 79 14 07 db   .0.......M+.y...
  c7 61 88 98 4f a2 7c e3-61 80 fb 27 05 18 ed 3c   .a..O.|.a..'...<
  c9 0d e5 f1 dc 92 4e eb-ce 77 91 4b e7 f3 68 60   ......N..w.K..h`
  b0 40 00 6f 74 5b 4e 1d-c9 97 c8 70 4a 66 fc 13   .@.ot[N....pJf..
  46 aa d2 98 b0 3e 9a 86-de 3c 20 d1 0b 35 a2 2d   F....>...< ..5.-
  e6 92 e6 03 49 b0 db 4c-62 2f 59 86 94 20 69 69   ....I..Lb/Y.. ii
  7a 0a 16 5a d5 01 a5 08-06 29 6e 85 a6 ae a1 01   z..Z.....)n.....
  0b f6 1f 53 c5 95 b0 6e-b0 b4 8d 0e f9 e9 cb 5d   ...S...n.......]
  7a 44 21 14 ec 9a a8 ad-02 03 01 00 01            zD!..........
463:l= 213 cons:   cont [ 3 ]
466:l= 210 cons:    SEQUENCE
469:l=  29 cons:     SEQUENCE
471:l=   3 prim:      OBJECT            :X509v3 Subject Key Identifier
476:l=  22 prim:      OCTET STRING
  04 14 38 ad 80 84 e2 e0-16 6b 93 9f 89 f8 46 51   ..8......k....FQ
  67 2c da 8d 80 9c                                 g,....
500:l= 162 cons:     SEQUENCE
503:l=   3 prim:      OBJECT            :X509v3 Authority Key Identifier
508:l= 154 prim:      OCTET STRING
  30 81 97 80 14 38 ad 80-84 e2 e0 16 6b 93 9f 89   0....8......k...
  f8 46 51 67 2c da 8d 80-9c a1 74 a4 72 30 70 31   .FQg,.....t.r0p1
  0b 30 09 06 03 55 04 06-13 02 55 53 31 13 30 11   .0...U....US1.0.
  06 03 55 04 08 13 0a 43-61 6c 69 66 6f 72 6e 69   ..U....Californi
  61 31 11 30 0f 06 03 55-04 07 13 08 53 61 6e 20   a1.0...U....San
  4a 6f 73 65 31 0e 30 0c-06 03 55 04 0a 13 05 73   Jose1.0...U....s
  69 70 69 74 31 29 30 27-06 03 55 04 0b 13 20 53   ipit1)0'..U... S
  69 70 69 74 20 54 65 73-74 20 43 65 72 74 69 66   ipit Test Certif
  69 63 61 74 65 20 41 75-74 68 6f 72 69 74 79 82   icate Authority.
  09 00 96 a3 84 17 4e ef-8a 4c                     ......N..L
665:l=  12 cons:     SEQUENCE
667:l=   3 prim:      OBJECT            :X509v3 Basic Constraints
672:l=   5 prim:      OCTET STRING
  30 03 01 01 ff                                    0....
679:l=  13 cons:  SEQUENCE
681:l=   9 prim:   OBJECT            :sha1WithRSAEncryption
692:l=   0 prim:   NULL
694:l= 129 prim:  BIT STRING
  00 2f 08 4d b4 01 9b 79-ff af c8 ce e5 5d 30 3c   ./.M...y.....]0<



Jennings, et al.        Expires December 16, 2010               [Page 8]


Internet-Draft            SIP Secure Call Flows                June 2010


  fa 99 3a 48 ba 1b 28 f8-7c ea d6 4a 17 85 82 e6   ..:H..(.|..J....
  49 81 1b 24 bf 01 ff fa-fc 55 12 2b 07 b8 c0 39   I..$.....U.+...9
  fa 10 73 88 59 56 b7 7f-96 01 30 af 89 0f 0a 6d   ..s.YV....0....m
  4e ae d8 04 ae 94 d4 67-78 2a c4 36 86 4b e1 4c   N......gx*.6.K.L
  a6 6d 46 d9 2c 73 0f da-fe 8f ba 02 10 09 b7 1b   .mF.,s..........
  c6 13 a9 90 a9 02 15 60-61 32 79 c5 e8 2b d8 e4   .......`a2y..+..
  b1 ba eb c7 7f 19 0c 69-b1 c6 92 af ee 1c 74 55   .......i......tU
  d5                                                .


2.2.  Host Certificates

   The certificate for the host example.com is shown below.  Note that
   the Subject Alternative Name is set to example.com and is a DNS type.
   The certificates for the other hosts are shown in Appendix B.

   Version: 3 (0x2)
   Serial Number:
       49:02:11:01:84:01:5e
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
            OU=Sipit Test Certificate Authority
   Validity
       Not Before: May 11 20:22:56 2010 GMT
       Not After : Apr 17 20:22:56 2110 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit, CN=example.com
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
       RSA Public Key: (2048 bit)
           Modulus (2048 bit):
               00:d1:da:2d:b3:77:42:5f:00:99:1e:f4:b6:6c:51:
               51:bb:0b:20:b3:f9:c7:93:97:ff:02:ac:81:92:d5:
               a1:1c:c9:24:16:46:59:d1:92:1d:0d:bf:66:3a:66:
               c6:5c:aa:3b:07:21:bf:45:40:63:94:20:30:81:e3:
               5f:aa:e6:c7:60:aa:6c:22:8f:47:64:94:9a:71:b1:
               18:51:2e:81:e9:a3:32:64:b4:38:f4:35:eb:da:3f:
               6f:82:f1:7a:4d:dc:e1:c5:e3:05:1b:c1:78:83:48:
               d4:64:6e:98:4b:4e:ce:85:7f:0d:62:5d:1b:8a:72:
               c1:9d:bd:85:dc:37:f0:a7:c1:cc:60:ad:b7:39:cb:
               20:ff:89:9f:65:06:35:93:5b:61:d0:04:1b:a3:d4:
               70:57:d9:d5:c0:52:f4:70:0d:ca:f6:0a:42:8b:52:
               47:e2:a1:cb:0e:17:9d:d6:ea:41:e5:6a:5a:29:a8:
               11:af:52:65:a4:79:8e:4f:ef:fc:ec:a7:3a:ca:56:
               45:b7:87:dd:e9:c7:f9:b7:f7:e8:12:f8:b5:a2:08:
               ce:9e:c4:cc:70:85:a6:e9:d3:cc:76:6d:11:67:b0:
               00:14:a0:55:a6:63:36:fa:c2:e0:bd:45:3c:14:b0:
               ed:88:f6:19:14:d6:c3:a2:79:ca:be:69:52:d0:78:
               f1:fd



Jennings, et al.        Expires December 16, 2010               [Page 9]


Internet-Draft            SIP Secure Call Flows                June 2010


           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Subject Alternative Name:
           DNS:example.com, URI:sip:example.com
       X509v3 Basic Constraints:
           CA:FALSE
       X509v3 Subject Key Identifier:
           AC:96:21:E6:54:7D:E7:1E:A1:F1:58:86:D9:5F:AD:CB:DC:F1:66:92
       X509v3 Authority Key Identifier:
           38:AD:80:84:E2:E0:16:6B:93:9F:89:F8:46:51:67:2C:DA:8D:80:9C
           DirName:/C=US/ST=California/L=San Jose/O=sipit/
            OU=Sipit Test Certificate Authority
           serial:96:A3:84:17:4E:EF:8A:4C

       X509v3 Key Usage:
           Digital Signature, Non Repudiation, Key Encipherment
       X509v3 Extended Key Usage:
           TLS Web Server Authentication, 1.3.6.1.5.5.7.3.20
       Signature Algorithm: sha1WithRSAEncryption
   52:ae:66:df:55:1d:99:3c:9e:17:09:3d:4a:59:19:88:8f:df:
   ee:2b:75:ca:c5:b3:36:ce:37:10:5f:6f:0e:f2:4f:2a:62:34:
   19:5c:7a:3e:a3:cb:99:ae:a7:7c:a6:34:59:a7:43:a3:dc:ef:
   e5:80:86:3f:21:21:95:5b:74:4c:23:e3:1e:1d:14:43:86:48:
   b9:f5:c9:f0:a9:48:a3:1e:52:91:56:d5:ed:b2:56:52:8f:f4:
   02:e8:4c:80:83:e6:0c:aa:e0:d6:b0:5c:75:d2:90:39:52:8b:
   b5:48:dc:68:bc:e5:5c:5c:dd:43:34:af:14:3a:85:60:a3:46:
   17:69


   The example host certificate above, as well as all the others
   presented in this document, are signed directly by a root CA.  These
   certificate chains have a length equal to two: the root CA and the
   host certificate.  Non-root CAs exist and may also sign certificates.
   The certificate chains presented by hosts with certificates signed by
   non-root CAs will have a length greater than two.  For more details
   on how certificate chains are validated, see section 6.1.4 of RFC
   5280 [15].

2.3.  User Certificates

   User certificates are used by many applications to establish user
   identity.  The user certificate for fluffy@example.com is shown
   below.  Note that the Subject Alternative Name has a list of names
   with different URL types such as a sip, im, or pres URL.  This is
   necessary for interoperating with a CPIM gateway.  In this example,
   example.com is the domain for fluffy.  The message could be coming
   from any host in *.example.com, and the AOR in the user certificate
   would still be the same.  The others are shown in Appendix B.1.



Jennings, et al.        Expires December 16, 2010              [Page 10]


Internet-Draft            SIP Secure Call Flows                June 2010


   These certificates make use of the EKU extension discussed in Draft
   SIP EKU [16].  Note that the X509v3 Extended Key Usage attribute
   refers to the SIP OID introduced in Draft SIP EKU [16], which is
   1.3.6.1.5.5.7.3.20

   Version: 3 (0x2)
   Serial Number:
       49:02:11:01:84:01:5c
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
            OU=Sipit Test Certificate Authority
   Validity
       Not Before: May 11 20:22:55 2010 GMT
       Not After : Apr 17 20:22:55 2110 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit,
            CN=fluffy@example.com
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
       RSA Public Key: (2048 bit)
           Modulus (2048 bit):
               00:d5:9d:cf:3e:bd:83:4e:2d:df:c9:bf:86:57:cf:
               0d:26:a9:e9:08:35:45:e7:5f:ae:a3:5d:60:d1:3c:
               2f:6f:db:92:49:fd:05:12:68:6c:d9:ca:66:2d:02:
               e2:20:8a:8a:10:0a:a1:db:ee:b3:6b:c5:39:e6:4a:
               49:b1:41:00:f3:f8:91:07:17:83:40:a6:bc:68:99:
               a6:32:08:4f:4f:34:64:ae:9f:b1:0f:9c:d5:14:96:
               fb:40:62:84:85:b7:ba:38:29:cc:1d:ba:19:83:d9:
               59:21:ba:1e:4b:04:53:f6:aa:a6:68:4d:9a:5f:36:
               90:4d:ae:01:df:58:f2:89:ec:51:c9:a1:20:65:a9:
               de:5c:c9:f3:57:7f:76:56:0d:23:fc:d6:26:e7:01:
               25:75:2a:e4:26:3b:df:db:35:61:02:0c:0f:14:68:
               18:70:13:d6:41:0a:a4:d1:5b:99:7b:32:60:78:7b:
               a8:95:71:80:b5:df:63:fc:ca:f4:9e:f7:a5:a0:0c:
               13:6d:55:ad:17:9d:34:f2:80:66:03:86:a0:a7:83:
               52:0e:ea:b7:49:ea:75:e4:c9:d8:b7:72:37:dd:30:
               b1:33:d4:56:26:e8:33:70:c5:97:db:ba:63:89:3f:
               9c:65:45:51:18:a8:fb:96:14:09:f0:8e:55:01:f7:
               ad:99
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Subject Alternative Name:
           URI:sip:fluffy@example.com, URI:im:fluffy@example.com,
              URI:pres:fluffy@example.com
       X509v3 Basic Constraints:
           CA:FALSE
       X509v3 Subject Key Identifier:
           DD:D5:75:00:3E:4C:15:7C:9C:49:C0:07:10:CB:CA:4E:07:A1:CE:4F
       X509v3 Authority Key Identifier:



Jennings, et al.        Expires December 16, 2010              [Page 11]


Internet-Draft            SIP Secure Call Flows                June 2010


           38:AD:80:84:E2:E0:16:6B:93:9F:89:F8:46:51:67:2C:DA:8D:80:9C
           DirName:/C=US/ST=California/L=San Jose/O=sipit/
            OU=Sipit Test Certificate Authority
           serial:96:A3:84:17:4E:EF:8A:4C

       X509v3 Key Usage:
           Digital Signature, Non Repudiation, Key Encipherment
       X509v3 Extended Key Usage:
           E-mail Protection, 1.3.6.1.5.5.7.3.20
       Signature Algorithm: sha1WithRSAEncryption
   9c:c5:bc:04:88:81:19:35:2b:ba:be:d4:02:8d:41:25:45:95:
   8b:cf:f6:a4:95:bc:5b:d8:eb:87:6a:48:29:34:6c:ef:87:e0:
   e3:73:ca:3a:dd:a3:d2:d6:74:5b:cc:00:7f:28:fc:e4:07:b6:
   5c:e8:72:ea:ee:7d:40:99:58:26:b0:7d:5b:0d:36:e2:9e:b1:
   40:8d:fc:af:f0:f2:60:d8:36:46:7e:a8:fa:2a:47:52:35:71:
   11:ab:ec:fb:28:cf:fa:1d:a9:5d:8b:72:29:67:1d:be:fb:e3:
   bd:5d:c9:57:6d:75:d5:40:b5:77:52:69:b6:c4:1f:ec:03:60:
   1e:a1


   Versions of these certificates that do not make use of EKU are also
   included in Appendix B.2


3.  Callflow with Message Over TLS

3.1.  TLS with Server Authentication

   The flow below shows the edited SSLDump output of the host
   example.com forming a TLS RFC 5246 [14] connection to example.net.
   In this example mutual authentication is not used.  Note that the
   client proposed three protocol suites including
   TLS_RSA_WITH_AES_128_CBC_SHA defined in RFC 3268 [5].  The
   certificate returned by the server contains a Subject Alternative
   Name that is set to example.net.  A detailed discussion of TLS can be
   found in SSL and TLS [22].  For more details on the SSLDump tool, see
   the SSLDump Manual [23].

   This example does not use the Server Extended Hello (see RFC 3546
   [8]).

   New TCP connection #1: example.com(50713) <-> example.net(5061)
   1 1  0.0004 (0.0004)  C>SV3.1(101)  Handshake
         ClientHello
           Version 3.1
           random[32]=
             4c 09 5b a7 66 77 eb 43 52 30 dd 98 4d 09 23 d3
             ff 81 74 ab 04 69 bb 79 8c dc 59 cd c2 1f b7 ec



Jennings, et al.        Expires December 16, 2010              [Page 12]


Internet-Draft            SIP Secure Call Flows                June 2010


           cipher suites
           TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
           TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
           TLS_DHE_RSA_WITH_AES_256_SHA
           TLS_RSA_WITH_AES_256_CBC_SHA
           TLS_DSS_RSA_WITH_AES_256_SHA
           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
           TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
           TLS_DHE_RSA_WITH_AES_128_CBC_SHA
           TLS_RSA_WITH_AES_128_CBC_SHA
           TLS_DHE_DSS_WITH_AES_128_CBC_SHA
           TLS_ECDHE_RSA_WITH_DES_192_CBC3_SHA
           TLS_ECDH_RSA_WITH_DES_192_CBC3_SHA
           TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
           TLS_RSA_WITH_3DES_EDE_CBC_SHA
           TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
           TLS_ECDHE_RSA_WITH_RC4_128_SHA
           TLS_ECDH_RSA_WITH_RC4_128_SHA
           TLS_RSA_WITH_RC4_128_SHA
           TLS_RSA_WITH_RC4_128_MD5
           TLS_DHE_RSA_WITH_DES_CBC_SHA
           TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
           TLS_RSA_WITH_DES_CBC_SHA
           TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
           TLS_DHE_DSS_WITH_DES_CBC_SHA
           TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
           TLS_RSA_EXPORT_WITH_RC4_40_MD5
           compression methods
                     NULL
   1 2  0.0012 (0.0007)  S>CV3.1(48)  Handshake
         ServerHello
           Version 3.1
           random[32]=
             4c 09 5b a7 30 87 74 c7 16 98 24 d5 af 35 17 a7
             ef c3 78 0c 94 d4 94 d2 7b a6 3f 40 04 25 f6 e0
           session_id[0]=

           cipherSuite         TLS_RSA_WITH_AES_256_CBC_SHA
           compressionMethod                   NULL
   1 3  0.0012 (0.0000)  S>CV3.1(1858)  Handshake
         Certificate
   1 4  0.0012 (0.0000)  S>CV3.1(14)  Handshake
         CertificateRequest
           certificate_types                   rsa_sign
           certificate_types                   dss_sign
           certificate_types                 unknown value
         ServerHelloDone
   1 5  0.0043 (0.0031)  C>SV3.1(7)  Handshake



Jennings, et al.        Expires December 16, 2010              [Page 13]


Internet-Draft            SIP Secure Call Flows                June 2010


         Certificate
   1 6  0.0043 (0.0000)  C>SV3.1(262)  Handshake
         ClientKeyExchange
   1 7  0.0043 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
   1 8  0.0043 (0.0000)  C>SV3.1(48)  Handshake
   1 9  0.0129 (0.0085)  S>CV3.1(170)  Handshake
   1 10 0.0129 (0.0000)  S>CV3.1(1)  ChangeCipherSpec
   1 11 0.0129 (0.0000)  S>CV3.1(48)  Handshake
   1 12 0.0134 (0.0005)  C>SV3.1(32)  application_data
   1 13 0.0134 (0.0000)  C>SV3.1(496)  application_data
   1 14 0.2150 (0.2016)  S>CV3.1(32)  application_data
   1 15 0.2150 (0.0000)  S>CV3.1(336)  application_data
   1 16 12.2304 (12.0154)  S>CV3.1(32)  Alert
   1    12.2310 (0.0005)  S>C  TCP FIN
   1 17 12.2321 (0.0011)  C>SV3.1(32)  Alert

3.2.  MESSAGE Message Over TLS

   Once the TLS session is set up, the following MESSAGE message (as
   defined in RFC 3428 [7] is sent from fluffy@example.com to
   kumiko@example.net.  Note that the URI has a SIPS URL and that the
   VIA indicates that TLS was used.  In order to format this document,
   the <allOneLine> convention from RFC 4475 [21] is used to break long
   lines.  The actual message does not contain the linebreaks contained
   within those tags.

   MESSAGE sips:kumiko@example.net:5061 SIP/2.0
   <allOneLine>
   Via: SIP/2.0/TLS 192.0.2.2:15001;
        branch=z9hG4bK-d8754z-33d8961795354459-1---d8754z-;
        rport=50713
   </allOneLine>
   Max-Forwards: 70
   To: <sips:kumiko@example.net:5061>
   From: <sips:fluffy@example.com:15001>;tag=10f47d62
   Call-ID: ODU5YTQzYTMyYjNkZDAyODcyOGJiMWNmOWZmZmY2MGU.
   CSeq: 4308 MESSAGE
   <allOneLine>
   Accept: multipart/signed, text/plain, application/pkcs7-mime,
           application/sdp, multipart/alternative
   </allOneLine>
   Content-Type: text/plain
   Content-Length: 6

   Hello!

   When a UA goes to send a message to example.com, the UA can see if it
   already has a TLS connection to example.com and if it does, it may



Jennings, et al.        Expires December 16, 2010              [Page 14]


Internet-Draft            SIP Secure Call Flows                June 2010


   send the message over this connection.  A UA should have some scheme
   for reusing connections as opening a new TLS connection for every
   message results in awful performance.  Implementers are encouraged to
   read Draft Connection Reuse in SIP [18] and RFC 3263 [4].

   The response is sent from example.net to example.com over the same
   TLS connection.  It is shown below.

   SIP/2.0 200 OK
   <allOneLine>
   Via: SIP/2.0/TLS 192.0.2.2:15001;
        branch=z9hG4bK-d8754z-33d8961795354459-1---d8754z-;
        rport=50713
   </allOneLine>
   To: <sips:kumiko@example.net:5061>;tag=a0d41548
   From: <sips:fluffy@example.com:15001>;tag=10f47d62
   Call-ID: ODU5YTQzYTMyYjNkZDAyODcyOGJiMWNmOWZmZmY2MGU.
   CSeq: 4308 MESSAGE
   Content-Length: 0




4.  Callflow with S/MIME-secured Message

4.1.  MESSAGE Message with Signed Body

   Below is an example of a signed message.  The values on the Content-
   Type line (multipart/signed) and on the Content-Disposition line have
   been broken across lines to fit on the page, but they are not broken
   across lines in actual implementations.




















Jennings, et al.        Expires December 16, 2010              [Page 15]


Internet-Draft            SIP Secure Call Flows                June 2010


   MESSAGE sip:kumiko@example.net SIP/2.0
   <allOneLine>
   Via: SIP/2.0/TCP 192.0.2.2:15001;
        branch=z9hG4bK-d8754z-c947ab3f4ea84000-1---d8754z-;
        rport=50714
   </allOneLine>
   Max-Forwards: 70
   To: <sip:kumiko@example.net>
   From: <sip:fluffy@example.com>;tag=20fad54c
   Call-ID: NTMyZGNlOWRkODAyNGY1ZWM0MDI2ZGVmZDBhZTQwYWI.
   CSeq: 8473 MESSAGE
   <allOneLine>
   Accept: multipart/signed, text/plain, application/pkcs7-mime,
           application/sdp, multipart/alternative
   </allOneLine>
   <allOneLine>
   Content-Type: multipart/signed;boundary=d0c5ff1dcdc8f431;
                 micalg=sha1;protocol="application/pkcs7-signature"
   </allOneLine>
   Content-Length: 772

   --d0c5ff1dcdc8f431
   Content-Type: text/plain
   Content-Transfer-Encoding: binary

   Hello!
   --d0c5ff1dcdc8f431
   Content-Type: application/pkcs7-signature;name=smime.p7s
   <allOneLine>
   Content-Disposition: attachment;handling=required;
                        filename=smime.p7s
   </allOneLine>
   Content-Transfer-Encoding: binary

   *****************
   * BINARY BLOB 1 *
   *****************
   --d0c5ff1dcdc8f431--

   It is important to note that the signature ("BINARY BLOB 1") is
   computed over the MIME headers and body, but excludes the multipart
   boundary lines.  The value on the Message-body line ends with CRLF.
   The CRLF is included in the boundary and is not part of the signature
   computation.  To be clear, the signature is computed over data
   starting with the C in the Content-Type and ending with the o in the
   hello.





Jennings, et al.        Expires December 16, 2010              [Page 16]


Internet-Draft            SIP Secure Call Flows                June 2010


   Content-Type: text/plain
   Content-Transfer-Encoding: binary

   Hello!

   Following is the ASN.1 parsing of encrypted contents referred to
   above as "BINARY BLOB 1".  Note that at address 30, the hash for the
   signature is specified as SHA-1.  Also note that the sender's
   certificate is not attached as it is optional in RFC 3852 [10].

 0  470: SEQUENCE {
 4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15  455:   [0] {
19  451:     SEQUENCE {
23    1:       INTEGER 1
26   11:       SET {
28    9:         SEQUENCE {
30    5:           OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
37    0:           NULL
       :           }
       :         }
39   11:       SEQUENCE {
41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
       :         }
52  418:       SET {
56  414:         SEQUENCE {
60    1:           INTEGER 1
63  123:           SEQUENCE {
65  112:             SEQUENCE {
67   11:               SET {
69    9:                 SEQUENCE {
71    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
76    2:                   PrintableString 'US'
       :                   }
       :                 }
80   19:               SET {
82   17:                 SEQUENCE {
84    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
89   10:                   PrintableString 'California'
       :                   }
       :                 }
 101   17:               SET {
 103   15:                 SEQUENCE {
 105    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
 110    8:                   PrintableString 'San Jose'
       :                   }
       :                 }



Jennings, et al.        Expires December 16, 2010              [Page 17]


Internet-Draft            SIP Secure Call Flows                June 2010


 120   14:               SET {
 122   12:                 SEQUENCE {
 124    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 129    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 136   41:               SET {
 138   39:                 SEQUENCE {
 140    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 145   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 179    7:             INTEGER 49 02 11 01 84 01 5C
       :             }
 188    9:           SEQUENCE {
 190    5:             OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
 197    0:             NULL
       :             }
 199   13:           SEQUENCE {
 201    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 212    0:             NULL
       :             }
 214  256:           OCTET STRING
       :             06 AF 96 EE 1F 64 C9 B5 72 A6 07 F8 BF F7 95 4D
       :             D9 7C D7 F6 CB 00 30 46 D4 EF BA 85 11 8A EB B9
       :             03 8E F8 34 12 99 0C A9 98 53 C7 17 DE E5 66 5D
       :             5B A0 66 A0 93 89 53 1D 06 EC F5 10 1C DC 8B 48
       :             5A 47 49 FB 02 9F 58 96 B5 2B 01 F2 F9 0A 26 7A
       :             08 79 1D 31 78 C0 C9 71 CA 30 4A 5A C5 64 89 80
       :             62 0A FB F5 C9 5F 15 7B 56 2D 7B 3E A1 66 A8 CC
       :             5F 42 BD 4D 5A E1 E0 7B EB 2B E7 C5 48 53 62 4A
       :             D0 AA 28 95 A9 0D E3 3C A0 3E 51 41 1C B1 12 5E
       :             47 AA A2 3A D0 7A 95 E8 6F A8 C6 0D 81 79 FE 03
       :             21 50 91 1B 0A 97 DB 11 4C C8 E6 5F 2F C1 22 27
       :             CF 76 36 1C E0 63 37 95 65 EF BB 7F E7 56 47 5B
       :             C5 A7 1B 76 13 97 6A 13 BD 17 37 1D BC 2B 9A 48
       :             6C 20 E9 0C BE BA 4E 9D 2F 31 3E BA A4 6F EC CA
       :             E4 02 1F 2E AD 88 2F 94 F3 C3 5D 3F BF DF 0A 41
       :             30 17 1A 9F 1D F6 EB B3 7A 0B E1 42 DF 36 45 BB
       :           }
       :         }
       :       }
       :     }



Jennings, et al.        Expires December 16, 2010              [Page 18]


Internet-Draft            SIP Secure Call Flows                June 2010


       :   }


   SHA-1 parameters may be omitted entirely, instead of being set to
   NULL, as mentioned in RFC 3370 [6].  The above dump of Blob 1 has
   SHA-1 parameters set to NULL.  Below are the same contents signed
   with the same key, but omitting the NULL according to RFC 3370 [6].
   This is the preferred encoding.  This is covered in greater detail in
   Section 5.

 0  466: SEQUENCE {
 4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15  451:   [0] {
19  447:     SEQUENCE {
23    1:       INTEGER 1
26    9:       SET {
28    7:         SEQUENCE {
30    5:           OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
       :           }
       :         }
37   11:       SEQUENCE {
39    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
       :         }
50  416:       SET {
54  412:         SEQUENCE {
58    1:           INTEGER 1
61  123:           SEQUENCE {
63  112:             SEQUENCE {
65   11:               SET {
67    9:                 SEQUENCE {
69    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
74    2:                   PrintableString 'US'
       :                   }
       :                 }
78   19:               SET {
80   17:                 SEQUENCE {
82    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
87   10:                   PrintableString 'California'
       :                   }
       :                 }
99   17:               SET {
 101   15:                 SEQUENCE {
 103    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
 108    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
 118   14:               SET {



Jennings, et al.        Expires December 16, 2010              [Page 19]


Internet-Draft            SIP Secure Call Flows                June 2010


 120   12:                 SEQUENCE {
 122    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 127    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 134   41:               SET {
 136   39:                 SEQUENCE {
 138    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 143   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 177    7:             INTEGER 49 02 11 01 84 01 5C
       :             }
 186    7:           SEQUENCE {
 188    5:             OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
       :             }
 195   13:           SEQUENCE {
 197    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 208    0:             NULL
       :             }
 210  256:           OCTET STRING
       :             06 AF 96 EE 1F 64 C9 B5 72 A6 07 F8 BF F7 95 4D
       :             D9 7C D7 F6 CB 00 30 46 D4 EF BA 85 11 8A EB B9
       :             03 8E F8 34 12 99 0C A9 98 53 C7 17 DE E5 66 5D
       :             5B A0 66 A0 93 89 53 1D 06 EC F5 10 1C DC 8B 48
       :             5A 47 49 FB 02 9F 58 96 B5 2B 01 F2 F9 0A 26 7A
       :             08 79 1D 31 78 C0 C9 71 CA 30 4A 5A C5 64 89 80
       :             62 0A FB F5 C9 5F 15 7B 56 2D 7B 3E A1 66 A8 CC
       :             5F 42 BD 4D 5A E1 E0 7B EB 2B E7 C5 48 53 62 4A
       :             D0 AA 28 95 A9 0D E3 3C A0 3E 51 41 1C B1 12 5E
       :             47 AA A2 3A D0 7A 95 E8 6F A8 C6 0D 81 79 FE 03
       :             21 50 91 1B 0A 97 DB 11 4C C8 E6 5F 2F C1 22 27
       :             CF 76 36 1C E0 63 37 95 65 EF BB 7F E7 56 47 5B
       :             C5 A7 1B 76 13 97 6A 13 BD 17 37 1D BC 2B 9A 48
       :             6C 20 E9 0C BE BA 4E 9D 2F 31 3E BA A4 6F EC CA
       :             E4 02 1F 2E AD 88 2F 94 F3 C3 5D 3F BF DF 0A 41
       :             30 17 1A 9F 1D F6 EB B3 7A 0B E1 42 DF 36 45 BB
       :           }
       :         }
       :       }
       :     }
       :   }




Jennings, et al.        Expires December 16, 2010              [Page 20]


Internet-Draft            SIP Secure Call Flows                June 2010


4.2.  MESSAGE Message with Encrypted Body

   Below is an example of an encrypted text/plain message that says
   "hello".  The binary encrypted contents have been replaced with the
   block "BINARY BLOB 2".

   MESSAGE sip:kumiko@example.net SIP/2.0
   <allOneLine>
   Via: SIP/2.0/TCP 192.0.2.2:15001;
        branch=z9hG4bK-d8754z-19883b67d813801b-1---d8754z-;
        rport=50716
   </allOneLine>
   Max-Forwards: 70
   To: <sip:kumiko@example.net>
   From: <sip:fluffy@example.com>;tag=47e96625
   Call-ID: NDg3ZGJjMGVhM2Y4MjdjNjU4ZDYyODhlODZkNGVlOWU.
   CSeq: 3260 MESSAGE
   <allOneLine>
   Accept: multipart/signed, text/plain, application/pkcs7-mime,
           application/sdp, multipart/alternative
   </allOneLine>
   <allOneLine>
   Content-Disposition: attachment;handling=required;
                        filename=smime.p7
   </allOneLine>
   Content-Transfer-Encoding: binary
   <allOneLine>
   Content-Type: application/pkcs7-mime;smime-type=enveloped-data;
                 name=smime.p7m
   </allOneLine>
   Content-Length: 563

   *****************
   * BINARY BLOB 2 *
   *****************

   Following is the ASN.1 parsing of "BINARY BLOB 2".  Note that at
   address 452, the encryption is set to aes128-CBC.

 0  559: SEQUENCE {
 4    9:   OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
15  544:   [0] {
19  540:     SEQUENCE {
23    1:       INTEGER 0
26  407:       SET {
30  403:         SEQUENCE {
34    1:           INTEGER 0
37  123:           SEQUENCE {



Jennings, et al.        Expires December 16, 2010              [Page 21]


Internet-Draft            SIP Secure Call Flows                June 2010


39  112:             SEQUENCE {
41   11:               SET {
43    9:                 SEQUENCE {
45    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
50    2:                   PrintableString 'US'
       :                   }
       :                 }
54   19:               SET {
56   17:                 SEQUENCE {
58    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
63   10:                   PrintableString 'California'
       :                   }
       :                 }
75   17:               SET {
77   15:                 SEQUENCE {
79    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
84    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
94   14:               SET {
96   12:                 SEQUENCE {
98    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 103    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 110   41:               SET {
 112   39:                 SEQUENCE {
 114    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 119   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 153    7:             INTEGER 49 02 11 01 84 01 5D
       :             }
 162   13:           SEQUENCE {
 164    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 175    0:             NULL
       :             }
 177  256:           OCTET STRING
       :             40 0B 31 3C 3D 16 C2 B3 C1 74 C8 A3 08 70 6F FB
       :             DC 1B 40 72 A3 BB 84 0A 54 CA AD A7 5E 93 39 36
       :             D5 0D 29 C8 D9 B0 67 3D 75 88 C7 5B 32 0A 9A 54
       :             01 59 F1 F0 AF 07 65 6B 35 4C 24 B0 D0 2A 57 8D



Jennings, et al.        Expires December 16, 2010              [Page 22]


Internet-Draft            SIP Secure Call Flows                June 2010


       :             E0 99 1F 54 D2 45 7C 49 7B 59 C9 E2 26 FF 8D 79
       :             FC AD 06 67 C3 31 0E 2F FF A9 17 8C 24 AA 79 82
       :             B6 6E EC 87 25 B2 E7 04 88 A4 92 FB 85 AD 9C 26
       :             A2 D2 E8 3D F6 72 DB CD 20 EF C4 F2 0B 0F 0A 02
       :             68 E9 52 B7 2E 69 3B E7 D0 EE 42 9C 9B 3E 0F B5
       :             DA 3B 7B 27 E0 1F D4 76 DE 0A 4B C1 4C 44 51 E8
       :             05 05 FB D8 0D 69 A5 B8 1A 51 08 00 43 E2 45 EA
       :             8D 98 A0 7E 73 53 41 4D CB D1 77 4C FB 81 AA 26
       :             F5 F4 82 6E C9 F4 8B 5E 5C 13 44 F4 D6 E2 57 89
       :             B6 11 DD 60 A4 8A C1 77 48 98 AA BF 82 FA 5C 0E
       :             58 C7 A8 67 48 9E 09 97 51 2E B4 10 B3 9B 3F 62
       :             77 D7 4F 61 C0 E4 AA 70 58 22 4E B4 24 6E 80 4C
       :           }
       :         }
 437  124:       SEQUENCE {
 439    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 450   29:         SEQUENCE {
 452    9:           OBJECT IDENTIFIER
       :             aes128-CBC (2 16 840 1 101 3 4 1 2)
 463   16:           OCTET STRING
       :             22 B3 06 78 4E 7E CF 9B 99 C8 08 2F 93 85 6D 5C
       :           }
 481   80:         [0]
       :           CB F2 22 1B C0 F8 ED 86 6A CB 65 8C 08 7C BE 21
       :           8A 53 3D C5 92 EE 23 E3 8A EA D6 DF B3 22 3A 00
       :           F9 96 4C 5F 8B 75 4F 7E 22 F7 D6 8A D3 13 56 EE
       :           BF B7 D9 24 32 6D F1 0B E8 CF 7C FC 14 90 BE DA
       :           F3 5E 04 38 CC D6 E5 9D 6F AF 44 BF A0 0A 3A 5C
       :         }
       :       }
       :     }
       :   }


4.3.  MESSAGE Message with Encrypted and Signed Body

   In the example below, some of the header values have been split
   across mutliple lines.  Where the lines have been broken, the
   <allOneLine> convention has been used.  This was only done to make it
   fit in the RFC format.  Specifically, the application/pkcs7-mime
   Content-Type line is one line with no whitespace between the "mime;"
   and the "smime-type".  The values are split across lines for
   formatting, but are not split in the real message.  The binary
   encrypted content has been replaced with "BINARY BLOB 3", and the
   binary signed content has been replaced with "BINARY BLOB 4".






Jennings, et al.        Expires December 16, 2010              [Page 23]


Internet-Draft            SIP Secure Call Flows                June 2010


   MESSAGE sip:kumiko@example.net SIP/2.0
   <allOneLine>
   Via: SIP/2.0/TCP 192.0.2.2:15001;
        branch=z9hG4bK-d8754z-540c0075b0e6350b-1---d8754z-;
        rport=50717
   </allOneLine>
   Max-Forwards: 70
   To: <sip:kumiko@example.net>
   From: <sip:fluffy@example.com>;tag=ead36604
   Call-ID: MjhmOTlmMWVmY2ZhNzAxYmZlYzNmODE2YWNhMmU4Zjg.
   CSeq: 5449 MESSAGE
   <allOneLine>
   Accept: multipart/signed, text/plain, application/pkcs7-mime,
           application/sdp, multipart/alternative
   </allOneLine>
   <allOneLine>
   Content-Type: multipart/signed;boundary=f913571e3a21963d;
                 micalg=sha1;protocol="application/pkcs7-signature"
   </allOneLine>
   Content-Length: 1451

   --f913571e3a21963d
   <allOneLine>
   Content-Type: application/pkcs7-mime;smime-type=enveloped-data;
                 name=smime.p7m
   </allOneLine>
   <allOneLine>
   Content-Disposition: attachment;handling=required;
                        filename=smime.p7
   </allOneLine>
   Content-Transfer-Encoding: binary

   *****************
   * BINARY BLOB 3 *
   *****************
   --f913571e3a21963d
   Content-Type: application/pkcs7-signature;name=smime.p7s
   <allOneLine>
   Content-Disposition: attachment;handling=required;
                        filename=smime.p7s
   </allOneLine>
   Content-Transfer-Encoding: binary

   *****************
   * BINARY BLOB 4 *
   *****************
   --f913571e3a21963d--




Jennings, et al.        Expires December 16, 2010              [Page 24]


Internet-Draft            SIP Secure Call Flows                June 2010


   Below is the ASN.1 parsing of "BINARY BLOB 3".

 0  559: SEQUENCE {
 4    9:   OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
15  544:   [0] {
19  540:     SEQUENCE {
23    1:       INTEGER 0
26  407:       SET {
30  403:         SEQUENCE {
34    1:           INTEGER 0
37  123:           SEQUENCE {
39  112:             SEQUENCE {
41   11:               SET {
43    9:                 SEQUENCE {
45    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
50    2:                   PrintableString 'US'
       :                   }
       :                 }
54   19:               SET {
56   17:                 SEQUENCE {
58    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
63   10:                   PrintableString 'California'
       :                   }
       :                 }
75   17:               SET {
77   15:                 SEQUENCE {
79    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
84    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
94   14:               SET {
96   12:                 SEQUENCE {
98    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 103    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 110   41:               SET {
 112   39:                 SEQUENCE {
 114    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 119   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 153    7:             INTEGER 49 02 11 01 84 01 5D



Jennings, et al.        Expires December 16, 2010              [Page 25]


Internet-Draft            SIP Secure Call Flows                June 2010


       :             }
 162   13:           SEQUENCE {
 164    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 175    0:             NULL
       :             }
 177  256:           OCTET STRING
       :             00 50 79 F3 84 E1 0A 63 9E E3 F2 FE 87 5F 81 43
       :             55 6E 5B C9 46 91 B0 FF 15 70 03 8C 07 EC 56 5D
       :             4F F9 8C 22 89 9C 0F EE 81 FB 5C 63 F0 5E 9E DA
       :             AC CC D5 F2 55 CD 04 6F C3 9A 1F 56 C5 F4 FB 08
       :             70 4D 07 79 54 83 AF CA 08 75 4B 4A 2A 2F 56 70
       :             A7 A0 B3 68 2F D0 CF 3F 77 C8 A8 DC B3 E7 81 3E
       :             72 2A 12 6B E6 D9 B7 23 8A B1 3F 27 D6 48 EF 2C
       :             14 35 8A D2 84 22 FB 41 B6 1F 23 39 DC 9A 42 60
       :             CD F6 5F 1C 70 22 20 86 C3 EC 3E 91 D5 62 78 66
       :             A1 01 3D D7 AE 1E 9A 00 38 AC 0E 21 49 C2 4A 9A
       :             9F BF 5D AC 50 F3 B0 39 A4 14 89 A6 F3 DA EC E0
       :             84 D0 B7 2B 00 C0 C0 2A B9 FA EE DE 7A B0 FE CC
       :             D9 1F A3 1F B7 BC 69 D3 9D 84 6B 7A 37 15 4C DB
       :             08 6D 55 F8 F7 38 24 3F 87 F5 66 E2 7F 5F 0F 84
       :             BD 1E 49 16 DD 31 BE BF 1F 7E 3E 07 AE AA 97 52
       :             F2 EA 8B 34 5D 5A 07 72 DB 48 B8 FE D5 41 14 36
       :           }
       :         }
 437  124:       SEQUENCE {
 439    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 450   29:         SEQUENCE {
 452    9:           OBJECT IDENTIFIER
       :             aes128-CBC (2 16 840 1 101 3 4 1 2)
 463   16:           OCTET STRING
       :             4F 3B 58 6A ED 07 FF BC 84 F4 03 CA 98 B2 1F 65
       :           }
 481   80:         [0]
       :           88 11 C3 C3 70 D0 5B E6 48 F5 50 27 C1 C2 F2 F5
       :           31 3D 47 B9 FB 3E E6 AA EB DE 5C 11 40 A7 2A 5A
       :           7C FF 6F 10 66 68 C1 D9 8E B0 36 94 9C 60 90 30
       :           6A 80 0A C6 20 50 F0 E2 03 B6 44 B3 B3 D9 AA 54
       :           A7 EE 12 7D F9 4D 10 56 DC 92 CE 3C C8 9C C2 F0
       :         }
       :       }
       :     }
       :   }


   Below is the ASN.1 parsing of "BINARY BLOB 4".

 0  470: SEQUENCE {



Jennings, et al.        Expires December 16, 2010              [Page 26]


Internet-Draft            SIP Secure Call Flows                June 2010


 4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15  455:   [0] {
19  451:     SEQUENCE {
23    1:       INTEGER 1
26   11:       SET {
28    9:         SEQUENCE {
30    5:           OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
37    0:           NULL
       :           }
       :         }
39   11:       SEQUENCE {
41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
       :         }
52  418:       SET {
56  414:         SEQUENCE {
60    1:           INTEGER 1
63  123:           SEQUENCE {
65  112:             SEQUENCE {
67   11:               SET {
69    9:                 SEQUENCE {
71    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
76    2:                   PrintableString 'US'
       :                   }
       :                 }
80   19:               SET {
82   17:                 SEQUENCE {
84    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
89   10:                   PrintableString 'California'
       :                   }
       :                 }
 101   17:               SET {
 103   15:                 SEQUENCE {
 105    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
 110    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
 120   14:               SET {
 122   12:                 SEQUENCE {
 124    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 129    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 136   41:               SET {
 138   39:                 SEQUENCE {
 140    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)



Jennings, et al.        Expires December 16, 2010              [Page 27]


Internet-Draft            SIP Secure Call Flows                June 2010


 145   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 179    7:             INTEGER 49 02 11 01 84 01 5C
       :             }
 188    9:           SEQUENCE {
 190    5:             OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
 197    0:             NULL
       :             }
 199   13:           SEQUENCE {
 201    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 212    0:             NULL
       :             }
 214  256:           OCTET STRING
       :             25 50 A2 07 12 FC 51 08 BB FD CF A5 58 CB 35 58
       :             46 79 DD D4 B7 E7 35 D7 F1 12 83 AC 94 9A C0 14
       :             D1 B7 9A FA 98 78 52 BA 8E DB A6 14 75 CE 1B 84
       :             1A 02 DD F4 E6 7A F5 83 29 D5 A2 17 DC E9 53 76
       :             EF 22 8E FE 76 CC 82 A9 B4 FB 5D 1B 61 90 5E 1E
       :             1B CF 25 DB 24 8E A8 E1 29 4A A9 E7 BC 1A 2F 03
       :             0B 3A 1C 9B 9B 93 9F E6 79 25 77 B6 54 EB 3D 8D
       :             D4 03 69 D5 A0 52 21 1C 44 F6 73 3E 82 50 0A 00
       :             46 66 85 A1 C0 8A 8A C3 3E 10 02 F4 F9 8E 63 B6
       :             83 3D B2 C2 28 E5 D9 00 92 A5 13 B5 18 7C 01 D4
       :             81 5D 2C 1D DB B7 DB CF 10 5E 7B E7 FC 4B 64 E2
       :             00 94 B0 64 A6 9B 1D 9B BA E7 A2 D9 2D AF 22 C7
       :             5C 04 60 C8 4C C1 6C 9A E5 37 6C 16 C9 00 3A 45
       :             18 83 57 5F 32 17 2B 18 54 B3 3F 9F F0 E4 44 36
       :             30 CF 25 53 95 1F 33 CD 01 78 DF FC 8D E4 47 40
       :             AC 9C 9B 5A 6B 97 04 E3 06 F7 3D CE 18 4C 54 6A
       :           }
       :         }
       :       }
       :     }
       :   }



5.  Observed Interoperability Issues

   This section describes some common interoperability problems.  These
   were observed by the authors at SIPit interoperability events.
   Implementers should be careful to verify that their systems do not
   introduce these common problems, and, when possible, make their
   clients forgiving in what they receive.  Implementations should take



Jennings, et al.        Expires December 16, 2010              [Page 28]


Internet-Draft            SIP Secure Call Flows                June 2010


   extra care to produce reasonable error messages when interacting with
   software that has these problems.

   Some SIP clients incorrectly only do SSLv3 and do not support TLS.

   Many SIP clients were found to accept expired certificates with no
   warning or error.

   When used with SIP, TLS and S/MIME provide the identity of the peer
   that a client is communicating with in the Subject Alternative Name
   in the certificate.  The software checks that this name corresponds
   to the identity the server is trying to contact.  Normative text
   describing path validation can be found in section 7 of Draft SIP
   Domain Certs [17] and section 6 of RFC 5280 [15].  If a client is
   trying to set up a TLS connection to good.example.com and it gets a
   TLS connection set up with a server that presents a valid certificate
   but with the name evil.example.com, it will typically generate an
   error or warning of some type.  Similarly with S/MIME, if a user is
   trying to communicate with sip:fluffy@example.com, one of the items
   in the Subject Alternate Name set in the certificate will need to
   match according to the certificate validation rules in section 23 of
   RFC 3261 [3] and section 6 of RFC 5280 [15].

   Some implementations used binary MIME encodings while others used
   base64.  It is advisable that implementations send only binary and
   are prepared to receive either.

   In several places in this document, the messages contain the encoding
   for the SHA-1 digest algorithm identifier.  The preferred form for
   encoding as set out in Section 2 of RFC 3370 [6] is the form in which
   the optional AlgorithmIdentifier parameter field is omitted.
   However, RFC 3370 also says the recipients need to be able to receive
   the form in which the AlgorithmIdentifier parameter field is present
   and set to NULL.  Examples of the form using NULL can be found in
   Section 4.2 of RFC 4134 [20].  Receivers really do need to be able to
   receive the form that includes the NULL because the NULL form, while
   not preferred, is what was observed as being generated by most
   implementations.  Implementers should also note that if the algorithm
   is MD5 instead of SHA-1, then the form that omits the
   AlgorithmIdentifier parameters field is not allowed and the sender
   has to use the form where the NULL is included.

   The preferred encryption algorithm for S/MIME in SIP is AES as
   defined in RFC 3853 [11].

   Observed S/MIME interoperability has been better when UAs did not
   attach the senders' certificates.  Attaching the certificates
   significantly increases the size of the messages, which should be



Jennings, et al.        Expires December 16, 2010              [Page 29]


Internet-Draft            SIP Secure Call Flows                June 2010


   considered when sending over UDP.  Furthermore, the receiver cannot
   rely on the sender to always send the certificate, so it does not
   turn out to be useful in most situations.


6.  Additional Test Scenarios

   This section provides a non-exhaustive list of tests that
   implementations should perform while developing systems that use
   S/MIME and TLS for SIP.

   Much of the required behavior for inspecting certificates when using
   S/MIME and TLS with SIP is currently underspecified.  The non-
   normative recommendations in this document capture the current
   folklore around that required behavior, guided by both related
   normative works such as RFC 4474 [12] (particulary, section 13.4
   Domain Names and Subordination) and informative works such as RFC
   2818 [19] section 3.1.  To summarize, test plans should:
   o  For S/MIME secured bodies, assure that the peer's URI (address-of-
      record, as per RFC 3261 [3] section 23.3) appears in the
      subjectAltName of the peer's certifcate as a
      uniformResourceIdentifier field.
   o  For TLS, assure that the peer's hostname appears as described in
      Draft SIP Domain Certs [17].  Also:
      *  assure an exact match in a dNSName entry in the subjectAltName
         if there are any dNSNames in the subjectAltName.  Wildcard
         matching is not allowed against these dNSName entries.  See
         section 7.1 of Draft SIP Domain Certs [17].
      *  assure that the most specific CommonName in the Subject field
         matches if there are no dNSName entries in the subjectAltName
         at all (which is not the same as there being no matching
         dNSName entries).  This match can be either exact, or against
         an entry that uses the wildcard matching character '*'
      The peer's hostname is discovered from the initial DNS query in
      the server location process RFC 3263 [4].
   o  IP addresses can appear in subjectAltName (RFC 5280 [15]) of the
      peer's certificate, e.g.  "IP:192.168.0.1".  Note that if IP
      addresses are used in subjectAltName, there are important
      ramifications regarding the use of Record-Route headers that also
      need to be considered.  See section 7.5 of Draft SIP Domain Certs
      [17].  Use of IP addresses instead of domain names is inadvisable.

   For each of these tests, an implementation will proceed past the
   verification point only if the certificate is "good".  S/MIME
   protected requests presenting bad certificate data will be rejected.
   S/MIME protected responses presenting bad certificate information
   will be ignored.  TLS connections involving bad certificate data will
   not be completed.



Jennings, et al.        Expires December 16, 2010              [Page 30]


Internet-Draft            SIP Secure Call Flows                June 2010


   1.   S/MIME : Good peer certificate
   2.   S/MIME : Bad peer certificate (peer URI does not appear in
        subjAltName)
   3.   S/MIME : Bad peer certificate (valid authority chain does not
        end at a trusted CA)
   4.   S/MIME : Bad peer certificate (incomplete authority chain)
   5.   S/MIME : Bad peer certificate (the current time does not fall
        within the period of validity)
   6.   S/MIME : Bad peer certificate (certificate or cert in authority
        chain has been revoked)
   7.   S/MIME : Bad peer certificate ("Digital Signature" is not
        specified as an X509v3 Key Usage)
   8.   TLS : Good peer certificate (hostname appears in dNSName in
        subjAltName)
   9.   TLS : Good peer certificate (no dNSNames in subjAltName,
        hostname appears in CN of Subject)
   10.  TLS : Good peer certificate (CN of Subject empty, and
        subjectAltName extension contains an iPAddress stored in the
        octet string in network byte order form as specified in RFC 791
        [1])
   11.  TLS : Bad peer certificate (no match in dNSNames or in the
        Subject CN)
   12.  TLS : Bad peer certificate (valid authority chain does not end
        at a trusted CA)
   13.  TLS : Bad peer certificate (incomplete authority chain)
   14.  TLS : Bad peer certificate (the current time does not fall
        within the period of validity)
   15.  TLS : Bad peer certificate (certificate or cert in authority
        chain has been revoked)
   16.  TLS : Bad peer certificate ("TLS Web Server Authentication" is
        not specified as an X509v3 Key Usage)
   17.  TLS : Bad peer certificate (Neither "SIP Domain" nor "Any
        Extended Key Usage" specified as an X509v3 Extended Key Usage,
        and X509v3 Extended Key Usage is present)


7.  IANA Considerations

   No IANA actions are required.


8.  Acknowledgments

   Many thanks to the developers of all the open source software used to
   create these call flows.  This includes the underlying crypto and TLS
   software used from openssl.org, the SIP stack from
   www.resiprocate.org, and the SIMPLE IMPP agent from www.sipimp.org.
   The TLS flow dumps were done with SSLDump from



Jennings, et al.        Expires December 16, 2010              [Page 31]


Internet-Draft            SIP Secure Call Flows                June 2010


   http://www.rtfm.com/ssldump.  The book "SSL and TLS" [22] was a huge
   help in developing the code for these flows.  It's sad there is no
   second edition.

   Thanks to Jim Schaad, Russ Housley, Eric Rescorla, Dan Wing, Tat
   Chan, and Lyndsay Campbell who all helped find and correct mistakes
   in this document.

   Vijay Gurbani and Alan Jeffrey contributed much of the additional
   test scenario content.


9.  Security Considerations

   Implementers must never use any of the certificates provided in this
   document in anything but a test environment.  Installing the CA root
   certificates used in this document as a trusted root in operational
   software would completely destroy the security of the system while
   giving the user the impression that the system was operating
   securely.

   This document recommends some things that implementers might test or
   verify to improve the security of their implementations.  It is
   impossible to make a comprehensive list of these, and this document
   only suggests some of the most common mistakes that have been seen at
   the SIPit interoperability events.  Just because an implementation
   does everything this document recommends does not make it secure.

   This document does not show any messages to check certificate
   revocation status (see section 3.3 of RFC 5280 [15]) as that is not
   part of the SIP call flow.  The expectation is that revocation status
   is checked regularly to protect against the possibility of
   certificate compromise or repudiation.  For more information on how
   certificate revocation status can be checked, see RFC 2560 [2]
   (Online Certificate Status Protocol) and RFC 5055 [13] (Server-Based
   Certificate Validation Protocol).


10.  Changelog

   (RFC Editor: remove this section)

   -02 to -03
      *  Re-worded "should" and "must" so that the document doesn't
         sound like it is making normative statements.  Actual normative
         behavior is referred to in the respective RFCs.





Jennings, et al.        Expires December 16, 2010              [Page 32]


Internet-Draft            SIP Secure Call Flows                June 2010


      *  Section 5: re-worded paragraphs 4 and 5 regarding
         subjectAltName, and added references.
      *  Section 6: added references, clarified use of IP addresses, and
         clarified which From/To URI is used for comparison (from RFC
         3261 section 23.2).  Added an EKU test case.
      *  Section 9: added text about certificate revocation checking.
      *  Appendix B.3: new section to present certificate chains longer
         than 2 (non-root CA).
      *  Made examples consistently use <allOneLine> convention.
      *  CSeq looks more random.
      *  Serial numbers in certs are non-zero.
      *  All flows re-generated using new certs.  IP addresses conform
         to RFC 5737.
      *  Updated references.
   -01 to -02
      *  Draft is now informational, not standards track.  Normative-
         sounding language and references to RFC 2119 removed.
      *  Add TODO: change "hello" to "Hello!" in example flows for
         consistency.
      *  Add TODO: Fix subjectAltName DNS:com to DNS:example.com and
         DNS:net to DNS:example.net.
      *  Add TODO: use allOneLine convention from RFC4475.
      *  Section 3: updated open issue regarding contact headers in
         MESSAGE.
      *  Section 3.2: added some text about RFC 3263 and connection
         reuse and closed open issue.
      *  Section 5: clarified text about sender attaching certs, closed
         issue.
      *  Section 5: clarified text about observed problems, closed
         issue.
      *  Section 5: closed issue about clients vs. servers vs. proxies.
      *  Section 6: updated section text and open issue where IP address
         is in subjectAltName.
      *  Section 6: added normative references and closed "folklore"
         issue.
      *  Section 6: added cases about cert usage and broken chains,
         updated OPEN ISSUE: we need a SIP EKU example.
      *  References: updated references to drafts and re-categorized
         informative vs. normative.
      *  Section 9: added some text about revocation status and closed
         issue.
      *  Appendix B: open issue: do we need non-root-CA certs and host
         certs signed by them for help in testing cases in Section 6?
      *  Miscellaneous minor editorial changes.







Jennings, et al.        Expires December 16, 2010              [Page 33]


Internet-Draft            SIP Secure Call Flows                June 2010


   -00 to -01
      *  Addition of OPEN ISSUES.
      *  Numerous minor edits from mailing list feedback.
   to -00
      *  Changed RFC 3369 references to RFC 3852.
      *  Changed draft-ietf-sip-identity references to RFC 4474.
      *  Added an ASN.1 dump of CMS signed content where SHA-1
         parameters are omitted instead of being set to ASN.1 NULL.
      *  Accept headers added to messages.
      *  User and domain certificates are generated with EKU as
         specified in Draft SIP EKU [16].
      *  Message content that is shown is computed using certificates
         generated with EKU.
      *  Message dump archive returned.
      *  Message archive contains messages formed with and without EKU
         certificates.
   prior to -00
      *  Incorporated the Test cases from Vijay Gurbani's and Alan
         Jeffrey's Use of TLS in SIP draft
      *  Began to capture the folklore around where identities are
         carried in certificates for use with SIP
      *  Removed the message dump archive pending verification (will
         return in -02)


11.  References

11.1.  Normative References

   [1]   Postel, J., "Internet Protocol", STD 5, RFC 791,
         September 1981.

   [2]   Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. Adams,
         "X.509 Internet Public Key Infrastructure Online Certificate
         Status Protocol - OCSP", RFC 2560, June 1999.

   [3]   Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
         Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
         Session Initiation Protocol", RFC 3261, June 2002.

   [4]   Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol
         (SIP): Locating SIP Servers", RFC 3263, June 2002.

   [5]   Chown, P., "Advanced Encryption Standard (AES) Ciphersuites for
         Transport Layer Security (TLS)", RFC 3268, June 2002.

   [6]   Housley, R., "Cryptographic Message Syntax (CMS) Algorithms",
         RFC 3370, August 2002.



Jennings, et al.        Expires December 16, 2010              [Page 34]


Internet-Draft            SIP Secure Call Flows                June 2010


   [7]   Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., and
         D. Gurle, "Session Initiation Protocol (SIP) Extension for
         Instant Messaging", RFC 3428, December 2002.

   [8]   Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and
         T. Wright, "Transport Layer Security (TLS) Extensions",
         RFC 3546, June 2003.

   [9]   Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions
         (S/MIME) Version 3.1 Message Specification", RFC 3851,
         July 2004.

   [10]  Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852,
         July 2004.

   [11]  Peterson, J., "S/MIME Advanced Encryption Standard (AES)
         Requirement for the Session Initiation Protocol (SIP)",
         RFC 3853, July 2004.

   [12]  Peterson, J. and C. Jennings, "Enhancements for Authenticated
         Identity Management in the Session Initiation Protocol (SIP)",
         RFC 4474, August 2006.

   [13]  Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. Polk,
         "Server-Based Certificate Validation Protocol (SCVP)",
         RFC 5055, December 2007.

   [14]  Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
         Protocol Version 1.2", RFC 5246, August 2008.

   [15]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley,
         R., and W. Polk, "Internet X.509 Public Key Infrastructure
         Certificate and Certificate Revocation List (CRL) Profile",
         RFC 5280, May 2008.

   [16]  Lawrence, S. and V. Gurbani, "Using Extended Key Usage (EKU)
         for Session Initiation Protocol (SIP) X.509 Certificates",
         draft-ietf-sip-eku-08 (work in progress), October 2009.

   [17]  Gurbani, V., Lawrence, S., and B. Laboratories, "Domain
         Certificates in the Session Initiation Protocol (SIP)",
         draft-ietf-sip-domain-certs-07 (work in progress), May 2010.

   [18]  Gurbani, V., Mahy, R., and B. Tate, "Connection Reuse in the
         Session Initiation Protocol (SIP)",
         draft-ietf-sip-connect-reuse-14 (work in progress),
         August 2009.




Jennings, et al.        Expires December 16, 2010              [Page 35]


Internet-Draft            SIP Secure Call Flows                June 2010


11.2.  Informative References

   [19]  Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

   [20]  Hoffman, P., "Examples of S/MIME Messages", RFC 4134,
         July 2005.

   [21]  Sparks, R., Hawrylyshen, A., Johnston, A., Rosenberg, J., and
         H. Schulzrinne, "Session Initiation Protocol (SIP) Torture Test
         Messages", RFC 4475, May 2006.

   [22]  Rescorla, E., "SSL and TLS - Designing and Building Secure
         Systems", 2001.

   [23]  Rescorla, E., "SSLDump manpage".


Appendix A.  Making Test Certificates

   These scripts allow you to make certificates for test purposes.  The
   certificates will all share a common CA root so that everyone running
   these scripts can have interoperable certificates.  WARNING - these
   certificates are totally insecure and are for test purposes only.
   All the CA created by this script share the same private key to
   facilitate interoperability testing, but this totally breaks the
   security since the private key of the CA is well known.

   The instructions assume a Unix-like environment with openssl
   installed, but openssl does work in Windows too.  OpenSSL version
   0.9.8j was used to generate the certificates used in this document.
   Make sure you have openssl installed by trying to run "openssl".  Run
   the makeCA script found in Appendix A.1; this creates a subdirectory
   called demoCA.  If the makeCA script cannot find where your openssl
   is installed you will have to set an environment variable called
   OPENSSLDIR to whatever directory contains the file openssl.cnf.  You
   can find this with a "locate openssl.cnf".  You are now ready to make
   certificates.

   To create certs for use with TLS, run the makeCert script found in
   Appendix A.2 with the fully qualified domain name of the proxy you
   are making the certificate for.  For example, "makeCert
   host.example.net".  This will generate a private key and a
   certificate.  The private key will be left in a file named
   domain_key_example.net.pem in pem format.  The certificate will be in
   domain_cert_example.net.pem.  Some programs expect both the
   certificate and private key combined together in a PKCS12 format
   file.  This is created by the script and left in a file named
   example.net.p12.  Some programs expect this file to have a .pfx



Jennings, et al.        Expires December 16, 2010              [Page 36]


Internet-Draft            SIP Secure Call Flows                June 2010


   extension instead of .p12 - just rename the file if needed.  A file
   with a certificate signing request, called example.net.csr, is also
   created and can be used to get the certificate signed by another CA.

   A second argument indicating the number of days for which the
   certificate should be valid can be passed to the makeCert script.  It
   is possible to make an expired certificate using the command
   "makeCert host.example.net 0".

   Anywhere that a password is used to protect a certificate, the
   password is set to the string "password".

   The root certificate for the CA is in the file
   root_cert_fluffyCA.pem.

   For things that need DER format certificates, a certificate can be
   converted from PEM to DER with "openssl x509 -in cert.pem -inform PEM
   -out cert.der -outform DER".

   Some programs expect certificates in PKCS#7 format (with a file
   extension of .p7c).  You can convert these from PEM format to PKCS#7
   with "openssl crl2pkcs7 -nocrl -certfile cert.pem -certfile demoCA/
   cacert.pem -outform DER -out cert.p7c"

   IE (version 8), Outlook Express (version 6), and Firefox (version
   3.5) can import and export .p12 files and .p7c files.  You can
   convert a pkcs7 certificate to PEM format with "openssl pkcs7 -in
   cert.p7c -inform DER -outform PEM -out cert.pem".

   The private key can be converted to pkcs8 format with "openssl pkcs8
   -in a_key.pem -topk8 -outform DER -out a_key.p8c"

   In general, a TLS client will just need the root certificate of the
   CA.  A TLS server will need its private key and its certificate.
   These could be in two PEM files, a single file with both certificate
   and private key PEM sections, or a single .p12 file.  An S/MIME
   program will need its private key and certificate, the root
   certificate of the CA, and the certificate for every other user it
   communicates with.

A.1.  makeCA script

   #!/bin/sh
   set -x

   rm -rf demoCA

   mkdir demoCA



Jennings, et al.        Expires December 16, 2010              [Page 37]


Internet-Draft            SIP Secure Call Flows                June 2010


   mkdir demoCA/certs
   mkdir demoCA/crl
   mkdir demoCA/newcerts
   mkdir demoCA/private
   # This is done to generate the exact serial number used for the RFC
   echo "4902110184015C" > demoCA/serial
   touch demoCA/index.txt

   # You may need to modify this for where your default file is
   # you can find where yours in by typing "openssl ca"
   for D in /etc/ssl /usr/local/ssl /sw/etc/ssl /sw/share/ssl; do
     CONF=${OPENSSLDIR:=$D}/openssl.cnf
     [ -f ${CONF} ] && break
   done

   CONF=${OPENSSLDIR}/openssl.cnf


   if [ ! -f $CONF  ]; then
       echo "Can not find file $CONF - set your OPENSSLDIR variable"
       exit
   fi
   cp $CONF openssl.cnf

   cat >> openssl.cnf  <<EOF
   [ sipdomain_cert ]
   subjectAltName=\${ENV::ALTNAME}
   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment
   extendedKeyUsage=serverAuth,1.3.6.1.5.5.7.3.20

   [ sipdomain_req ]
   basicConstraints = CA:FALSE
   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   [ sipuser_cert ]
   subjectAltName=\${ENV::ALTNAME}
   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment
   extendedKeyUsage=emailProtection,1.3.6.1.5.5.7.3.20

   [ sipuser_req ]
   basicConstraints = CA:FALSE



Jennings, et al.        Expires December 16, 2010              [Page 38]


Internet-Draft            SIP Secure Call Flows                June 2010


   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   [ sipdomain_noeku_cert ]
   subjectAltName=\${ENV::ALTNAME}
   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment

   [ sipdomain_noeku_req ]
   basicConstraints = CA:FALSE
   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   [ sipuser_noeku_cert ]
   subjectAltName=\${ENV::ALTNAME}
   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment

   [ sipuser_noeku_req ]
   basicConstraints = CA:FALSE
   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   EOF


   cat > demoCA/private/cakey.pem <<EOF
   -----BEGIN RSA PRIVATE KEY-----
   Proc-Type: 4,ENCRYPTED
   DEK-Info: DES-EDE3-CBC,9D378A3D852EE5F0

   v4nyT2zSrdk4xhdngH3usAEf7tz+MZXImcKMconstvTcbAd6aootPJnHk+ZZYy9M
   7fOkLvlQKgh/gzKGOQwBqcjzdujoM7KWlCYYs/+4nTMFtQBKKkwnqB4gNOe7h/qC
   9eO0xnXZsTzfcD5XuVCyrC89dzPUDkfwR+tq4WmEtA9EsEWe4V2t0x82puUWHLV0
   HFBnNRpEwuwhaOvWEeX50MD/TrknFMm8mEa84bX+v5C6ziKaSiC2IMPy+s2wXNvm
   NsiCbWeVnECHoGaHHrJ2TZLiwm+DUFA+cyNMjMbBgr6a9piS9vwX327xcSeIT7LZ
   BmNWIiKXr7HWz8hcZq/mntXme1r5TCFivYluUH/DeHlZoBzQFoURbFQsnKS6wqK2
   Qd8hXZtjHv9sQfmdrZ4Js7QNNMFkA1Y+Fqnj3WhjDV9yBJZuTmRoDuwLyKtSiY9z
   sJa0h4E+ixLtqf84DnsnxL1Su1uEPwXIqaNgfTRWo5Xar2z7D+b4MS4ytNLo+3kz
   ENfF54pSYRDp9vc25SU/CdTIlk+KjGBM07pMOQqrvlgRnA3PeOleBAuQfE9drcu1
   fcpFcBAc1IPRHMp1/LvyJuceVqqeTAbjZCdJz/tGVTS0TMzbtYkTBX7yKuWFzyp7
   RRJcH4v4B+eFqs2nVNXg25IdGLt6em5qWIZEx/7xWJNqX0R3R92kQJPPP+mGv/ud
   xzkelLww2C1+jMVeTjLPzCZPnahzzWzx8sh2LnNbSLe3chgrIkyem2ywwx7gTJ6X
   zbCbBM8mGremEoRpBIcytCB6T0lghxf9k0OHdZ8WEyhwjvG12Xtciw==



Jennings, et al.        Expires December 16, 2010              [Page 39]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----END RSA PRIVATE KEY-----
   EOF

   cat > demoCA/cacert.pem <<EOF
   -----BEGIN CERTIFICATE-----
   MIIDNjCCAp+gAwIBAgIJAJajhBdO74pMMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
   BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEO
   MAwGA1UEChMFc2lwaXQxKTAnBgNVBAsTIFNpcGl0IFRlc3QgQ2VydGlmaWNhdGUg
   QXV0aG9yaXR5MCAXDTEwMDUxMDIwNTQ0OFoYDzIxMTAwNDE2MjA1NDQ4WjBwMQsw
   CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpv
   c2UxDjAMBgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmlj
   YXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxk0ri3kU
   B9vHYYiYT6J842GA+ycFGO08yQ3l8dySTuvOd5FL5/NoYLBAAG90W04dyZfIcEpm
   /BNGqtKYsD6aht48INELNaIt5pLmA0mw20xiL1mGlCBpaXoKFlrVAaUIBiluhaau
   oQEL9h9TxZWwbrC0jQ756ctdekQhFOyaqK0CAwEAAaOB1TCB0jAdBgNVHQ4EFgQU
   OK2AhOLgFmuTn4n4RlFnLNqNgJwwgaIGA1UdIwSBmjCBl4AUOK2AhOLgFmuTn4n4
   RlFnLNqNgJyhdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
   MREwDwYDVQQHEwhTYW4gSm9zZTEOMAwGA1UEChMFc2lwaXQxKTAnBgNVBAsTIFNp
   cGl0IFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggkAlqOEF07vikwwDAYDVR0T
   BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAvCE20AZt5/6/IzuVdMDz6mTpIuhso
   +Hzq1koXhYLmSYEbJL8B//r8VRIrB7jAOfoQc4hZVrd/lgEwr4kPCm1OrtgErpTU
   Z3gqxDaGS+FMpm1G2SxzD9r+j7oCEAm3G8YTqZCpAhVgYTJ5xegr2OSxuuvHfxkM
   abHGkq/uHHRV1Q==
   -----END CERTIFICATE-----
   EOF


   # uncomment the following lines to generate your own key pair

   # hexdump -n 4 -e '4/1 "%04u"' /dev/random > demoCA/serial

   # openssl req -newkey rsa:1024 -passin pass:password \
   #     -passout pass:password \
   #     -sha1 -x509 -keyout demoCA/private/cakey.pem \
   #     -out demoCA/cacert.pem -days 36500 -config ${CONF} <<EOF
   # US
   # California
   # San Jose
   # sipit
   # Sipit Test Certificate Authority
   #
   #
   # EOF

   openssl crl2pkcs7 -nocrl -certfile demoCA/cacert.pem \
           -outform DER -out demoCA/cacert.p7c

   cp demoCA/cacert.pem root_cert_fluffyCA.pem



Jennings, et al.        Expires December 16, 2010              [Page 40]


Internet-Draft            SIP Secure Call Flows                June 2010


A.2.  makeCert script

  #!/bin/sh
  set -x

  # Make a symbolic link to this file called "makeUserCert"
  # if you wish to use it to make certs for users.

  # ExecName=$(basename $0)
  #
  # if [ ${ExecName} == "makeUserCert" ]; then
  #   ExtPrefix="sipuser"
  # elif [ ${ExecName} == "makeEkuUserCert" ]; then
  #   ExtPrefix="sipuser_eku"
  # elif [ ${ExecName} == "makeEkuCert" ]; then
  #   ExtPrefix="sipdomain_eku"
  # else
  #   ExtPrefix="sipdomain"
  # fi


  if [  $# == 3  ]; then
    DAYS=36500
  elif [ $# == 4 ]; then
    DAYS=$4
  else
    echo "Usage: makeCert test.example.org user|domain eku|noeku [days]"
    echo "       makeCert alice@example.org [days]"
    echo "days is how long the certificate is valid"
    echo "days set to 0 generates an invalid certificate"
    exit 0
  fi

  ExtPrefix="sip"${2}

  if [ $3 == "noeku" ]; then
    ExtPrefix=${ExtPrefix}"_noeku"
  fi



  DOMAIN=`echo $1 | perl -ne '{print "$1\n" if (/(\w+\..*)$/)}'   `
  ADDR=$1
  echo "making cert for $DOMAIN ${ADDR}"

  rm -f ${ADDR}_*.pem
  rm -f ${ADDR}.p12




Jennings, et al.        Expires December 16, 2010              [Page 41]


Internet-Draft            SIP Secure Call Flows                June 2010


  case ${ADDR} in
  *:*) ALTNAME="URI:${ADDR}" ;;
  *@*) ALTNAME="URI:sip:${ADDR},URI:im:${ADDR},URI:pres:${ADDR}" ;;
  *)   ALTNAME="DNS:${DOMAIN},URI:sip:${ADDR}" ;;
  esac

  rm -f demoCA/index.txt
  touch demoCA/index.txt
  rm -f demoCA/newcerts/*

  export ALTNAME

  openssl genrsa  -out ${ADDR}_key.pem 2048
  openssl req -new  -config openssl.cnf -reqexts ${ExtPrefix}_req \
          -sha1 -key ${ADDR}_key.pem \
          -out ${ADDR}.csr -days ${DAYS} <<EOF
  US
  California
  San Jose
  sipit

  ${ADDR}



  EOF

  if [ $DAYS == 0 ]; then
  openssl ca -extensions ${ExtPrefix}_cert -config openssl.cnf \
      -passin pass:password -policy policy_anything \
      -md sha1 -batch -notext -out ${ADDR}_cert.pem \
      -startdate 990101000000Z \
      -enddate 000101000000Z \
       -infiles ${ADDR}.csr
  else
  openssl ca -extensions ${ExtPrefix}_cert -config openssl.cnf \
      -passin pass:password -policy policy_anything \
      -md sha1 -days ${DAYS} -batch -notext -out ${ADDR}_cert.pem \
       -infiles ${ADDR}.csr
  fi

  openssl pkcs12 -passin pass:password \
      -passout pass:password -export \
      -out ${ADDR}.p12 -in ${ADDR}_cert.pem \
      -inkey ${ADDR}_key.pem -name ${ADDR} -certfile demoCA/cacert.pem

  openssl x509 -in ${ADDR}_cert.pem -noout -text




Jennings, et al.        Expires December 16, 2010              [Page 42]


Internet-Draft            SIP Secure Call Flows                June 2010


  case ${ADDR} in
  *@*) mv ${ADDR}_key.pem user_key_${ADDR}.pem; \
       mv ${ADDR}_cert.pem user_cert_${ADDR}.pem ;;
  *)   mv ${ADDR}_key.pem domain_key_${ADDR}.pem; \
       mv ${ADDR}_cert.pem domain_cert_${ADDR}.pem ;;
  esac


Appendix B.  Certificates for Testing

   This section contains various certificates used for testing in PEM
   format.

B.1.  Certificates Using EKU

   These certificates make use of the EKU specification described in
   Draft SIP EKU [16].

   Fluffy's user certificate for example.com:

   -----BEGIN CERTIFICATE-----
   MIIEKDCCA5GgAwIBAgIHSQIRAYQBXDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNTVaGA8yMTEwMDQxNzIwMjI1NVowYjELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEbMBkGA1UEAxQSZmx1ZmZ5QGV4YW1wbGUuY29tMIIB
   IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z3PPr2DTi3fyb+GV88NJqnp
   CDVF51+uo11g0Twvb9uSSf0FEmhs2cpmLQLiIIqKEAqh2+6za8U55kpJsUEA8/iR
   BxeDQKa8aJmmMghPTzRkrp+xD5zVFJb7QGKEhbe6OCnMHboZg9lZIboeSwRT9qqm
   aE2aXzaQTa4B31jyiexRyaEgZaneXMnzV392Vg0j/NYm5wEldSrkJjvf2zVhAgwP
   FGgYcBPWQQqk0VuZezJgeHuolXGAtd9j/Mr0nveloAwTbVWtF5008oBmA4agp4NS
   Duq3Sep15MnYt3I33TCxM9RWJugzcMWX27pjiT+cZUVRGKj7lhQJ8I5VAfetmQID
   AQABo4IBUjCCAU4wUQYDVR0RBEowSIYWc2lwOmZsdWZmeUBleGFtcGxlLmNvbYYV
   aW06Zmx1ZmZ5QGV4YW1wbGUuY29thhdwcmVzOmZsdWZmeUBleGFtcGxlLmNvbTAJ
   BgNVHRMEAjAAMB0GA1UdDgQWBBTd1XUAPkwVfJxJwAcQy8pOB6HOTzCBogYDVR0j
   BIGaMIGXgBQ4rYCE4uAWa5OfifhGUWcs2o2AnKF0pHIwcDELMAkGA1UEBhMCVVMx
   EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQK
   EwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp
   dHmCCQCWo4QXTu+KTDALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQG
   CCsGAQUFBwMUMA0GCSqGSIb3DQEBBQUAA4GBAJzFvASIgRk1K7q+1AKNQSVFlYvP
   9qSVvFvY64dqSCk0bO+H4ONzyjrdo9LWdFvMAH8o/OQHtlzocurufUCZWCawfVsN
   NuKesUCN/K/w8mDYNkZ+qPoqR1I1cRGr7Psoz/odqV2LcilnHb77471dyVdtddVA
   tXdSabbEH+wDYB6h
   -----END CERTIFICATE-----

   Fluffy's private key for user certificate for example.com:




Jennings, et al.        Expires December 16, 2010              [Page 43]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEA1Z3PPr2DTi3fyb+GV88NJqnpCDVF51+uo11g0Twvb9uSSf0F
   Emhs2cpmLQLiIIqKEAqh2+6za8U55kpJsUEA8/iRBxeDQKa8aJmmMghPTzRkrp+x
   D5zVFJb7QGKEhbe6OCnMHboZg9lZIboeSwRT9qqmaE2aXzaQTa4B31jyiexRyaEg
   ZaneXMnzV392Vg0j/NYm5wEldSrkJjvf2zVhAgwPFGgYcBPWQQqk0VuZezJgeHuo
   lXGAtd9j/Mr0nveloAwTbVWtF5008oBmA4agp4NSDuq3Sep15MnYt3I33TCxM9RW
   JugzcMWX27pjiT+cZUVRGKj7lhQJ8I5VAfetmQIDAQABAoIBAC/Yi+3alslw/vn6
   OwX561Eop3heLk0Xok8XADN9Toa4YHjQAk3QM+lIK0CTr8BoJ2pWZ1CSk39lCoXp
   R746+BKtLxaujohxkCvBlncIY3MzIgX24LrFfviApMAUEOi+cShZPE3APCzLBurF
   /DkDPCc4q9Ma5qPC3el4OxUioBiB/Dw/5BF8TXO2+mqrxidocgNY79EEdR2n9pRA
   xbUNXGfvLeZ8Ran2awCe2az7wa2GpuwOCza2l3v2UqxBP2BpV9c8CnScvNjFI0Au
   wSRukKuulw0os6N1G5M6fi81XyCncQ09LeyON47yme1EZkhUjdxR2aKws/+48BN5
   CAeHuz0CgYEA7q715kYFrkuOYz74A5m0yBlD/fMAoRdf8X18t4q19AY5+EcqcWOH
   2Ptk3HFNcpkXD9FYadXTbQRPe0+uYygytRYVCeDKkuVGP0gm2IjuLi/O57sc6/Me
   6zjgHJPJfxQU+hx4pzciOXWuGFi0dUkwsW3wDF+hVvpqlUUsp7mOhjsCgYEA5R1I
   WtWRVhp34peyhxoyNeiTuglKlPeX/AVGzjkcFIYBCkSu/eDJ60GIyt88nh1hDKAB
   X0cy0Xb3rrsZikRoZjIa3T2FGFJcDT0SSaJu68Zsf3gH49tTPaayg1fCffpUxCRP
   2zQinXoRmwjDj/UfOIYDh0x+3hCmVmdzi0PqWjsCgYALDLqBkJhOu1y6J34f3IvL
   /69wIEHVM1nTujV94cQOqgMhBVpnqW3uk6TVt8EYHxI8PzrSm32QPHTZhpTSLlg6
   ne0Xafq21jpsT5DM0XoFVV1EyRrLqZOy3A00BXt8kJdwBMVpKFpDQrlukxy3mU3R
   yP8l839qoWkxw+QPV73LZQKBgQCh9s5kcB96x+FCDM0G1szx8QUleVYA8vq9DRnd
   xN+F3qkzkhRGorb7GOvTxnX6rHgjzaTKrvFMxBYZrmhCp1NKE1eMWOYSqH4sWaTo
   6uwQvseKYNbrC+vPZF1DnjF+jw2HTsgpBLUHr/hsKYjd5oF4mrw51CjHYOvFnwI+
   S/eKawKBgQDkZ3ptH2nCQOGOQmHcTxukTMQmeRCKiYJB6OEKZNCjSO0R6gHc8Qvs
   Cx0D36UKoLMmKRMlwF+ceEIP7tob5em8mZAtRUmRhd/+I/bXP4NYIBE66eQgaCDG
   NuL1yCJnOplNbsc1Iwv4IuySu9SiUCJopp/8RiL1MnG6eXSdhmR3Og==
   -----END RSA PRIVATE KEY-----

   Kumiko's user certificate for example.net:






















Jennings, et al.        Expires December 16, 2010              [Page 44]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIIEKDCCA5GgAwIBAgIHSQIRAYQBXTANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNTZaGA8yMTEwMDQxNzIwMjI1NlowYjELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEbMBkGA1UEAxQSa3VtaWtvQGV4YW1wbGUubmV0MIIB
   IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjOOrNtR0LNv3rJsUdMAxWHO
   RNj84vrJbL+m7vPtp3E/9hIaAa4u4PXgHpe2J/a0FVFRkYQpaJJIPt6tHem5x1Me
   2NthZxLuj9uRPHdzEfJV4O4a2ThTXWhzFJna+UE0wF3LflfuHKpXk4e/RJTt3a5t
   MQwPnOj3WzYjCfPt2nJHUkN977dC2s28vIkOQ9xBnboDxLMF+GMzwsz5vi8ZdB0d
   94TR3gC0tzueZxVqvl3dUQA4oZy81Jr6vimxQKs6qdHIaADeRTRZobNsvI4GNUmj
   GuYC/ahmqxqMMY6aK5ras8dwhwYtkZhrWUaWU4UhMl2CMn43mw6ri5xz13qblQID
   AQABo4IBUjCCAU4wUQYDVR0RBEowSIYWc2lwOmt1bWlrb0BleGFtcGxlLm5ldIYV
   aW06a3VtaWtvQGV4YW1wbGUubmV0hhdwcmVzOmt1bWlrb0BleGFtcGxlLm5ldDAJ
   BgNVHRMEAjAAMB0GA1UdDgQWBBQMBUFFhDtD8qJTsy0CwsrwwVkghjCBogYDVR0j
   BIGaMIGXgBQ4rYCE4uAWa5OfifhGUWcs2o2AnKF0pHIwcDELMAkGA1UEBhMCVVMx
   EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQK
   EwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp
   dHmCCQCWo4QXTu+KTDALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQG
   CCsGAQUFBwMUMA0GCSqGSIb3DQEBBQUAA4GBAFDa/vd7qvbf5dxkpLsYpgNs6cZx
   dWs32afH+NEXKzeEBXPkJfWGqAShD4gaOBYFObF5pPz5TqPgAeHc58/jZedQyE9D
   UV1Sz+aic2ClH8Yy3nu0vtIoc0AvPxaPujfdBJvopjjfwcqKy29j75NG8dp57IOu
   LyZn/Q8Q5O6w+iDR
   -----END CERTIFICATE-----

   Kumiko's private key for user certificate for example.net:
























Jennings, et al.        Expires December 16, 2010              [Page 45]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEowIBAAKCAQEAqjOOrNtR0LNv3rJsUdMAxWHORNj84vrJbL+m7vPtp3E/9hIa
   Aa4u4PXgHpe2J/a0FVFRkYQpaJJIPt6tHem5x1Me2NthZxLuj9uRPHdzEfJV4O4a
   2ThTXWhzFJna+UE0wF3LflfuHKpXk4e/RJTt3a5tMQwPnOj3WzYjCfPt2nJHUkN9
   77dC2s28vIkOQ9xBnboDxLMF+GMzwsz5vi8ZdB0d94TR3gC0tzueZxVqvl3dUQA4
   oZy81Jr6vimxQKs6qdHIaADeRTRZobNsvI4GNUmjGuYC/ahmqxqMMY6aK5ras8dw
   hwYtkZhrWUaWU4UhMl2CMn43mw6ri5xz13qblQIDAQABAoIBAGUDlHoi8Lvcw1h4
   rLEjeiGrmrBh2DUegs14MatAOpxWKo/wzl6Q8mGxjAKcKBAv61F7od2rgqf9qcMm
   hbhrL0eNnZE3Iuf55Hyc4+XvPuw316BXsLebJl8ZzrM7XSrx+EzzXgLuTPPWZYO5
   3VrmyQX4r/WcIugNnEEWMFWH4HL0yCx/JbEZjMHPGGm/O46SsCAHkixzL0vVIuQc
   4AhL3HQM0OUVVEbAut0X5MxFo9TTjmdFH2dsCVTH4CwmHK+ChClNDbhFVaXjB+5E
   d7QAHLLH6Tkb7g2+VgmDm8Jj/rpArdy/0d/6xzHTjVQDAZT4M8gSmHLa1Gc7jV9M
   2eGoj0ECgYEA20TTTcw1eRXurF7Ag5esvuknupMoRw1SfnSXFBRpcMrgvnJhxrTT
   lPfxhkp9iVEE3WgeJ52PrB9iMvvXjnDPOXY92ryGfk9+aE1zuzZJcjoM9hSN9fVg
   orDYMChS7e7qXmq9ttE4j9FXh5VKjwWfdftTPeiAmmvByEnb+my7VQMCgYEAxraD
   IPkSzyuSi05buadaYP1JnCYHPvozQdQpcZTX2HiF8yWwMq0yltz3u2oirH6RvRL7
   gbdq/mES8VQhAUmZUlCiahtmEHwhQ6uSUdm5dq/pnYm7hLO+Nd4UM1kpjX/GBRhm
   000LmDEtM/WU5Y3A9u20cEVw4HZG9dMc33f/7YcCgYBnHKeNh0GCLpktf+ViPJpk
   sLoZGAix2Qb5JpTBQZQQEae8h4eJbRGulSaEM1VzlKEICWVc1dBxbdS9CwdkGZKp
   f/w4d717eqCEJiANYssJJ1lfA216w6hs+WLAysWs1FRskB+k8CB8KULTJJaKSWei
   kMylaUfI1nGrYWhMDIPPxwKBgQCtMF8jOtJQ67oCXh4Ftj1IMRmZ1W8VTX2lDyO7
   0a06BvlADQX/dQKViCsGFh/4VSvyLXw090ZyROr8mIVXmOzfWFXlwtF25qkbUIrr
   eaZyMimbW3Kq2vmZ+1+BzWEw6T8OK9Fasli7oYizM4Q9egnHbS+JdoxFpfB8yi3s
   +qp9OwKBgGnBuEiJ4LDUHdwsBXJTKE1e+nmNYYloui7xH18ZJvZFgDpY8WOczIj/
   ggN/CA7faTvZvA+6XeawYkPImxA5htbWzJJyoBzDvvicntLIzetX9APfQeszjCww
   m1SA9lhGKOTH7XnPgmeTrZvgMUK7IZaCuO1btz8E00RYSVPbepZJ
   -----END RSA PRIVATE KEY-----

   Domain certificate for example.com:






















Jennings, et al.        Expires December 16, 2010              [Page 46]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIID9zCCA2CgAwIBAgIHSQIRAYQBXjANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNTZaGA8yMTEwMDQxNzIwMjI1NlowWzELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqG
   SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR2i2zd0JfAJke9LZsUVG7CyCz+ceTl/8C
   rIGS1aEcySQWRlnRkh0Nv2Y6ZsZcqjsHIb9FQGOUIDCB41+q5sdgqmwij0dklJpx
   sRhRLoHpozJktDj0NevaP2+C8XpN3OHF4wUbwXiDSNRkbphLTs6Ffw1iXRuKcsGd
   vYXcN/Cnwcxgrbc5yyD/iZ9lBjWTW2HQBBuj1HBX2dXAUvRwDcr2CkKLUkfiocsO
   F53W6kHlalopqBGvUmWkeY5P7/zspzrKVkW3h93px/m39+gS+LWiCM6exMxwhabp
   08x2bRFnsAAUoFWmYzb6wuC9RTwUsO2I9hkU1sOiecq+aVLQePH9AgMBAAGjggEo
   MIIBJDAnBgNVHREEIDAeggtleGFtcGxlLmNvbYYPc2lwOmV4YW1wbGUuY29tMAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFKyWIeZUfeceofFYhtlfrcvc8WaSMIGiBgNVHSME
   gZowgZeAFDitgITi4BZrk5+J+EZRZyzajYCcoXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIJAJajhBdO74pMMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
   KwYBBQUHAxQwDQYJKoZIhvcNAQEFBQADgYEAUq5m31UdmTyeFwk9SlkZiI/f7it1
   ysWzNs43EF9vDvJPKmI0GVx6PqPLma6nfKY0WadDo9zv5YCGPyEhlVt0TCPjHh0U
   Q4ZIufXJ8KlIox5SkVbV7bJWUo/0AuhMgIPmDKrg1rBcddKQOVKLtUjcaLzlXFzd
   QzSvFDqFYKNGF2k=
   -----END CERTIFICATE-----

   Private key for domain certificate for example.com:

























Jennings, et al.        Expires December 16, 2010              [Page 47]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEowIBAAKCAQEA0dots3dCXwCZHvS2bFFRuwsgs/nHk5f/AqyBktWhHMkkFkZZ
   0ZIdDb9mOmbGXKo7ByG/RUBjlCAwgeNfqubHYKpsIo9HZJSacbEYUS6B6aMyZLQ4
   9DXr2j9vgvF6TdzhxeMFG8F4g0jUZG6YS07OhX8NYl0binLBnb2F3Dfwp8HMYK23
   Ocsg/4mfZQY1k1th0AQbo9RwV9nVwFL0cA3K9gpCi1JH4qHLDhed1upB5WpaKagR
   r1JlpHmOT+/87Kc6ylZFt4fd6cf5t/foEvi1ogjOnsTMcIWm6dPMdm0RZ7AAFKBV
   pmM2+sLgvUU8FLDtiPYZFNbDonnKvmlS0Hjx/QIDAQABAoIBAC2T730dF+M+ZANf
   LwfTmabAQfgU9g3OY2qXQQU9NOLlpNrZqMRlsb28pl1k2QxjRLLF158Y3wfa/e4Y
   Dj02JnOOUDIpYF4uEGVFC30GVt0Bvv40TnJsC6+5O2T7QY8LvFWYexGOMbiB5u9x
   Pc6NbTl9YNDOXB7z0a2K7jnoRHKKtge3vb+yFul6cTNOp6tqx8doIFjXK/r58Yuy
   n6Z9c8IMTHFIGbavoRBK0TH+PhkhISJ5ZWfgIClx4VA05Y/+0kXKJ1TiVnpSeQ6x
   1fgtvnKtibGuyMOz3ESgPvqqcU69ZzmPgnBDzbLQUnfN9Jlh1J7ZkFwoIpKpKf1f
   wxZW2hkCgYEA+Dm4VWJt/dOGziKwsDSS9y7I5hirBzD5Jo+wjeeQQQQh3rwR8DVz
   m6gggPBAfdzZ6KdREC+JQMoqFCPPIYvMfMXkOoZ81kmCWcqlFKDxnAmL8aBOcwDr
   jxmp6MIAXAcELhIoTmk3w9oQ0LT7xBK6wQpSMJYKdcBnMS9wxJjNkO8CgYEA2GzH
   47QwF31HgiEQcMtCzTiGEU3gjmoSRyJ1hXvF6A1Q6RY19xUS/wUQTR9cwHvToYlY
   Me2cd+E3Sqd3Z8o9gvqwnJm469heT7p7R88NRo0DdQSj/M3L8sFMdsVE49RyTftM
   LjwWFYWp39R7dcoXlw/rrtcPYCRDOEkMnl3DU9MCgYEAiTwYLpS5rPCqggLp3rFi
   Y2ipR5Vx0QsBZJFikkHpHhjzxNoDrONQZEmClua9MRjOHPOMPL+bSYe71eCqXqiU
   yJL8CGNcV3jSqWQA+rO0gIlCprbzSF/E3BvbNUU0v6xdYj9Fq3w+iXhhfZHh89hL
   Cfjz0crSQ6G5K5dH6Fl2pV8CgYAaKTwYaEWP8VLdhgWovMk8aWK7YMCONoAzHRU7
   p3SK0mE/a7HmRiPfs8r+p5Xcpps0YZfJoUFStGSsn4WthCLfXFJQ+7wAtkzgMliI
   m5ytNIqAcKkp++51T6xghwQGzj1q87+Hrze0Lk4UgmjSGjWzyvbgUZrIMln1yc6+
   rfLYhQKBgDpo+fDx/wQ/m1iMV3/s4B2lVCUIIDxZ3784wl785J6tF6TF5rhNg7yV
   QJvNfiyUzIZDuYVahlwlCLa05+btLYCXzD5Zz3r4SD5o84tY7qNidubAiMUiVEZA
   Dr6yeA0l+y2Fpgj/gEm9kNyF/F/WxrOm08ZooAUnaaOyf0PAUdIk
   -----END RSA PRIVATE KEY-----

   Domain certificate for example.net:






















Jennings, et al.        Expires December 16, 2010              [Page 48]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIID9zCCA2CgAwIBAgIHSQIRAYQBXzANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNTZaGA8yMTEwMDQxNzIwMjI1NlowWzELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEUMBIGA1UEAxMLZXhhbXBsZS5uZXQwggEiMA0GCSqG
   SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkJmPQLQfz5Kk9o1cecXFmeipHOMUbWtZl
   QrtDulIX8Y0yTBxXXYcLeSWTpaSgeuet75256Ngz3qH6MhF8TUq+iJ4SwBK8at7y
   1PhPYu8EFkUpRyLVKeGm1QM2NgEV11vAO77hPkSe6YXGt0cOKEySicmg4bNjhFZn
   rY99+DBUpvNrMkClRJhuRo22yQnfxiCOLP3kHLFDFIBwEe/6AiHxAlYf/c/ZW9HF
   B+SdhgHOsXnPS0jAI0lj4FXBpvzLgs3hw3MLbz05NLZbLpJgNZk/xYgqSHj1C5Ll
   1arCEj7JapPIl0PnZiOG2dHd+DjhlHyDtcf61sqSecYFvSRXGQvHAgMBAAGjggEo
   MIIBJDAnBgNVHREEIDAeggtleGFtcGxlLm5ldIYPc2lwOmV4YW1wbGUubmV0MAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFKW0nif3Zn2LNI+/tErRWH8nMX5HMIGiBgNVHSME
   gZowgZeAFDitgITi4BZrk5+J+EZRZyzajYCcoXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIJAJajhBdO74pMMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
   KwYBBQUHAxQwDQYJKoZIhvcNAQEFBQADgYEAD+RCm+VUeC5oy/ifYiuRVzWw01Fb
   /xtHqVRScz4+SSKCFH/ENLYSIWMNN9waQVpaUWUAtcuQUmhznlm3+qcghLb6IKe6
   5ioKeXfE8QIPn43GM3oikwIIYUc8XA7fgkZ7lPxQNQMJlMUUChjoD5Cfe6cnHv/T
   Npbe1w20tvqjI7g=
   -----END CERTIFICATE-----

   Private key for domain certificate for example.net:

























Jennings, et al.        Expires December 16, 2010              [Page 49]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEApCZj0C0H8+SpPaNXHnFxZnoqRzjFG1rWZUK7Q7pSF/GNMkwc
   V12HC3klk6WkoHrnre+duejYM96h+jIRfE1KvoieEsASvGre8tT4T2LvBBZFKUci
   1SnhptUDNjYBFddbwDu+4T5EnumFxrdHDihMkonJoOGzY4RWZ62PffgwVKbzazJA
   pUSYbkaNtskJ38Ygjiz95ByxQxSAcBHv+gIh8QJWH/3P2VvRxQfknYYBzrF5z0tI
   wCNJY+BVwab8y4LN4cNzC289OTS2Wy6SYDWZP8WIKkh49QuS5dWqwhI+yWqTyJdD
   52YjhtnR3fg44ZR8g7XH+tbKknnGBb0kVxkLxwIDAQABAoIBAEC0yV/EgIAJwRUF
   EFB104fb3FKa9EfmNOFRvtPh3H6Hv2r2Sa2+tn81UDS1dQG1sSIFdJ1WRfOcbSld
   FztylGYrIHSvtjMDxcLfZMqWazWnObgdzINOsR68lTmHbEIZ1JcgdgwAKbiiwRMm
   KCJSjGyvWAXNMpOmFRFlf0zeyt5zF4wSLWqKJByH08mdt6YrvcmmLtSi5bQi0w8J
   uA2w4BmsITkVyjA4oEr4lJzOobGs0o3RfamcEV9GmpgPXwHHL4PnmBhmBrYz3uz6
   7/As66pNMLn+Usz/zEYAmsqRe7JWx02Mm0aKbHEJGBkB7sIhHBBo4WHd18GZLBdF
   e6HiqMECgYEA02xC2GE+sIy7HLsXVigT2xb8zSMdA+xJwG8XNxcLCsPD5F0frXpJ
   wGNwyCIB2x9DIizWV9lG9q90q3bwTcezJMZbjUscRv6NrmTEyocJSCTWajBf2VQ/
   h+Cn3Xtb9rtUEFRDERxAk7qanvS0dBldwWeeMWmk0y/Kw1HghNApTFECgYEAxsKH
   s0rxuUfARnUb+lpgH2ZNiZLnHkGuADfesAN6jQ3E8izeYRkP9kXlCwc0+ElMpeSS
   b8Voutbn1OA/Q7lepAXK1UgpRZTcsHlHRFbbD6a6SikWQitOFOlsgDV8myMrpNiN
   voFI7bmFzVvCBFw99n3jhq9T1ypjkDRpOpiSiJcCgYEAupX60FfSKaGpqIt85u5r
   x5kb9jac7s9jr07bYCUX+6IVib6drE4WNJIOALHyjV2js896QwFgXWkvP/uxzBMI
   CNZ+Cc5V4Fna1CPegRZ3nJHWINUcYgK2Jsafnxm1aaSdZePXZIxYeYff2ZUAhM22
   Lm+x7s3bRv4QphvmV5AWQmECgYEAqe7n1oLc6GxQF+1IXmOmizIMWPMgZt4Axm7+
   Fb7jqHV9TRDPkHS9EPHxQdyHjUAeKDeke6tsP1I+I+MWM/Do2ZOaN3/ayYLcrIUE
   SYl5AYiq/Xzjau9bcsWf3n3ca0dGqUn85kPi9l0H6OvqlY/H6lb3kM+V/wBe34vv
   7AlGP0ECgYBefLxSwdv+abhBraz60jNpnMoKkowTJ3qxzzLVB7yx/a0e0Sb83Hi2
   I/EMeSUotZcwVNsqgEZSxRqrQbryDsOIkCckzmOgAk8F5vgDXSmZfqPDhFufF1kg
   lMvhtbGLv0wC+ODzIj9VY5PVhYsYSMfVOneGzllkOb4ika9Ms/BSVg==
   -----END RSA PRIVATE KEY-----

B.2.  Certificates NOT Using EKU

   These certificates do not make use of the EKU specification described
   in Draft SIP EKU [16].  Most existing certificates fall in this
   category.

   Fluffy's user certificate for example.com:
















Jennings, et al.        Expires December 16, 2010              [Page 50]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIIECTCCA3KgAwIBAgIHSQIRAYQBYDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNTdaGA8yMTEwMDQxNzIwMjI1N1owYjELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEbMBkGA1UEAxQSZmx1ZmZ5QGV4YW1wbGUuY29tMIIB
   IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4FeBkVeK4T9v9Z0Ofhxmfsq
   cYTFr6a1qEnNUjUuTRzMq/1i5+1oduZ5+ceQs3jzv4dOhUCp0gxGE6IQyDovMsHa
   PrN3b/HFOJp6fXewhnygdE4ZHV66doRNDG6kFE58fq/FLMIZe6kXOhe9XnO/iSDv
   fvUS5OvAFTOtMXFprTCCBXndG9mTHK8G7Gtr5APJcml/LNVvIRYt5Oewj5BuyAZo
   hXwNDfaR1UK+FRHVbcoj4qIRmlhDZvHRDDQd5GPjy82/lOKCmsTb4BzFazUa1V3x
   UmFZROkzV0pK0HSmxGRZbIDrNlUqaHn2c78w2qN9ON4yA9TzIQd2hplich2Z6QID
   AQABo4IBMzCCAS8wUQYDVR0RBEowSIYWc2lwOmZsdWZmeUBleGFtcGxlLmNvbYYV
   aW06Zmx1ZmZ5QGV4YW1wbGUuY29thhdwcmVzOmZsdWZmeUBleGFtcGxlLmNvbTAJ
   BgNVHRMEAjAAMB0GA1UdDgQWBBQy79Hl1hR623USdNil4jNtzSboRTCBogYDVR0j
   BIGaMIGXgBQ4rYCE4uAWa5OfifhGUWcs2o2AnKF0pHIwcDELMAkGA1UEBhMCVVMx
   EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQK
   EwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp
   dHmCCQCWo4QXTu+KTDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEFBQADgYEAD5PK
   45I5nux58HROS4WwEOklyYc9XmRq4Y1BTWfsOHpHSi8wkvmMg7CNowB9rmw6123e
   D9o/mden394i7RxP8AwKWIpUL19kYfJHvMItwIT6L9jyup2Yr16Davrw/D8mCp13
   DHLV1xUa+GoAnjL1O/KY7fJysaCGhHpL9kxHwVY=
   -----END CERTIFICATE-----

   Fluffy's private key for user certificate for example.com:

























Jennings, et al.        Expires December 16, 2010              [Page 51]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEowIBAAKCAQEAv4FeBkVeK4T9v9Z0OfhxmfsqcYTFr6a1qEnNUjUuTRzMq/1i
   5+1oduZ5+ceQs3jzv4dOhUCp0gxGE6IQyDovMsHaPrN3b/HFOJp6fXewhnygdE4Z
   HV66doRNDG6kFE58fq/FLMIZe6kXOhe9XnO/iSDvfvUS5OvAFTOtMXFprTCCBXnd
   G9mTHK8G7Gtr5APJcml/LNVvIRYt5Oewj5BuyAZohXwNDfaR1UK+FRHVbcoj4qIR
   mlhDZvHRDDQd5GPjy82/lOKCmsTb4BzFazUa1V3xUmFZROkzV0pK0HSmxGRZbIDr
   NlUqaHn2c78w2qN9ON4yA9TzIQd2hplich2Z6QIDAQABAoIBAQC+8n0P/6av+gER
   gQGOs9yBzmA5pEuAotdKn5vsNj6egPLLIvG1k5CvzYsdtRDhAt73wDBYyWsKl1Zg
   SR42p11cXNIB5uxWYFln4Q/1fpwy3J0Ymq6MDGIbvjsdBEzyOngD0brmr/q8xJL2
   R6l4Pi1iy8ZBbpeSTkbOXSJ5xD28goHLVrsf4p3wc31uJ67IldjZVDOzNl2EXTV9
   5t8+URPmm5XtLMxAPLJRNyw6yMwTV0j1T5Cr/oIq4/rdx3OImy9VbamKXXXUkB1Y
   nyBU6GHGlrHj4OsKcgMHsbdiaGQNwYcOiCtlED4hzCCPWSJWIbvXUPVNnK6/0sMr
   TnQnYY0BAoGBAOORMfxkGu7R4mln3Mwz/HSFRtbEU2/9gvXJ5MiHWhfQDslxpjaa
   Y4uHuthDORhlsHXXqjPjdvIcELiV95W/XsB9zBxBLQmMRU5wIhX8uMVqSOSfqFWI
   rWEoUXKUyxmubq4J0URoygs9u+17RpsRGmGA6AOlalHZyjRhPJZpUke5AoGBANdu
   uTphrQVjy7z8RFuhP7tZ+mN98ddrXcaVpY+bZUGSZsEGRQuP9SSSFUlPuyQ0iUyW
   Co+bWbR7GLv/2ln2sAgzRs2xH83HWs5BWZrtO7DB5wQNu8DZOkmR34BYTwlyHHtg
   /yvlFvXB+AOlCvi/t8BdG/PIXUcBvClW4e1htZuxAoGAD/160q5CCjfrPdbTd/HL
   MnDO+nZPGpZoplaqYcDI/tVaxKLcuAd/KSW/ZkTK9UDn9k/SINVB3V9FeYLoI7iP
   stzkA7Q8sugNUqakboEUhqKiPpZNYL062ZHYr0FvR/2uv0HnV3Q5hjKvSs+XtXut
   K96/7smnv9qaz7VpaXQ7GNkCgYBWaDSm8/JfzQ00ucH5No3HaWmCakuL6aZtNix3
   kw5j5IKOPSOIZa8fgfBDvVUESoYfT7bgrqCmQRFEpnQ/zTABuf9WFQr6kFEdlRyJ
   hUmBteQgvhlmWjqEs5t/cOwSj9BYtCjkxDgXTjtZyuLBrrPW1gGWH/E5v7pmolBv
   09bxoQKBgHKjXLwCPFdTKwkX4l2jtKfhF/hXo6zWx+TLEyrugxveAxEvdgZAlJ7m
   F6z/zvOm6UM6BYxgPl8X+535ijZXKE5OgGJ1Rnt+AaWnfzXAUi7upOEQD3PkjuFE
   FaYuCSghaWvdgiTwzVjp25iJcFiUJcNlIlNDICDP6emxpSQNEoDC
   -----END RSA PRIVATE KEY-----

   Kumiko's user certificate for example.net:






















Jennings, et al.        Expires December 16, 2010              [Page 52]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIIECTCCA3KgAwIBAgIHSQIRAYQBYTANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNTdaGA8yMTEwMDQxNzIwMjI1N1owYjELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEbMBkGA1UEAxQSa3VtaWtvQGV4YW1wbGUubmV0MIIB
   IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09YKbZrIDl1nfm44nUfYljd7
   Tq8oqdr/mvkDBrG6GW4bEvAHV2pzRBdVk9BZCDgtzmGhJt610RZeyrY5UCLY4k/M
   11Z2tnOSQnc0Eg6oRrRtIpvqQ5PzK9kO+r8KZzGZWTPMppmGUuqVv2vgNMOGHMOu
   MGr+CUc1jdcJVF0YXO+Xo7N0FGfQbSzT1H3txYpvdpgGHjAXConTQ7pO1w0c65Uk
   Zzpm73BOrjI2nt7ziQO2zpzuI3lLAX2dMLIyr011N9f52Wo+piM6nuAAPtM98rw8
   b/OeWl8EsXkr/H/dQQAIKb8wHsrGH79uvTNilCdbTuBUQ3GWKI/lgnNcutE01wID
   AQABo4IBMzCCAS8wUQYDVR0RBEowSIYWc2lwOmt1bWlrb0BleGFtcGxlLm5ldIYV
   aW06a3VtaWtvQGV4YW1wbGUubmV0hhdwcmVzOmt1bWlrb0BleGFtcGxlLm5ldDAJ
   BgNVHRMEAjAAMB0GA1UdDgQWBBQbJb+bvcKecl8UiVR7P8X6XLM3zzCBogYDVR0j
   BIGaMIGXgBQ4rYCE4uAWa5OfifhGUWcs2o2AnKF0pHIwcDELMAkGA1UEBhMCVVMx
   EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQK
   EwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp
   dHmCCQCWo4QXTu+KTDALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEFBQADgYEAYOBu
   i0lImuMrgrLdcFo6zPeMnwaP7U13GTIj0j1ylIoywCR8fzWns1hbAgAQ4wjMfNL7
   4yLUTsxu7g3hLyHuVO1gvH1xSy1BsSo4/4bTx1AKM3jhtjaO3O1pquIPrl2aUhXy
   HkXULkhoH+fQ9iYj7hEQrS2MZizDgBJoGicBI/E=
   -----END CERTIFICATE-----

   Kumiko's private key for user certificate for example.net:

























Jennings, et al.        Expires December 16, 2010              [Page 53]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEA09YKbZrIDl1nfm44nUfYljd7Tq8oqdr/mvkDBrG6GW4bEvAH
   V2pzRBdVk9BZCDgtzmGhJt610RZeyrY5UCLY4k/M11Z2tnOSQnc0Eg6oRrRtIpvq
   Q5PzK9kO+r8KZzGZWTPMppmGUuqVv2vgNMOGHMOuMGr+CUc1jdcJVF0YXO+Xo7N0
   FGfQbSzT1H3txYpvdpgGHjAXConTQ7pO1w0c65UkZzpm73BOrjI2nt7ziQO2zpzu
   I3lLAX2dMLIyr011N9f52Wo+piM6nuAAPtM98rw8b/OeWl8EsXkr/H/dQQAIKb8w
   HsrGH79uvTNilCdbTuBUQ3GWKI/lgnNcutE01wIDAQABAoIBAEh7PCY0h68iln7U
   B9sI8jqz0SUjGa7EmCDWgwqPVTXOTsU0C88FRVtPAKEK8Ou3DTVIgnNiUKOyG80Q
   fJvG0J7e3x/vHb9f2/OSBecHzNwkcBMfdhCZVuLx6gYxx8V3WxkCeEuozCUizwoo
   RxbGr+S3r6oxcaqLCu/1W+PZ1rQ1RqNmh9rhUnlkrYSbQ5NS9yGuT53mdKcvGANI
   RoCt7WABW+UkRBk/ytnE77JCXTZHsGt/UzxijHEP1Ab4kths4LmgkHDOO6Ab5duH
   IyYno9OzjgaDxuKk6JN9Te40dpwhrfoaAOFcALJxBa3ZsfYYvP+ImBUnNW3r75Bc
   1f1jAUECgYEA/a35zun7eAFgVcG59s2Q3UjfJgisfP00NTzYh6WQUPCU8l2xG7J+
   4xIsClwczPLH//NqK6dtGPZNkYlV+u0flmw8vpDH3KQ+B1p2VGbp800BphH1z+vY
   LwH8wnoGI/aBR0+yR427gTjBQXAvfrI722GJ76i8QO2swmYf8ZtGJQMCgYEA1cYV
   NnTvhsk9Y8FhghTaIA2xvJmCS0K4Wt8mWNra+yF3J6SFzyXiHw52xFXqEXtq2xQC
   Rw3tlxsHzUngWkUmjPrmpasanWQsL/xjHE1sDfcz8jjj/U1r8lvZ6yjC6oLvKElK
   nS4vHr5sI0Rv78IDwiOGKdAlF51TgKzxh9301p0CgYEAvpfy4yHq/IvULDpEFQj3
   eTph5fqIVdQLYKBZcvjSh+1pivsXsN6X9NTXX+U7AkS6PTROJYRCNIoBV4Iepkt3
   +xVRQkAW2VBRBkdSNjGoPlMyFOrTi6b/ornUhO0XJffzw3c+VAJJyVmx4Q9/r6oL
   zNToxLY60nF/5gLCp0zpE68CgYBRkDNVxMYDKlMW9ZirliMnabIv4G47IujOGyg5
   bL9yY/FfmcFIKQ8ehFlCTflx1CIQFpFL5P+K0NBoPlCwgIPV9ID+IsuT072cTXLP
   QKcCqRgTyisK4XhXTz5VIAdGjNCNEXG7iPyHgWYnCpye4OqoLv+ognc0jF1o0hOR
   oFkjbQKBgQDXaNYc8m0OCsYrS8QxkZki3G6r7QKIiUzlWyjMMPWahcXjN/Q3qgG8
   t/9n8qj9dypgoWLl30kWD62bbJu5O79Dmd4I9Sr2cpwgWn+3qZ4VTy4QKlZDgkTG
   SND8Au5HQ/T1Ta92+hFfzSLkqer6to8PbQP+3sNw3l694HVn9kP20g==
   -----END RSA PRIVATE KEY-----

   Domain certificate for example.com:






















Jennings, et al.        Expires December 16, 2010              [Page 54]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIID2DCCA0GgAwIBAgIHSQIRAYQBYjANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNTdaGA8yMTEwMDQxNzIwMjI1N1owWzELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqG
   SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJlZSHuyd2wkXwCr6ltCgZh2Sx+Tb4zLJf
   9jqcMSVzNUzINcllOUh0uij1t1djqRJNTUfyi9yPkpK20oQaoENM+GmuJDZfX8V3
   XqP1Uyq8CPvZwJ/g5Zo8XrcAFiLGuwYcUQX/Onk2b2T8xPBbLtOIRkEukCP2bfdt
   tlLgQGd1Qx2AGxicVW5XRIhVaaXbNwZjqV8H9D7JKjy+odGM0yuJ62IdIfhJKhR4
   8Q3R3edPqW+eANWH/cYRDMC8hSupRhsUKZ0xJxRrth82zE3IuDmxNOUNfcLW5PJZ
   ei3uPtpLOAbGzQgziGFeaepdtzzrXjNdcA27APiG9bDp5Rh6ckkDAgMBAAGjggEJ
   MIIBBTAnBgNVHREEIDAeggtleGFtcGxlLmNvbYYPc2lwOmV4YW1wbGUuY29tMAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFMTi3LKH+s23KSjpn7rS2CNSj5JBMIGiBgNVHSME
   gZowgZeAFDitgITi4BZrk5+J+EZRZyzajYCcoXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIJAJajhBdO74pMMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQUFAAOBgQCWGnzT
   wSQq7bVUksj/MWYznOm23eECefZhBnrGuxT3+0m1Z8dr2xAa2qMc3zhBeFexsEgR
   DBylWHib2OYmnHU41JuEaf5L9LXAEmLnGvFc0q55cKYLfUO2PFnMPq/ZBe+TBNHU
   4VdUQJJeWnfBTNuVwKb0oyQsbV1Jyw/t/HtT6Q==
   -----END CERTIFICATE-----

   Private key for domain certificate for example.com:


























Jennings, et al.        Expires December 16, 2010              [Page 55]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEAyZWUh7sndsJF8Aq+pbQoGYdksfk2+MyyX/Y6nDElczVMyDXJ
   ZTlIdLoo9bdXY6kSTU1H8ovcj5KSttKEGqBDTPhpriQ2X1/Fd16j9VMqvAj72cCf
   4OWaPF63ABYixrsGHFEF/zp5Nm9k/MTwWy7TiEZBLpAj9m33bbZS4EBndUMdgBsY
   nFVuV0SIVWml2zcGY6lfB/Q+ySo8vqHRjNMrietiHSH4SSoUePEN0d3nT6lvngDV
   h/3GEQzAvIUrqUYbFCmdMScUa7YfNsxNyLg5sTTlDX3C1uTyWXot7j7aSzgGxs0I
   M4hhXmnqXbc8614zXXANuwD4hvWw6eUYenJJAwIDAQABAoIBAQCx2QI97eSXZjcF
   3LTuxM9MFqPEUTcqso39E+QJwWJlDnU7fhi88Zj3Qva4MpUrHBNFmBUN7E8fbBV8
   rqZWR2aZFeFG/jPqWTiCZEELQ+DEHLj2GHf1lxxIfte9f8oWwxJVETbVQuWGHSlf
   yPC1wc5mwHTpe8n+tG5DoUPlDW05ifYbZZLgCR5WlgNtZq2zcnAOF1XUndgQf8qf
   sZVHv57Gq2hODinitBjU+0fGfzHpB2Su/cgRv0Q1Zdq4ngcQTlGbqLKM/TPXFHvB
   LXd+5ys/nar9dtPFd9qNnj5ApeijP17BXR+rKDB8y4BOoRwJpjp5GP7J0Y2dOyDC
   7OTf/bTBAoGBAPu64RWL8zj8G+2Ch0emjElxRoVvEL4A7pnUAqThcBUtcfmamfHV
   1dNfNZnkitHHXwhSM0Dv5k8We6wxMD6dMY8TEqnU7J86PSb7WXA9LV/6f9DFb/Hl
   jjMM/7EPX1wX5Kb71F8TMevMsRgW+iHVuI9qgk0qLo3Dd75EnoFLQoGJAoGBAM0A
   8lQ48JroRXspH497ztVibFNEHJj2vYtLH5YcFyKWux4MzRhQ8el3S1yu+MK4A4CT
   W9mhW2Rl3QDJWWz+GdDn164kP2m3QOMGnSwEXekJ0SNkXUs2Uk1KxldCWaJS9Ljs
   ujXL8xbZ34NeROm7XlI4OxfGkhiqMtkZN3eM048rAoGAdwaqHxIJc0xhuDAb3xk1
   BBT3j2gwtmaia0H/7g5afOj8F1WurNa7QDKomZeivAZVPQ4BBhdpAsRSvdyUP0b8
   g/Y0wPDY4YEcIS5/375NkjBT91cj03EDh8gBrqriIB18FCjHBh2BYUlsA0P6Cb2Q
   gt+NtQbY9FcUa3buq5v2WmECgYAxnG0InM79bgCCka0lmByx3yO/8tfI3M16DDAU
   r6+Zm0ilOQvZOp2QlmISh/WDieyvDPpJbJclcNFPA2s0yTmOKM01Q2hlOQfm6Q7Y
   PCZN4yZNnlhFf1vjgJkHPPNcKR84MXHO2xB1EzzYGdQrjECDPUBvvIpWlbnAeC3I
   LLh2CQKBgQCby/g44cg6KG089iEHz5rE/JgB4gDRUg9sSuR1V/h4KrB0kryQO+oD
   veBiwSAm4kA1bIcCAGJFu2GqOFBNaHfISLtWGS/L4NxyVnYR7gDeNAvFBpksHbuK
   U0MeEewTkNlAfqapcBiv+2cTJcSZTIgumNet8YtK2LSUOm8ZBN7/pw==
   -----END RSA PRIVATE KEY-----

   Domain certificate for example.net:






















Jennings, et al.        Expires December 16, 2010              [Page 56]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIID2DCCA0GgAwIBAgIHSQIRAYQBYzANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA1MTEyMDIyNThaGA8yMTEwMDQxNzIwMjI1OFowWzELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEUMBIGA1UEAxMLZXhhbXBsZS5uZXQwggEiMA0GCSqG
   SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf+eFo3gjoo6Dg/CbVb19GNnmoN3AG/dki
   BuGqrLyoXqsPtad6U3A1VMYgGiE0yc0dBqVQyCuVZXTdrdmrD7T2r6JxRbLHwxCn
   el0tL+7VOKA0BNWZ0fWbtFB8qfaist5o+k3sRvUmEb5K5zMRAQvtfNSVSqjKhcOJ
   8mOV9yXuIpz8WNCrmiaQTKUT+YCXAFc964052ZYsO3EsASPNZzaoe3yjRUoTbnMF
   XX1VTXziDgFF7xjlWjyTsg4mvmFzJITDb8CJTOROzhCbwS4Vj6Fer8HiTEnwyNgx
   SjvDOoZimiX0Rqn1FiEIgC7mxFHCqVD7lrucSMD9vxjfEFcT8TmtAgMBAAGjggEJ
   MIIBBTAnBgNVHREEIDAeggtleGFtcGxlLm5ldIYPc2lwOmV4YW1wbGUubmV0MAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFKxgVEtcaqkQ0nm7aBumlh1QKD2rMIGiBgNVHSME
   gZowgZeAFDitgITi4BZrk5+J+EZRZyzajYCcoXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIJAJajhBdO74pMMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQUFAAOBgQCA0UNy
   1PRK6aN6kTqDzXSweu+UhmgxZV5pJjImJVdiONroFiRQcmz0gANNQjo6n7ficVfO
   l/CORHHN/KF6KNy3s8RS5ud2P486TOpmR0M3naqWsvtWylxP+FwzWUPiimLBXFBm
   5jhc+mz6NzT/kb2CiXO67HHzcUSt4ErxPaAmFg==
   -----END CERTIFICATE-----

   Private key for domain certificate for example.net:


























Jennings, et al.        Expires December 16, 2010              [Page 57]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEA3/nhaN4I6KOg4Pwm1W9fRjZ5qDdwBv3ZIgbhqqy8qF6rD7Wn
   elNwNVTGIBohNMnNHQalUMgrlWV03a3Zqw+09q+icUWyx8MQp3pdLS/u1TigNATV
   mdH1m7RQfKn2orLeaPpN7Eb1JhG+SuczEQEL7XzUlUqoyoXDifJjlfcl7iKc/FjQ
   q5omkEylE/mAlwBXPeuNOdmWLDtxLAEjzWc2qHt8o0VKE25zBV19VU184g4BRe8Y
   5Vo8k7IOJr5hcySEw2/AiUzkTs4Qm8EuFY+hXq/B4kxJ8MjYMUo7wzqGYpol9Eap
   9RYhCIAu5sRRwqlQ+5a7nEjA/b8Y3xBXE/E5rQIDAQABAoIBAQDcYJ4t9OqHHRla
   xj/fmmoAR/GEVqff+T4AgQziRnyKnjtqha54akjp8LPROmSZ8EXl3Xgj+BEKOn22
   8SxPaHECmOYY1h+G9qQYZgnwQE2bdtAK3wbdBv3HarAXOZT3mU/FsyOg7GCiSKsY
   QEy62nDGCCGTk5ZpTxyLSvg5wqiLmaPTrT1mgEJ6QAAOTrwVjvJHuZdQ1QwdxaJg
   15zKrnkv+I2xZa+jojOz2qWMFBCsR58/N+Jfm28WWbVJoCyweRodWkWrMYb/cDoP
   Wq8ZofAjkuu6EGqfivnk3R8DVY3KL2ow9FhpbFw47mhEoFtcdwsogR7v3nzG/qnR
   t6gCgG1xAoGBAPR18/5A3TMqXyavgr0ZH10yeH+m7fws7cWJQLJ5a8kz9eVVoXoi
   ba4pkBtfDBAHvSfp8sxEtRoyvh0GBdt+YyVOW6aQsQJh5//Sj0D+vT8ZN/Fz3pwq
   fQE5K0b0anrzfujj4nLurhm4BPz6ZHuEAPb3dARSH+/bYCqBl3G45sV3AoGBAOqM
   ZGegJslWk/ARSi3izKq+6KXF8ObUNtm1m/G1P97YCMjC7m2HRGuGpRb7aP61WKHQ
   5ZnCHNusnhSnYGmPayaMxRIvJMpXAuXE10otCJ9jGonTTArc3wJOXl2AlgPYLdEI
   E4IAwAM6ZdDegjuaWsOOSin0XtqLj8Izm2FWXtL7AoGAdJ5QZ1pKK75q5emUVOFH
   NQ5+rWbU4RgN1c5ELt/9q14+T8kp3znNWOg69tPAzWTjt8bDLO8Z9gV+7BmTccI5
   SfK3hh5AUwKhykiITlk3roI5TdYYvCcIuyyqmI7AvSarxC3yOSHjrCE9P/GzPbkb
   PLWPgwAqfCILHjv0Iywx6sECgYA+M2UdJhejJVauP6eQa6kjTuWbsNamIHk7WzIz
   84Ews9IAi9F3Mnwul9KIObwqcCVFJIT/Nb85cpmpmIm09NfRrVtF60KydkjKbl05
   yp+SxVFwY5yy9MgfcHEOEt+1vUrJOH8T5ucE9CO0NI4NCG4xljaM0cWl54UEV3NJ
   aQJUqQKBgQCf+dCVtWEEPtFtrron48Gw1j41d3prOHEgPaSjfDK5jyxOplvre9ta
   1htMIgENsXeiCvsobmI6LQ1dcdP3B+PCDmGtnPfEQZ7u9tQpThC+dw/dYl0VrmCm
   mIEIx6i15btHhdckAL+2nXt2dZ4wfW56Rgptl3m+MI1HCLLhlMN9PA==
   -----END RSA PRIVATE KEY-----

B.3.  Certificate Chaining with a Non-Root CA

   Following is a certificate for a non-root CA in example.net.  The
   certificate was signed by the root CA shown in Section 2.1.  As
   indicated in sections 4.2.1.9 and 4.2.1.3 RFC 5280 [15], "cA" is set
   in Basic Constraints, and "keyCertSign" is set in Key Usage.  This
   identifies the certificate holder as a signing authority.

   Version: 3 (0x2)
   Serial Number:
       49:02:11:01:84:01:60
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
            OU=Sipit Test Certificate Authority
   Validity
       Not Before: Jun  7 22:13:09 2010 GMT
       Not After : May 14 22:13:09 2110 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit,
            OU=Test CA for example.net, CN=example.net
   Subject Public Key Info:



Jennings, et al.        Expires December 16, 2010              [Page 58]


Internet-Draft            SIP Secure Call Flows                June 2010


       Public Key Algorithm: rsaEncryption
       RSA Public Key: (2048 bit)
           Modulus (2048 bit):
               00:94:93:df:e0:aa:a6:8f:0a:f1:06:1b:2b:60:7f:
               91:87:9f:38:84:43:b3:f2:bc:ac:1c:bc:c9:e0:79:
               fa:ae:d1:9d:76:07:5d:fd:ce:da:e0:38:c2:6f:8c:
               b5:d2:4c:d6:00:84:fd:fa:1a:4d:5d:b5:0f:5e:e6:
               2f:3f:18:c8:31:f3:9c:8e:97:7e:ad:22:0c:32:28:
               39:71:b6:de:a5:18:43:13:d3:d5:62:20:b7:91:73:
               aa:fe:a0:4a:09:16:97:0a:5a:b5:06:1c:57:5e:07:
               40:da:5b:35:36:bd:4c:6f:8b:c1:a1:8e:4b:f1:ca:
               12:62:cf:6f:a3:14:ad:09:7b:47:8e:23:e5:2c:1f:
               6b:17:92:ab:77:e4:3a:db:32:de:5f:d8:dd:e7:65:
               7c:2a:f3:06:1e:40:67:db:f9:0e:5b:de:0c:98:70:
               86:6d:8b:4b:8b:0b:36:7b:12:83:37:0b:86:6b:f5:
               64:3f:4c:02:54:1c:a3:4d:30:25:7f:29:a0:22:5a:
               89:63:d8:d1:46:7c:c7:6f:b1:23:99:39:20:74:84:
               dc:07:f5:3c:bf:8a:61:57:c0:1a:81:57:5b:9e:81:
               d4:93:4c:16:12:59:e5:9e:d0:21:32:3c:99:af:82:
               82:2e:67:8d:ca:3b:28:ad:09:bc:b8:89:61:e1:66:
               7d:55
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Basic Constraints:
           CA:TRUE
       X509v3 Subject Key Identifier:
           6A:88:BB:F4:69:FC:51:92:B1:A0:CC:0E:0B:EA:21:44:67:17:88:50
       X509v3 Authority Key Identifier:
           38:AD:80:84:E2:E0:16:6B:93:9F:89:F8:46:51:67:2C:DA:8D:80:9C

       X509v3 Key Usage:
           Certificate Sign
       Signature Algorithm: sha1WithRSAEncryption
   81:84:69:18:f5:f6:22:46:52:4f:e1:e0:a3:1d:eb:d4:b6:50:
   6b:84:a2:06:6f:53:d9:5f:b5:4d:65:97:3a:15:c0:d3:37:0a:
   3d:ce:83:9f:c9:36:86:32:bf:ca:08:38:75:44:e1:39:b2:58:
   b9:4e:b2:f9:fc:bf:05:35:14:fa:2a:61:f1:fd:18:2b:a3:14:
   92:f1:6f:84:07:cf:09:8a:f8:2b:27:7f:75:34:46:48:5b:81:
   0c:09:a8:af:b9:9c:4f:b7:3b:50:1b:e0:90:7e:a3:54:7d:1c:
   32:91:b0:86:0e:83:d3:ee:26:b0:3f:67:00:b5:d1:21:02:7e:
   af:fe


   Robert's certificate was signed by the non-root CA in example.net:

Version: 3 (0x2)
Serial Number:
    49:02:11:01:84:01:61



Jennings, et al.        Expires December 16, 2010              [Page 59]


Internet-Draft            SIP Secure Call Flows                June 2010


Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=sipit,
         OU=Test CA for example.net,
         CN=example.net
Validity
    Not Before: Jun  7 22:13:10 2010 GMT
    Not After : May 14 22:13:10 2110 GMT
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=robert@example.net
Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
        Modulus (2048 bit):
            00:f6:3a:89:5e:4c:54:32:69:45:10:3d:36:5c:f7:
            8b:5e:28:cb:59:61:7c:0f:fa:17:7d:b5:f0:85:59:
            52:ee:16:7f:1e:6d:97:a2:ad:ed:3b:d6:37:be:4e:
            9c:d7:f1:e5:1f:af:f3:1b:1c:fa:56:ef:13:bf:53:
            44:fc:d0:b8:62:fa:53:1d:42:22:21:66:f0:22:79:
            fd:3b:51:9f:84:10:e2:1c:3e:f9:3c:75:86:97:e3:
            07:53:60:fa:fb:93:6c:2f:12:81:14:b5:4f:ba:36:
            c0:98:18:1f:d5:19:79:22:e7:80:d8:81:0f:16:82:
            46:0c:49:da:c6:d8:59:7d:64:e5:db:47:fa:41:62:
            99:ae:11:c3:ed:8b:cf:72:4c:b4:cb:93:f2:cc:7b:
            28:b8:22:a8:65:e4:c4:33:fe:dc:d1:ca:4f:38:63:
            04:a9:76:fc:0a:d3:29:d6:98:99:b6:9c:58:9c:06:
            55:36:f0:a5:fd:33:2f:65:31:4e:4b:ad:b2:46:1a:
            ec:80:63:b2:d5:8c:68:b1:7b:33:28:3d:8e:d2:c8:
            ff:a9:f6:b7:d4:83:74:ba:4c:26:46:3d:f5:5d:0d:
            47:c0:37:32:8a:66:93:f0:4b:b3:bf:61:24:81:af:
            0f:c2:77:34:19:bc:16:7f:df:41:9f:9c:ab:a8:f3:
            d9:f9
        Exponent: 65537 (0x10001)
X509v3 extensions:
    X509v3 Subject Alternative Name:
        URI:sip:robert@example.net, URI:im:robert@example.net,
           URI:pres:robert@example.net
    X509v3 Basic Constraints:
        CA:FALSE
    X509v3 Subject Key Identifier:
        F9:76:DF:A9:18:EC:27:21:1C:3F:25:0A:15:82:41:23:6F:32:0C:94
    X509v3 Authority Key Identifier:
        6A:88:BB:F4:69:FC:51:92:B1:A0:CC:0E:0B:EA:21:44:67:17:88:50

    X509v3 Key Usage:
        Digital Signature, Non Repudiation, Key Encipherment
    X509v3 Extended Key Usage:
        E-mail Protection, 1.3.6.1.5.5.7.3.20
    Signature Algorithm: sha1WithRSAEncryption
6c:77:f6:07:12:82:d5:ea:e2:de:7c:b5:16:aa:59:e5:8f:61:



Jennings, et al.        Expires December 16, 2010              [Page 60]


Internet-Draft            SIP Secure Call Flows                June 2010


0c:4c:37:f0:ca:08:83:d8:52:6c:b0:76:db:d4:e9:81:ac:c1:
78:98:fd:d3:30:41:5f:cc:73:2c:c1:8c:7a:c4:56:6e:39:6e:
18:21:04:b5:3b:c7:f6:10:64:5b:3f:c0:c9:56:91:55:c4:83:
5e:0c:0b:1b:03:af:42:b5:21:37:46:1b:43:a4:3e:05:b1:d9:
96:8f:0d:d4:fc:d5:27:8e:a0:64:01:e0:44:53:33:30:e9:d8:
9b:8a:80:35:c8:6e:95:a0:62:d3:a5:65:ab:b4:7e:55:91:62:
73:99:e9:9c:fa:85:8f:94:28:8c:24:f4:18:8e:df:3e:d8:75:
bd:c6:d0:0a:42:c8:24:ba:76:97:57:80:ac:2e:ba:ca:17:ef:
d8:3e:7b:4c:86:d9:e0:26:0e:a1:c9:6d:cf:f4:93:ba:d1:67:
ad:e2:f8:69:68:5f:de:25:b0:5d:69:1c:11:61:1c:79:f8:40:
5c:98:92:79:3f:0e:8a:a0:5f:ee:91:9b:70:3d:7d:d4:21:98:
21:96:92:36:d6:c8:40:25:a6:72:ef:6b:9e:11:62:10:74:ef:
f5:8b:4c:a6:ab:c8:e4:4e:32:fd:38:17:dc:e8:c5:6f:34:54:
23:cd:8f:fb


   Certificate for CA for example.net in PEM format:

   -----BEGIN CERTIFICATE-----
   MIIDTDCCArWgAwIBAgIHSQIRAYQBYDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
   dGhvcml0eTAgFw0xMDA2MDcyMjEzMDlaGA8yMTEwMDUxNDIyMTMwOVowfTELMAkG
   A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3Nl
   MQ4wDAYDVQQKEwVzaXBpdDEgMB4GA1UECxMXVGVzdCBDQSBmb3IgZXhhbXBsZS5u
   ZXQxFDASBgNVBAMTC2V4YW1wbGUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
   MIIBCgKCAQEAlJPf4KqmjwrxBhsrYH+Rh584hEOz8rysHLzJ4Hn6rtGddgdd/c7a
   4DjCb4y10kzWAIT9+hpNXbUPXuYvPxjIMfOcjpd+rSIMMig5cbbepRhDE9PVYiC3
   kXOq/qBKCRaXClq1BhxXXgdA2ls1Nr1Mb4vBoY5L8coSYs9voxStCXtHjiPlLB9r
   F5Krd+Q62zLeX9jd52V8KvMGHkBn2/kOW94MmHCGbYtLiws2exKDNwuGa/VkP0wC
   VByjTTAlfymgIlqJY9jRRnzHb7EjmTkgdITcB/U8v4phV8AagVdbnoHUk0wWElnl
   ntAhMjyZr4KCLmeNyjsorQm8uIlh4WZ9VQIDAQABo10wWzAMBgNVHRMEBTADAQH/
   MB0GA1UdDgQWBBRqiLv0afxRkrGgzA4L6iFEZxeIUDAfBgNVHSMEGDAWgBQ4rYCE
   4uAWa5OfifhGUWcs2o2AnDALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA
   gYRpGPX2IkZST+Hgox3r1LZQa4SiBm9T2V+1TWWXOhXA0zcKPc6Dn8k2hjK/ygg4
   dUThObJYuU6y+fy/BTUU+iph8f0YK6MUkvFvhAfPCYr4Kyd/dTRGSFuBDAmor7mc
   T7c7UBvgkH6jVH0cMpGwhg6D0+4msD9nALXRIQJ+r/4=
   -----END CERTIFICATE-----

   Private key for CA for example.net:











Jennings, et al.        Expires December 16, 2010              [Page 61]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEAlJPf4KqmjwrxBhsrYH+Rh584hEOz8rysHLzJ4Hn6rtGddgdd
   /c7a4DjCb4y10kzWAIT9+hpNXbUPXuYvPxjIMfOcjpd+rSIMMig5cbbepRhDE9PV
   YiC3kXOq/qBKCRaXClq1BhxXXgdA2ls1Nr1Mb4vBoY5L8coSYs9voxStCXtHjiPl
   LB9rF5Krd+Q62zLeX9jd52V8KvMGHkBn2/kOW94MmHCGbYtLiws2exKDNwuGa/Vk
   P0wCVByjTTAlfymgIlqJY9jRRnzHb7EjmTkgdITcB/U8v4phV8AagVdbnoHUk0wW
   ElnlntAhMjyZr4KCLmeNyjsorQm8uIlh4WZ9VQIDAQABAoIBAQCE3eSUNidyvdci
   ncNhrVMIVGOnLCBND1pe7JkfzBVYpo1IkngEVCq53yhJtyyV3y51EnlJYqITDaqs
   M+7GXzQQL4munl2jGFKNvBj6zw012IeLwKEO+rEOOsEMqWzrya7SjKFb0JZ0uMnP
   O0dQJ2KmUfWbsvPJSuq8QELWNNQ1KBPUXtgt/TTqdv2RmzOFcvFnGAn4HHFq1vGp
   yrQEEcKSydEwU3ldZ8uqIvTtGLjSBwyQzrdBPCsRqlNvvAO5E3jwNqVIP7Vm64qE
   BjO6XAqWLgI/iu++2vj29vYkwcRPs3MQ1joYH0olVfJJga6ZAqucOCzZoqTCZoDT
   DgiMYoc1AoGBAMUeoUEfl6OcfiGSI/iTVjW+QdNdYF6pWohQOhcl39lOpmgVWw2k
   3BHRkUtVKPJn4LhwkP4gnkHzeqiF14+tKVD/chSiRdVwMV3m5lieEiY2CBQ0tHa+
   pnpCNrywW4pbExdRN81xCjBObL9kpSqLZ20WD4tK1fFUjBGdHj1qHcNjAoGBAMD1
   U+0Z9wRi50AR6K9XDnSZNudiWgYnO0z2StntQVNCRTSi3PV+O/b1byRotMlZywpm
   4o/V0B0jg0n+WM9068QX0b1qTMtrJnTWInT62PWhZCfk8oJi81KhgNXLrCbw9J82
   leXkfaDyglGEVIuYlpLy252EaGPbL+Fyq+jhEMXnAoGBAJjDoij8OOK9VyrhPStZ
   1AgWiKErzpHOIbFeq4Zg/dhFkcU8N7KdP0g356hAOVmTk56c7mFkGgH2leqgv2xD
   wK9bKKhBEmnVZwzk80NeTaZ7XUt7hRg5rH83bYBSFL9m0abSdLKslj7VqIWzlCUi
   oGb0H9vNhXxgD6Ve5J6n7KUNAoGANG20OxU1//Qbn1X+Yj4GSHok5+PaUBeyziuR
   lPsZJ9U21qF15iJBis2PQFZO4PLL72ybHLfczz4J+z3nxZ6gPOy36X6LlS3tCgvw
   2tYZw0vx2cEkf3cBZC9LwUuQ4BfSb7w2KHvYArZB4IJTMoboSs9ACuGiN5ejv98X
   hLQ6iXsCgYADkbNdPjF8e8mwf7XmebDv+sjvUZ2M0H5dzM+QC96X25EQ58/EwASq
   i9LYO/dB3U5bfikFI3ZoLiNj9F+Moe7IaHFqMYqYNdNei/QBRa6GBLxAzP6kZ+N+
   MP8CcUDezwr2h5MiMdErjeI/GziIl6tqsSggZuW+DnU4JhOspJzMBQ==
   -----END RSA PRIVATE KEY-----

   Robert's certificate:






















Jennings, et al.        Expires December 16, 2010              [Page 62]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN CERTIFICATE-----
   MIIEMDCCAxigAwIBAgIHSQIRAYQBYTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
   BgNVBAoTBXNpcGl0MSAwHgYDVQQLExdUZXN0IENBIGZvciBleGFtcGxlLm5ldDEU
   MBIGA1UEAxMLZXhhbXBsZS5uZXQwIBcNMTAwNjA3MjIxMzEwWhgPMjExMDA1MTQy
   MjEzMTBaMGIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYD
   VQQHEwhTYW4gSm9zZTEOMAwGA1UEChMFc2lwaXQxGzAZBgNVBAMUEnJvYmVydEBl
   eGFtcGxlLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPY6iV5M
   VDJpRRA9Nlz3i14oy1lhfA/6F3218IVZUu4Wfx5tl6Kt7TvWN75OnNfx5R+v8xsc
   +lbvE79TRPzQuGL6Ux1CIiFm8CJ5/TtRn4QQ4hw++Tx1hpfjB1Ng+vuTbC8SgRS1
   T7o2wJgYH9UZeSLngNiBDxaCRgxJ2sbYWX1k5dtH+kFima4Rw+2Lz3JMtMuT8sx7
   KLgiqGXkxDP+3NHKTzhjBKl2/ArTKdaYmbacWJwGVTbwpf0zL2UxTkutskYa7IBj
   stWMaLF7Myg9jtLI/6n2t9SDdLpMJkY99V0NR8A3Mopmk/BLs79hJIGvD8J3NBm8
   Fn/fQZ+cq6jz2fkCAwEAAaOBzTCByjBRBgNVHREESjBIhhZzaXA6cm9iZXJ0QGV4
   YW1wbGUubmV0hhVpbTpyb2JlcnRAZXhhbXBsZS5uZXSGF3ByZXM6cm9iZXJ0QGV4
   YW1wbGUubmV0MAkGA1UdEwQCMAAwHQYDVR0OBBYEFPl236kY7CchHD8lChWCQSNv
   MgyUMB8GA1UdIwQYMBaAFGqIu/Rp/FGSsaDMDgvqIURnF4hQMAsGA1UdDwQEAwIF
   4DAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAxQwDQYJKoZIhvcNAQEFBQAD
   ggEBAGx39gcSgtXq4t58tRaqWeWPYQxMN/DKCIPYUmywdtvU6YGswXiY/dMwQV/M
   cyzBjHrEVm45bhghBLU7x/YQZFs/wMlWkVXEg14MCxsDr0K1ITdGG0OkPgWx2ZaP
   DdT81SeOoGQB4ERTMzDp2JuKgDXIbpWgYtOlZau0flWRYnOZ6Zz6hY+UKIwk9BiO
   3z7Ydb3G0ApCyCS6dpdXgKwuusoX79g+e0yG2eAmDqHJbc/0k7rRZ63i+GloX94l
   sF1pHBFhHHn4QFyYknk/DoqgX+6Rm3A9fdQhmCGWkjbWyEAlpnLva54RYhB07/WL
   TKaryOROMv04F9zoxW80VCPNj/s=
   -----END CERTIFICATE-----

   Robert's private key:
























Jennings, et al.        Expires December 16, 2010              [Page 63]


Internet-Draft            SIP Secure Call Flows                June 2010


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpQIBAAKCAQEA9jqJXkxUMmlFED02XPeLXijLWWF8D/oXfbXwhVlS7hZ/Hm2X
   oq3tO9Y3vk6c1/HlH6/zGxz6Vu8Tv1NE/NC4YvpTHUIiIWbwInn9O1GfhBDiHD75
   PHWGl+MHU2D6+5NsLxKBFLVPujbAmBgf1Rl5IueA2IEPFoJGDEnaxthZfWTl20f6
   QWKZrhHD7YvPcky0y5PyzHsouCKoZeTEM/7c0cpPOGMEqXb8CtMp1piZtpxYnAZV
   NvCl/TMvZTFOS62yRhrsgGOy1YxosXszKD2O0sj/qfa31IN0ukwmRj31XQ1HwDcy
   imaT8Euzv2Ekga8Pwnc0GbwWf99Bn5yrqPPZ+QIDAQABAoIBAB00MijCCtZzz+Iu
   MG10Ws5PLlcqjcljUzfwxVc7ke91MZyNSQfdcx6+uJvUvRuLsC5C8yWLGVIIRyJR
   IQSPSN9Ma2Ez/9JQYDjmmRdZBf9m9Tp+aZc3JUCMh8jm3r3J7XHj0vV+z7b5WXxw
   mA3xWIHATXLgU8bKqr44YD9nV63cdymmpIWoVwGaU7AO4FhRXnL7wAfrNWy2nl+6
   FGpFw/AifIucruXIhdXdD87rxZjMVE0CyEfjbvWLKi3PjMFFuvq4rl7tFEPzJJ1h
   WqZ/B21C8DfrdN14NBwKZMco9DEXtEq2eJbdyfp4tc4Ppw2sW6jyEE9b8y2E8AuI
   pIGvVyUCgYEA/8zi4v+06x40HX9cmrfPbZGgyqTIOrKikmQJvStP7kUjtcG5lFWX
   kQGak/lLBAFYKq0Vz0sMvaL1b3gyMACOZbq3bns8mMHn1QeDX3p6Kw9nV7OHzl2g
   ZDTw9XtjUXGK6IwAnKfwI3BKqnmU/X8gGgscs1wbvgeHxceKu0UzRhcCgYEA9mu8
   2wrY1lDZ4tHTXwr9obgEP9iMpgd5mFFYNPdJt5XCePyhx/vkCp+8M9oW3Q7zDva1
   l/r70rccypjsdXGsL0A114yQjUfdEufaYeUakeUYKdP+lFTDuYhnDZExzm/X9L7w
   87Q1y0q56+cQD0Dj0jPrxMT+wEwS7a7hGIaq+m8CgYEA7SKwVwX8X1bRs2LFo3yx
   I/80E4gtQxUlVxa8XI0RfW7FCxM7ikLKzpexCGq720uvw2hP5qrJdefjJeJEjHGH
   kNFGiXpfk7F2zOs5I8M0DEUsZYY+aNYtAZh+pOQtD2x1/N0FGDUrjn7kCSPLNjGq
   vdn9Ul0aLtFmUbiJaNBfFyMCgYEA7toXQKoO7A2KZNTFcQaSOcLIO6qHCheMwRt3
   yD858Pz0d5lIpzN9It8Z6ZinOLZY2lRASIQ6u1BKVAZOjLgWEebHSZsyMf9KRhz+
   DI2pZ2kMNt8JkHVpEdkpKnlmMZcvWEgL/ezbh6Vy+ToK0v4u1X0GNsBLvdD/N+ue
   u8ssx3kCgYEAt9BBcdkN3sB2Py9yOL+hri53/n/wVBK76nwscDZjc5QP/VYfQn9y
   JawOm56vXzi4jiWmi7A7WJpYAUahkralctik8+uig/fR3SNSQgweaUtj+Y+jNdx0
   aA9FJE2Z/xJeKyWuNcUdr+Lf5mKd05WFKER4ir6d9dRaO6gGcIhoMak=
   -----END RSA PRIVATE KEY-----


Appendix C.  Message Dumps

   This section contains a base64 encoded gzipped, compressed tar file
   of various CMS messages used in this document.  Saving the data in a
   file foo.tgz.b64 then running a command like "openssl base64 -d -in
   foo.tgz.b64 | tar xfz -" would recover the CMS messages and allow
   them to be used as test vectors.

   -- BEGIN MESSAGE ARCHIVE --
   H4sIAD1sDUwCA+ybCVgTV9fHCchiMAKCSxVKpC5VDMxMJgsgKBp2krCEJVHA
   kExIQrYmQSBYRcQFVKqiouCCK0pVUERwQRSKglrBDQoodcetShW0StU3qa0i
   BfF7X7CVj/s8PCF3Zk5uJvfc3/+cc4cjVuAUYoEYwYkVETZctlKr+xsAAEQY
   xmpeSUTCe6+aBsEwHguCMICHiESABGMBEIZJRC0soPUJWpRCyZarhxIuF7Al
   Hzivq+Nvvgv27etn0qgu/v7Obi5YhUBmHxklFkRKJyMxbLFMhNhIECXW38PH
   FrIBMOhAAdv+r3e2jKk+WNBO/Z8NZAPZgwQAAB3C5WwJh++osuO7weFeOC6Z
   RIBVOBKZTOQCMJGsPoUDAyAOxOH+OuYgl0nlSkcCQAIJGDSVHYNzlcqj2XKu
   wh5LUn8kQ2qPndjxuJwwaFe5VPzncZ4oiseLfXucIxU7OSjZEY52eDxCAIlq
   U1PZIhHOg2KPZQkD8FQVU0VTRUB0RgCeqeIKaUJmLJXiHEujRKioKipIVflG
   U4NcbNSX+SPf2GPJMAmP/fM+YdDOHA4iU9pjxVEipUDGlittFYIICcKdgFUi



Jennings, et al.        Expires December 16, 2010              [Page 64]


Internet-Draft            SIP Secure Call Flows                June 2010


   MUpbmYgtkEzAsmUykYDDVgqkEltZJEdBwml87P1+BVc2oY0ZtkiJyCXqQzMR
   9SdLJUpEosQxYmXI3z/LIVwaJeGy5bGOJNiOCCJQuB1IYhMhAs9BrLYuinBU
   8Nmgg0wuVUo5UpGj1d+HozHEVkbJEat3H+aNSCKUfPXNJ5IxaAwah2tvvf24
   3n3jNkfU80DBQ+Q4FwlHyhVIIuyx4QKJeqwak+6ISCQd+TGmPzBiBwlbjDj+
   sWjZyEiKd1dSBAqZVCHQXKM2oFSyOXyxut+Bz5ZwReqROMqRb6IEcvX94wlE
   SGdWPvgFgATUeb3+4xe4L3iGQelrZyagStVdxdooFNgf0NfTtR6ooz0cMHx3
   CgpMQGWqT1mnPgWIA2SgIdBfTyegn56pdoA/aAqYaN4YmP4xRQU8qVwiYIMm
   gJGmV9/UwJ8twXpKFQg4EBig6cKgTXXVM16gBMcBYzUdhqZYf817LANRKLFT
   EblSwNPcNgTrHKXkS+UCZay2voe2CSoRNf3d+DBvx4dC6Wr1S0Bp6eWsfmjJ
   rciXb9f/rfjZKmrtrJqnp7UA14uPDs03Sb5/UCflN3jQ2gE71/ifHNpwixcy
   LZOXmZrkb6H3oMXY/PJid5abR6v2xuDV+daox88x6DEqg1gLMOZYxTenAE9W
   GTcpPhyDbm2pCBscF4iLc9rE23EmbEoRlXXtatx968Yyd/9wz6rsr1ftxNyY
   mOnk62y+d1CoW/Zm+yrVqjvSHScwc2Nf6Yz0WT4Cg06rN/Euvx1me9xqbOVM
   ovlVDmkV8ujwnMZAt2llWSNmmqYJTYuGkiyOWKe7i7B3Bxw9RFtvCzod2ip9
   cOqmtqXN7kW2K5+Uhkwq/lntyMDQ4Rstnt7PUxlem/Iz0eVwR9MSh8OgtXpz
   EyMKBTsCwSlFCpwcUch6QgJ0wX8AJgHt+E+AQLCP/5+i/Yl0LKQeM92rPee9
   /T+S83g8l6z2HJIdAU+AYYJdJ5zHv6O6ogOs2xMAIviG3WyAC4MEmNwW9IoO
   SP9mVG+uAQEeTOISoTa8p1MCCEyGr4rJoMYyhbRIlprzdAonlu7mKaAG0cT0
   IJaYJWZCVLeAt7yH8QD5He/bwxHQYKD3LApt/L+H1H/X/k+Cwfb6H4Lxff7/
   ifV/px7ZWRTQA6tD51FA5+vFP75E/BMhQUfS+68lithWanfx+0ukSGQUjtOj
   WYCu4/+/8Z8IQn3+3wvifxAkE/AwwIPsELIdAHE68Xy7Hon/ESAcBiASsY2z
   U4UeMWpXBpjCQDGLwdI4O0hncPksYYSKKQ4UsIR8MQ3yFLOEzM8i/keIRBiC
   iHgul00Khwik7o3/21vvxvi/K9N98X93x/8zPhT/Tzt3aE9J0swpLpVpRtkN
   dXkBtpjI2kXxoU4mW5vNWnI8m3YP9SuCVh30+EHQsj+/P9ZJetU+6KX2wsup
   tGtm8w6qLoXpz7EpGYOdNwpbGOu0Tw+DtrBcpDh0s3zf1cv7AlAxaZil95N8
   mNNsoDlBc8XFRc359rT6vbNLhmotK7K8oO+x63D8hdxSez1rv3HKPbrPfq42
   zUkyLMTfF2Kuy80sxnwFAmnWj89h5167wYRjzuXyUHHxjlVPzz7PuuU1/4Ll
   y8VfmRFKiVR+TrpWcSBLx9ycvv6E82iwufQIx8xlDXtcCV83q8y45PiJnS91
   lsourFm0JCxxXM3YAUfWKx4dOGI+CZ/R0Zzs9cH/W/6/YT8i4chjZUqE280K
   oCv+Q3hSO/4TIZjQx/9ewH8ekc2GyPhwIhIOETkQu2P+Q0CP8J/IIZO5HIjQ
   Nv/P4MRSxX58mlsAyBR74JmQn4BOoUbTKb4wlaJWBhQOTGU4qwOCiLf8V09L
   4J/i//+AtI8iWlfQ1dhyeLM6KNWnOCKSmYhIKkO4OPUSwX6fxOK/KwkCEf+G
   mtq275Cok5mgjVV3mWujtNR0TFPTMVX97z9LR3YHUByu6/n9M68m0kSsW0rO
   0PjlHnkb4sKoxxlTgwtG8Ta13ImccSD/pyt3vUZkK4d41zX8lLWlH6u4SMJ8
   MFY58Wl83rqm3NLo+9RfaYLfpauDd8wmhGV7m+Two2jECm7ziZtmqqYIq9UV
   d5pe5d5ZnHHgC7/F9mnxp5Y6uH7nVKN8EVxsPRMWHh3CCHxVpLuDfj/baJ5k
   Un5VkuX2OXxnY0p2kyVjdeHJfc4YdA3rGHSgdtYDeULCvgbwIHLioouhdQJ5
   ++bt5ilO5k5NLZW+P+j53vS7tEr39fn4ZRdKwr6QXy88m+mxcW5ycOvetFUV
   lHgfqslyzpzn8pJbK4faBQSH6acmF9qyzgKz2ggZwEKv/4wF7ihEpx9Ku59x
   yqU6x/WPQtZt3yh3lS24kBvvE/FqzcWvPW2+T02J+v7Ezf6tT+5du4Bdqu2e
   GOY3/GF+RWrKYuuBuB9pQUVfHFf/ovqrd54EpXvMrKtkd9IPzorHoM9k3Ksh
   7wnSqdkfp3Am6E7dZtT78fuv4n9P7QDoOv6H28f/AL6v/t8b+I+Q2DCZQ+LA
   EBHksUmdZf7IPcJ/LlGt4vGEtvE/TeiiZr0zgaZyUbEYNCGV4Ruj1gCRTJVI
   SHfzi6RCnkKaylVED/o84n8Sl8Ml8gAYhDhkAhuGuif+J0F/1v/bWe/O+n8X
   pv+98X/1+/H/SXVXqSb+10iXN/G1rlb7DMBm9Ukb/gUZgDYj7MsBdJgDaD8v
   e3sOoC3/NR72VxKgO4VAF/zHk6D2+/+IRFJf/a838B8AOGqHAkl2djCJiCd2
   sv8PAnuE/zAEEgkIzG3DfyaDK6JRaAKaZr8fI4LAEnoAdAoHT2cwo1nCSPVf
   hKbwJ2JRnN/ynwDDdv9a/oPccJAMc/Bqz4F5MKdb+A/CBPBPAdDOfI8lDHo6



Jennings, et al.        Expires December 16, 2010              [Page 65]


Internet-Draft            SIP Secure Call Flows                June 2010


   z/FZ5CBCOoCytCxsXYXJurDw5vATN76XY9C3Zi3Y5/tyyBXUpsn5I8+Fv+Y3
   icXsoFNFizJCrwWef+ky+aH5t1OWx/mX6agS95dZv6hbXe8RHhfTyva+YpSm
   mH7kfE7MrZYDVz0q4d3jQxrvGkvTC680xAdWZs3/cgrxRQgHtbcfCA9It796
   9yhbWp1yJ4vgmFA9QfvU7pkFgyh08NFPo3/SOdVgQvpxRdJSn0PPKRnpWCbq
   wdpDricFhmk/rMmuPTnC8DRi2JA40oyEmKaeDUwIClhjtNT3rF7V7ZfFolRr
   TmPh1vqQiZnlA76r2zM4etTog6gHC7cbkw7CZne2Ju966nGsyKBkSIn9sjOr
   z2CLh30oB6FNSrYp2pS5UoZBXyu/nMJzifd5EZrwzCLVS7TwticGbSU+Y30l
   teT05v1TC+dEip03nE/ReZ6jsylnjPX0EyvoliUioyVaw3S2jMjPY2DQgxT3
   sxPvNjlOtuYOYjYMNr6rl1NZE+r33/lBn1r93/erflitsrKgzIzaAbm4wjkN
   hhvPlsXcZQYeIz8e4zqvYVDWeIuD1+Jk27y+2zYscOL+xy4Hz/82cczF22e9
   vn164bpWcPPl2joM2ru8bIw0cpvFyu8nNBntGTPY4ujKK7dvD9tctkWHXRo6
   /9v7Nla7zH4hPhpWaCB1qJ6RgXmwduLWo8zV9/KTtm08EyFcgz2bcuZ007xv
   ng+doVsHnDoK2TVZVOcOzpqkqySHF5zetSDeMkjrIT3U+mHjKyhQ++VZ8Yz8
   JGHVad7rwL1zaqL8w2ZtTXZd1H/hyv2HWbZO1XUR9QXuGPQVerEeN/KG1+rL
   dYbVZl8XlTesvWuDEpZ63lL4m/7qnFdTVbl+/yDH1I4m5v9ZrvZs5ecj6z9/
   2/9FAKG+/Z+9Yv+HHVlT/SFxySCeDIDhneR/iD2j/0iIHZH4Xv2HRonAs9w8
   hVS3QD4VYsJUoeb5jwCYRWHG0il8EZ3CiqS5BYroQQF99Z//T/WfjrTXZENw
   ouOQkrzjyvItBjJp6+URk+VbDieqZ+ap3VmhqXbES5hx5bW5EY5Ri05OgzDo
   dAaK+WtTjj4SSfAelVs1Pmjp1bWWjPMuszzimBXXx7xeGvv7br2IUnCg7eud
   Q5eMyo5NOCB5sHD0vsZ+i7auaJ2/e92YzefvOD6V1/+IffTDY0MjDFqbf9ev
   wEbg0Fj1cMq6DCej/DqHuLFXLS/ObMCgvY57U3zv6Oq2/oQRbCsc7mugNfW6
   y72lazJnK/ydqafPRXu3zs0e09KcIKloXhw63ZTSXH09KOmAyZUZW5OPR7uv
   yS5OeDF9YPDJHRHuG/qn+drsN87LmBQeXUNnH7uZLQu2ou0fJYn3/pD8ssrT
   i6HNrsxYW25gmzpfPD3e5/RjqxHHfvtlgfA0ssRg1tGRyf6OZSsefnUj+V71
   z3lW9lrPV3uHLY6iz7Z6Vp18wTTwYXFB7ShI/KvhncpZv5stO1r3JLQf+Uz1
   rfXSHEpxJgZtP72vAtTD7W3lBxfNZytxEVIl7s161o1KoKv93yBAaMN/gib/
   QwJIffz/FK1bEvp9bvT5+3+PPf3xMfVfUjv/16SE+/y/F+h/jh1MYofjeTDC
   JsPq+9KJ/od7RP9DAI/NJfyRrXmr/xnUWJYbTa3v/SLpmhywGxNkBVEBKsUD
   YrkFilmUKXwWwzeaGeTxWdR/uQCHwOOBXA6XQ+bBeLB767/trXdj/bcr030Z
   tU+eUet7BvzNM+Dtp2avLgH3bOX3Y+u/QDv+EwiEvue/egP/CTDAUf/ahHAA
   IeIJQGf5P1LPPP/F5v6RF3/v+S++mM4QialBgWImxOLTVM4xTDFLxFTRxHSK
   C8QMovGp4gCYJYz4LOq/PDsQTyCBCJ4NgXZEPLeb67/tzffVfz91DlLLJ/ZJ
   4jUMmrPhxuNXC8PmTg2QTKtwXZ77erBMZ4n+g8AQ+vMlVknrjB7ObZ3OaQrd
   ULfrzKXHAT/2k5amWwaWNbcayKj6sYx5OacMorw8x9sGyrIy8/i2VZWTost3
   XM5rnOskHz8o8nZtwVfJeyeNrXZ/NMGMkHw+0arV+YDlV3aX06fM+PFpmLnM
   Crug9IHT8kvhMbxNKMeaPV+ma5F3DRzpUeKZvrE4ZJfPk1y7rWZJ25/UPbia
   WFVgrXXs2PiDLx42qHJfnam13GJZcERwYX1ipIo02LveQBzw2zPyqEkLW3jX
   54QZJRZ96THkCni02HK2k/6e7DS/x/cWwyEsfXm9e+GrS85mxA8lIOkOwcJf
   9F8fSWzWObVmnyUS77PIpLRUVjXttnuLz9jjJY9bQEe3g61Ot7PvN0w3mZw1
   njXrtdSYxz9em5JLXLluxjJAGI9Bn8D6NF3XOUDJy6vNZmQ9HPTtc6px4OUV
   ZyeWrytp+u+8oE+r9rBWHe2zWX/Q774Gh19Wbgs+TQh2jb1ysaCRUPProHm7
   VqYfMztXkP5iTYzfoZT67WZRZ0ckDte+0nxb1TJv3KXNQy/f9Z/5yCrl1cwz
   CTv3t4aMYC8L/XJE5ej6USk7ro3z3Nl4ZLitjqG9eUZG6sbbsaOjDzDuOy69
   qCO4lOk30pzyVOGU4KPWg668+ZuOJSeXOhlrNz9P4RyY57iv5OtbtVortpnm
   D5uFujg3ZIJFfUF9pXFoXOPvXtzrWitzudszLDIONW6uxeVYnZzeb0a593FR
   +i2SaEiFlr3LsHlBYdBQ62GMvEkbm25S/tO+HdowCAUAFPwkDTPUVdWTkOCa
   4GpwoBgBFmAJJEHACF2lMEJF2QGD6ALdgLsZnn1Zst7L4Za+o+5z9Nszf81T
   3Y6Xb7w/lmtRNf+6PMOvCAAAAAAAAAAAAITwAw72f2oAeAAA



Jennings, et al.        Expires December 16, 2010              [Page 66]


Internet-Draft            SIP Secure Call Flows                June 2010


   -- END MESSAGE ARCHIVE --


Authors' Addresses

   Cullen Jennings
   Cisco Systems
   170 West Tasman Drive
   Mailstop SJC-21/2
   San Jose, CA  95134
   USA

   Phone: +1 408 421 9990
   Email: fluffy@cisco.com


   Kumiko Ono
   Columbia University

   Email: kumiko@cs.columbia.edu


   Robert Sparks
   Tekelec
   17210 Campbell Road
   Suite 250
   Dallas, TX  75252
   USA

   Email: rjsparks@estacado.net


   Brian Hibbard (editor)
   Tekelec
   17210 Campbell Road
   Suite 250
   Dallas, TX  75252
   USA

   Email: brian@estacado.net











Jennings, et al.        Expires December 16, 2010              [Page 67]