[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-ietf-sip-sec-flows) 00 01 02 03 04 05 06 07 08 09 RFC 6216

Network Working Group                                        C. Jennings
Internet-Draft                                             Cisco Systems
Intended status: Standards Track                                  K. Ono
Expires: November 5, 2009                                NTT Corporation
                                                               R. Sparks
                                                         B. Hibbard, Ed.
                                                                 Tekelec
                                                             May 4, 2009


  Example call flows using Session Initiation Protocol (SIP) security
                               mechanisms
                    draft-ietf-sipcore-sec-flows-00

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.  This document may contain material
   from IETF Documents or IETF Contributions published or made publicly
   available before November 10, 2008.  The person(s) controlling the
   copyright in some of this material may not have granted the IETF
   Trust the right to allow modifications of such material outside the
   IETF Standards Process.  Without obtaining an adequate license from
   the person(s) controlling the copyright in such materials, this
   document may not be modified outside the IETF Standards Process, and
   derivative works of it may not be created outside the IETF Standards
   Process, except to format it for publication as an RFC or to
   translate it into languages other than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on November 5, 2009.

Copyright Notice



Jennings, et al.        Expires November 5, 2009                [Page 1]

Internet-Draft            SIP Secure Call Flows                 May 2009


   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   This document shows example call flows demonstrating the use of
   Transport Layer Security (TLS), and Secure/Multipurpose Internet Mail
   Extensions (S/MIME) in Session Initiation Protocol (SIP).  It also
   provides information that helps implementers build interoperable SIP
   software.  To help facilitate interoperability testing, it includes
   certificates used in the example call flows and processes to create
   certificates for testing.

































Jennings, et al.        Expires November 5, 2009                [Page 2]

Internet-Draft            SIP Secure Call Flows                 May 2009


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Conventions  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Security Considerations  . . . . . . . . . . . . . . . . . . .  5
   4.  Certificates . . . . . . . . . . . . . . . . . . . . . . . . .  5
     4.1.  CA Certificates  . . . . . . . . . . . . . . . . . . . . .  5
     4.2.  Host Certificates  . . . . . . . . . . . . . . . . . . . .  9
     4.3.  User Certificates  . . . . . . . . . . . . . . . . . . . . 10
   5.  Callflow with Message Over TLS . . . . . . . . . . . . . . . . 12
     5.1.  TLS with Server Authentication . . . . . . . . . . . . . . 12
     5.2.  MESSAGE Message Over TLS . . . . . . . . . . . . . . . . . 14
   6.  Callflow with S/MIME-secured Message . . . . . . . . . . . . . 15
     6.1.  MESSAGE Message with Signed Body . . . . . . . . . . . . . 15
     6.2.  MESSAGE Message with Encrypted Body  . . . . . . . . . . . 20
     6.3.  MESSAGE Message with Encrypted and Signed Body . . . . . . 22
   7.  Observed Interoperability Issues . . . . . . . . . . . . . . . 27
   8.  Additional Test Scenarios  . . . . . . . . . . . . . . . . . . 28
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 29
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 30
   11. Changelog  . . . . . . . . . . . . . . . . . . . . . . . . . . 30
   12. Known Problems with this version . . . . . . . . . . . . . . . 30
   13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31
     13.1. Normative References . . . . . . . . . . . . . . . . . . . 31
     13.2. Informative References . . . . . . . . . . . . . . . . . . 32
   Appendix A.  Making Test Certificates  . . . . . . . . . . . . . . 32
     A.1.  makeCA script  . . . . . . . . . . . . . . . . . . . . . . 34
     A.2.  makeCert script  . . . . . . . . . . . . . . . . . . . . . 37
   Appendix B.  Certificates for Testing  . . . . . . . . . . . . . . 39
     B.1.  Certificates Using EKU . . . . . . . . . . . . . . . . . . 39
     B.2.  Certificates NOT Using EKU . . . . . . . . . . . . . . . . 47
   Appendix C.  Message Dumps . . . . . . . . . . . . . . . . . . . . 56
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 59


















Jennings, et al.        Expires November 5, 2009                [Page 3]

Internet-Draft            SIP Secure Call Flows                 May 2009


1.  Introduction

   This document is informational and is not normative on any aspect of
   SIP.

   SIP with TLS[4] implementations are becoming very common.  Several
   implementations of the S/MIME[7] portion of SIP[2] are also becoming
   available.  After several interoperability events, it is clear that
   it is difficult to write these systems without any test vectors or
   examples of "known good" messages to test against.  Furthermore,
   testing at the events is often hampered by trying to get certificates
   signed by some common test root into the appropriate format for
   various clients.  This document addresses both of these issues by
   providing messages that give detailed examples that implementers can
   use for comparison and that can also be used for testing.  In
   addition, this document provides a common certificate that can be
   used for a Certificate Authority (CA) to reduce the time it takes to
   set up a test at an interoperability event.  The document also
   provides some hints and clarifications for implementers.

   A simple SIP call flow using SIPS URIs and TLS is shown in Section 5.
   The certificates for the hosts used are shown in Section 4.2, and the
   CA certificates used to sign these are shown in Section 4.1.

   The text from Section 6.1 through Section 6.3 shows some simple SIP
   call flows using S/MIME to sign and encrypt the body of the message.
   The user certificates used in these examples are shown in
   Section 4.3.  These host certificates are signed with the same CA
   certificate.

   Section 7 presents a partial list of things implementers should
   consider in order to implement systems that will interoperate.

   A way to make certificates that can be used for interoperability
   testing is presented in Appendix A, along with methods for converting
   these to various formats.  The certificates used while creating the
   examples and test messages in this document are made available in
   Appendix B.

   Binary copies of various messages in this draft that can be used for
   testing appear in Appendix C.


2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [1].



Jennings, et al.        Expires November 5, 2009                [Page 4]

Internet-Draft            SIP Secure Call Flows                 May 2009


3.  Security Considerations

   Implementers must never use any of the certificates provided in this
   document in anything but a test environment.  Installing the CA root
   certificates used in this document as a trusted root in operational
   software would completely destroy the security of the system while
   giving the user the impression that the system was operating
   securely.

   This document recommends some things that implementers might test or
   verify to improve the security of their implementations.  It is
   impossible to make a comprehensive list of these, and this document
   only suggests some of the most common mistakes that have been seen at
   the SIPit interoperability events.  Just because an implementation
   does everything this document recommends does not make it secure.

   This document does not show the messages needed to check Certificate
   Revocation Lists (see [3]) as that is not part of the SIP call flow.


4.  Certificates

4.1.  CA Certificates

   The certificate used by the CA to sign the other certificates is
   shown below.  This is a X509v3 certificate.  Note that the basic
   constraints allow it to be used as a CA.
























Jennings, et al.        Expires November 5, 2009                [Page 5]

Internet-Draft            SIP Secure Call Flows                 May 2009


   Version: 3 (0x2)
   Serial Number: 0 (0x0)
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
           OU=Sipit Test Certificate Authority
   Validity
       Not Before: Jul 18 12:21:52 2003 GMT
       Not After : Jul 15 12:21:52 2013 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit,
           OU=Sipit Test Certificate Authority
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
       RSA Public Key: (1024 bit)
           Modulus (1024 bit):
               00:c3:22:1e:83:91:c5:03:2c:3c:8a:f4:11:14:c6:
               4b:9d:fa:72:78:c6:b0:95:18:a7:e0:8c:79:ba:5d:
               a4:ae:1e:21:2d:9d:f1:0b:1c:cf:bd:5b:29:b3:90:
               13:73:66:92:6e:df:4c:b3:b3:1c:1f:2a:82:0a:ba:
               07:4d:52:b0:f8:37:7b:e2:0a:27:30:70:dd:f9:2e:
               03:ff:2a:76:cd:df:87:1a:bd:71:eb:e1:99:6a:c4:
               7f:8e:74:a0:77:85:04:e9:41:ad:fc:03:b6:17:75:
               aa:33:ea:0a:16:d9:fb:79:32:2e:f8:cf:4d:c6:34:
               a3:ff:1b:d0:68:28:e1:9d:e5
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Subject Key Identifier:
           6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
       X509v3 Authority Key Identifier:
           6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
           DirName:/C=US/ST=California/L=San Jose/O=sipit/
           OU=Sipit Test Certificate Authority
           serial:00

       X509v3 Basic Constraints:
           CA:TRUE
       Signature Algorithm: sha1WithRSAEncryption
   96:6d:1b:ef:d5:91:93:45:7c:5b:1f:cf:c4:aa:47:52:0b:34:
   a8:50:fa:ec:fa:b4:2a:47:4c:5d:41:a7:3d:c0:d6:3f:9e:56:
   5b:91:1d:ce:a8:07:b3:1b:a4:9f:9a:49:6f:7f:e0:ce:83:94:
   71:42:af:fe:63:a2:34:dc:b4:5e:a5:ce:ca:79:50:e9:6a:99:
   4c:14:69:e9:7c:ab:22:6c:44:cc:8a:9c:33:6b:23:50:42:05:
   1f:e1:c2:81:88:5f:ba:e5:47:bb:85:9b:83:25:ad:84:32:ff:
   2a:5b:8b:70:12:11:83:61:c9:69:15:4f:58:a3:3c:92:d4:e8:
   6f:52


   The ASN.1 parse of the CA certificate is shown below.




Jennings, et al.        Expires November 5, 2009                [Page 6]

Internet-Draft            SIP Secure Call Flows                 May 2009


  0:l= 804 cons: SEQUENCE
  4:l= 653 cons:  SEQUENCE
  8:l=   3 cons:   cont [ 0 ]
 10:l=   1 prim:    INTEGER           :02
 13:l=   1 prim:   INTEGER           :00
 16:l=  13 cons:   SEQUENCE
 18:l=   9 prim:    OBJECT            :sha1WithRSAEncryption
 29:l=   0 prim:    NULL
 31:l= 112 cons:   SEQUENCE
 33:l=  11 cons:    SET
 35:l=   9 cons:     SEQUENCE
 37:l=   3 prim:      OBJECT            :countryName
 42:l=   2 prim:      PRINTABLESTRING   :US
 46:l=  19 cons:    SET
 48:l=  17 cons:     SEQUENCE
 50:l=   3 prim:      OBJECT            :stateOrProvinceName
 55:l=  10 prim:      PRINTABLESTRING   :California
 67:l=  17 cons:    SET
 69:l=  15 cons:     SEQUENCE
 71:l=   3 prim:      OBJECT            :localityName
 76:l=   8 prim:      PRINTABLESTRING   :San Jose
 86:l=  14 cons:    SET
 88:l=  12 cons:     SEQUENCE
 90:l=   3 prim:      OBJECT            :organizationName
 95:l=   5 prim:      PRINTABLESTRING   :sipit
102:l=  41 cons:    SET
104:l=  39 cons:     SEQUENCE
106:l=   3 prim:      OBJECT            :organizationalUnitName
111:l=  32 prim:      PRINTABLESTRING  :Sipit Test Certificate Authority
145:l=  30 cons:   SEQUENCE
147:l=  13 prim:    UTCTIME           :030718122152Z
162:l=  13 prim:    UTCTIME           :130715122152Z
177:l= 112 cons:   SEQUENCE
179:l=  11 cons:    SET
181:l=   9 cons:     SEQUENCE
183:l=   3 prim:      OBJECT            :countryName
188:l=   2 prim:      PRINTABLESTRING   :US
192:l=  19 cons:    SET
194:l=  17 cons:     SEQUENCE
196:l=   3 prim:      OBJECT            :stateOrProvinceName
201:l=  10 prim:      PRINTABLESTRING   :California
213:l=  17 cons:    SET
215:l=  15 cons:     SEQUENCE
217:l=   3 prim:      OBJECT            :localityName
222:l=   8 prim:      PRINTABLESTRING   :San Jose
232:l=  14 cons:    SET
234:l=  12 cons:     SEQUENCE
236:l=   3 prim:      OBJECT            :organizationName



Jennings, et al.        Expires November 5, 2009                [Page 7]

Internet-Draft            SIP Secure Call Flows                 May 2009


241:l=   5 prim:      PRINTABLESTRING   :sipit
248:l=  41 cons:    SET
250:l=  39 cons:     SEQUENCE
252:l=   3 prim:      OBJECT            :organizationalUnitName
257:l=  32 prim:      PRINTABLESTRING  :Sipit Test Certificate Authority
291:l= 159 cons:   SEQUENCE
294:l=  13 cons:    SEQUENCE
296:l=   9 prim:     OBJECT            :rsaEncryption
307:l=   0 prim:     NULL
309:l= 141 prim:    BIT STRING
  00 30 81 89 02 81 81 00-c3 22 1e 83 91 c5 03 2c   .0.......".....,
  3c 8a f4 11 14 c6 4b 9d-fa 72 78 c6 b0 95 18 a7   <.....K..rx.....
  e0 8c 79 ba 5d a4 ae 1e-21 2d 9d f1 0b 1c cf bd   ..y.]...!-......
  5b 29 b3 90 13 73 66 92-6e df 4c b3 b3 1c 1f 2a   [)...sf.n.L....*
  82 0a ba 07 4d 52 b0 f8-37 7b e2 0a 27 30 70 dd   ....MR..7{..'0p.
  f9 2e 03 ff 2a 76 cd df-87 1a bd 71 eb e1 99 6a   ....*v.....q...j
  c4 7f 8e 74 a0 77 85 04-e9 41 ad fc 03 b6 17 75   ...t.w...A.....u
  aa 33 ea 0a 16 d9 fb 79-32 2e f8 cf 4d c6 34 a3   .3.....y2...M.4.
  ff 1b d0 68 28 e1 9d e5-02 03 01 00 01            ...h(........
453:l= 205 cons:   cont [ 3 ]
456:l= 202 cons:    SEQUENCE
459:l=  29 cons:     SEQUENCE
461:l=   3 prim:      OBJECT            :X509v3 Subject Key Identifier
466:l=  22 prim:      OCTET STRING
  04 14 6b 46 17 14 ea 94-76 25 80 54 6e 13 54 da   ..kF....v%.Tn.T.
  a1 e3 54 14 a1 b6                                 ..T...
490:l= 154 cons:     SEQUENCE
493:l=   3 prim:      OBJECT            :X509v3 Authority Key Identifier
498:l= 146 prim:      OCTET STRING
  30 81 8f 80 14 6b 46 17-14 ea 94 76 25 80 54 6e   0....kF....v%.Tn
  13 54 da a1 e3 54 14 a1-b6 a1 74 a4 72 30 70 31   .T...T....t.r0p1
  0b 30 09 06 03 55 04 06-13 02 55 53 31 13 30 11   .0...U....US1.0.
  06 03 55 04 08 13 0a 43-61 6c 69 66 6f 72 6e 69   ..U....Californi
  61 31 11 30 0f 06 03 55-04 07 13 08 53 61 6e 20   a1.0...U....San
  4a 6f 73 65 31 0e 30 0c-06 03 55 04 0a 13 05 73   Jose1.0...U....s
  69 70 69 74 31 29 30 27-06 03 55 04 0b 13 20 53   ipit1)0'..U... S
  69 70 69 74 20 54 65 73-74 20 43 65 72 74 69 66   ipit Test Certif
  69 63 61 74 65 20 41 75-74 68 6f 72 69 74 79 82   icate Authority.
  01                                                .
    0092 - <SPACES/NULS>
647:l=  12 cons:     SEQUENCE
649:l=   3 prim:      OBJECT            :X509v3 Basic Constraints
654:l=   5 prim:      OCTET STRING
  30 03 01 01 ff                                    0....
661:l=  13 cons:  SEQUENCE
663:l=   9 prim:   OBJECT            :sha1WithRSAEncryption
674:l=   0 prim:   NULL
676:l= 129 prim:  BIT STRING



Jennings, et al.        Expires November 5, 2009                [Page 8]

Internet-Draft            SIP Secure Call Flows                 May 2009


  00 96 6d 1b ef d5 91 93-45 7c 5b 1f cf c4 aa 47   ..m.....E|[....G
  52 0b 34 a8 50 fa ec fa-b4 2a 47 4c 5d 41 a7 3d   R.4.P....*GL]A.=
  c0 d6 3f 9e 56 5b 91 1d-ce a8 07 b3 1b a4 9f 9a   ..?.V[..........
  49 6f 7f e0 ce 83 94 71-42 af fe 63 a2 34 dc b4   Io.....qB..c.4..
  5e a5 ce ca 79 50 e9 6a-99 4c 14 69 e9 7c ab 22   ^...yP.j.L.i.|."
  6c 44 cc 8a 9c 33 6b 23-50 42 05 1f e1 c2 81 88   lD...3k#PB......
  5f ba e5 47 bb 85 9b 83-25 ad 84 32 ff 2a 5b 8b   _..G....%..2.*[.
  70 12 11 83 61 c9 69 15-4f 58 a3 3c 92 d4 e8 6f   p...a.i.OX.<...o
  52                                                R


4.2.  Host Certificates

   The certificate for the host example.com is shown below.  Note that
   the Subject Alternative Name is set to example.com and is a DNS type.
   The certificates for the other hosts are shown in Appendix B.

   Version: 3 (0x2)
   Serial Number:
       01:52:01:54:01:90:00:43
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
            OU=Sipit Test Certificate Authority
   Validity
       Not Before: Apr 28 22:12:00 2009 GMT
       Not After : Apr 27 22:12:00 2012 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit, CN=example.com
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
       RSA Public Key: (2048 bit)
           Modulus (2048 bit):
               00:c7:60:09:2c:e2:0b:a6:8d:2c:8f:86:eb:47:72:
               4d:dc:20:a5:48:69:9c:c6:79:73:3a:65:e4:74:b6:
               80:99:4f:6e:a4:1b:1b:6f:5c:91:29:7c:11:a1:bd:
               ad:25:c6:42:a3:96:bb:d8:c8:11:d8:2a:bc:39:5f:
               e3:5f:9a:54:f5:0c:77:44:c6:f0:ee:a7:73:85:d0:
               d1:d7:34:96:d8:24:83:fe:1d:a7:5e:94:6a:a6:79:
               e6:8b:d6:96:06:31:8d:da:4d:f1:72:c0:a2:9c:48:
               c9:d2:1f:80:27:60:52:b8:12:cc:43:7c:e7:66:ac:
               b7:6e:07:bc:e7:d5:0f:fa:41:b3:37:4f:16:33:71:
               fc:6d:73:17:b5:65:8b:65:03:34:83:8e:98:7d:8b:
               a3:36:f1:a7:37:94:65:af:dd:13:29:f8:1b:c2:8b:
               fa:05:03:6b:4b:26:ae:a9:93:ab:5d:0c:f3:08:84:
               9e:16:c0:13:fa:da:8f:1c:b6:69:95:04:6d:c8:cf:
               c0:12:8f:fd:27:2a:cb:16:16:fd:c2:fa:94:fe:e8:
               78:40:e4:5a:ac:a7:ef:d7:17:7d:e8:f8:86:8c:16:
               35:ff:3e:32:fd:43:1c:c1:20:08:2c:aa:56:a6:17:
               4f:bc:74:b0:5d:57:ba:a5:19:b4:20:46:dd:36:3d:



Jennings, et al.        Expires November 5, 2009                [Page 9]

Internet-Draft            SIP Secure Call Flows                 May 2009


               15:b3
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Subject Alternative Name:
           DNS:com, URI:sip:example.com
       X509v3 Basic Constraints:
           CA:FALSE
       X509v3 Subject Key Identifier:
           28:CC:9B:2B:4F:7C:43:5C:9D:AD:96:8B:73:A2:4F:58:5D:30:D4:04
       X509v3 Authority Key Identifier:
           6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
           DirName:/C=US/ST=California/L=San Jose/O=sipit/
            OU=Sipit Test Certificate Authority
           serial:00

       X509v3 Key Usage:
           Digital Signature, Non Repudiation, Key Encipherment
       X509v3 Extended Key Usage:
           TLS Web Server Authentication, 1.3.6.1.5.5.7.3.20
       Signature Algorithm: sha1WithRSAEncryption
   1f:b7:c2:84:43:90:d2:06:81:47:48:e7:14:39:5a:ad:a0:53:
   36:fb:6f:d7:e1:bf:b1:65:98:fd:a6:c5:e0:5a:b7:5f:90:08:
   ab:d4:85:2a:d1:57:f2:0e:c1:26:43:de:e1:26:1e:ef:90:95:
   94:6e:74:45:36:01:41:ce:43:c2:91:54:dd:35:a8:6e:57:3b:
   b2:34:71:aa:d4:ea:34:aa:8c:8e:dd:e1:a4:2c:05:45:fb:b8:
   38:0c:7b:1f:4f:d7:3c:d7:68:7c:57:57:6d:13:c6:3f:44:dd:
   fd:6b:fb:65:96:9b:87:92:95:10:af:e7:47:cd:72:6c:6e:d7:
   60:f5


4.3.  User Certificates

   The user certificate for fluffy@example.com is shown below.  Note
   that the Subject Alternative Name has a list of names with different
   URL types such as a sip, im, or pres URL.  This is necessary for
   interoperating with CPIM gateway.  In this example, example.com is
   the domain for fluffy.  The message could be coming from a host
   called atlanta.example.com, and the AOR in the user certificate would
   still be the same.  The others are shown in Appendix B.1.  These
   certificates make use of the EKU extension discussed in [12].  Note
   that the SIP OID introduced in [12] is 1.3.6.1.5.5.7.3.20

   Version: 3 (0x2)
   Serial Number:
       01:52:01:54:01:90:00:47
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
            OU=Sipit Test Certificate Authority



Jennings, et al.        Expires November 5, 2009               [Page 10]

Internet-Draft            SIP Secure Call Flows                 May 2009


   Validity
       Not Before: Apr 29 17:10:46 2009 GMT
       Not After : Apr 28 17:10:46 2012 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit,
            CN=fluffy@example.com
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption
       RSA Public Key: (2048 bit)
           Modulus (2048 bit):
               00:f4:0f:e8:18:2d:b1:9b:93:ef:64:6b:19:d7:83:
               ac:f7:af:12:37:30:48:df:6e:55:0a:ce:f7:2a:19:
               17:66:bc:42:af:7a:af:78:6c:96:c6:c1:de:5e:38:
               67:93:8d:f2:40:13:b5:6f:07:79:de:32:2c:23:e7:
               ba:e4:a8:36:32:83:8a:75:79:86:85:a2:50:d1:bb:
               b5:81:36:7e:6b:f2:64:9b:b6:54:d3:8b:c4:4d:4d:
               26:94:ae:7c:50:e4:b2:e6:5f:ac:34:e0:97:51:cd:
               ff:66:b9:92:98:c5:cc:22:e7:0c:30:a4:4c:a6:37:
               ba:21:31:b2:81:93:0d:24:ee:a7:27:c9:b3:ec:46:
               e3:f9:7a:d2:42:0a:59:ab:e7:a3:8b:30:66:3d:31:
               88:6f:ee:c4:8d:24:ca:99:f1:c8:4c:50:0d:4b:6b:
               73:80:ac:74:6f:45:b1:29:29:a1:89:40:94:02:57:
               23:8b:6d:60:5c:38:d3:1f:c3:bb:74:3d:15:87:af:
               2d:29:16:6c:30:01:4e:e3:39:13:17:6b:ea:58:97:
               75:9f:60:38:84:2c:31:95:6e:d8:6d:69:81:bb:2e:
               fa:59:a2:fb:08:53:59:df:1e:94:17:e5:10:f8:72:
               5a:fb:4e:4f:2f:cd:3b:3d:30:c5:b6:c8:3b:e0:e7:
               32:ed
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Subject Alternative Name:
           URI:sip:fluffy@example.com, URI:im:fluffy@example.com,
              URI:pres:fluffy@example.com
       X509v3 Basic Constraints:
           CA:FALSE
       X509v3 Subject Key Identifier:
           D2:A2:22:FB:4D:A1:37:B9:15:0B:1E:FC:27:BC:FA:00:A7:1C:F2:29
       X509v3 Authority Key Identifier:
           6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
           DirName:/C=US/ST=California/L=San Jose/O=sipit/
            OU=Sipit Test Certificate Authority
           serial:00

       X509v3 Key Usage:
           Digital Signature, Non Repudiation, Key Encipherment
       X509v3 Extended Key Usage:
           E-mail Protection, 1.3.6.1.5.5.7.3.20
       Signature Algorithm: sha1WithRSAEncryption
   80:a0:db:45:dd:7d:b6:50:b6:93:27:36:cd:cd:28:3c:39:23:



Jennings, et al.        Expires November 5, 2009               [Page 11]

Internet-Draft            SIP Secure Call Flows                 May 2009


   aa:e4:6e:9c:f7:d9:8c:96:4d:b7:36:f6:ac:c1:8f:86:d8:6a:
   91:3a:4f:5a:68:32:37:df:0f:dd:40:b7:34:68:91:ce:0f:f0:
   16:02:ee:be:b6:1d:e1:92:87:c9:5e:a9:42:78:26:45:bb:17:
   08:ee:83:ea:e9:d8:30:84:66:90:69:b8:78:ff:c4:09:5c:ea:
   e2:8a:10:e6:f9:64:eb:db:47:0e:10:29:4d:0e:bb:53:65:70:
   e1:71:82:c8:d0:14:f4:24:30:49:a6:fc:80:a8:b1:84:bc:e9:
   73:75


   Versions of these certificates that do not make use of EKU are also
   included in Appendix B.2


5.  Callflow with Message Over TLS

5.1.  TLS with Server Authentication

   The flow below shows the edited SSLDump output of the host
   example.com forming a TLS[4] connection to example.net.  In this
   example mutual authentication is not used.  Note that the client
   proposed three protocol suites including TLS_RSA_WITH_AES_128_CBC_SHA
   defined in [6].  The certificate returned by the server contains a
   Subject Alternative Name that is set to example.net.  A detailed
   discussion of TLS can be found in [18].

   This example does not use the Server Extended Hello[5].

 New TCP connection #1: www.example.com(57592) <-> www.example.com(5061)
 1 1  0.0015 (0.0015)  C>SV3.1(101)  Handshake
       ClientHello
         Version 3.1
         random[32]=
           49 f7 83 8d 1f 21 c7 73 0c 9f 61 ab 13 2d 6b 26
           1e 79 0c 68 b3 b6 f8 24 54 6b 41 0d 9b 3a 03 31
         cipher suites
         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
         TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
         TLS_DHE_RSA_WITH_AES_256_SHA
         TLS_RSA_WITH_AES_256_CBC_SHA
         TLS_DSS_RSA_WITH_AES_256_SHA
         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
         TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
         TLS_DHE_RSA_WITH_AES_128_CBC_SHA
         TLS_RSA_WITH_AES_128_CBC_SHA
         TLS_DHE_DSS_WITH_AES_128_CBC_SHA
         TLS_ECDHE_RSA_WITH_DES_192_CBC3_SHA
         TLS_ECDH_RSA_WITH_DES_192_CBC3_SHA
         TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA



Jennings, et al.        Expires November 5, 2009               [Page 12]

Internet-Draft            SIP Secure Call Flows                 May 2009


         TLS_RSA_WITH_3DES_EDE_CBC_SHA
         TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
         TLS_ECDHE_RSA_WITH_RC4_128_SHA
         TLS_ECDH_RSA_WITH_RC4_128_SHA
         TLS_RSA_WITH_RC4_128_SHA
         TLS_RSA_WITH_RC4_128_MD5
         TLS_DHE_RSA_WITH_DES_CBC_SHA
         TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
         TLS_RSA_WITH_DES_CBC_SHA
         TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
         TLS_DHE_DSS_WITH_DES_CBC_SHA
         TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
         TLS_RSA_EXPORT_WITH_RC4_40_MD5
         compression methods
                   NULL
 1 2  0.0040 (0.0024)  S>CV3.1(48)  Handshake
       ServerHello
         Version 3.1
         random[32]=
           49 f7 83 8d a0 f8 f0 3f ff 2d d4 13 9c 29 2b 2b
           fc 1c 92 b9 a8 2a d2 10 0c 54 8e fd af d6 42 22
         session_id[0]=

         cipherSuite         TLS_RSA_WITH_AES_256_CBC_SHA
         compressionMethod                   NULL
 1 3  0.0040 (0.0000)  S>CV3.1(1823)  Handshake
       Certificate
 1 4  0.0040 (0.0000)  S>CV3.1(14)  Handshake
       CertificateRequest
         certificate_types                   rsa_sign
         certificate_types                   dss_sign
         certificate_types                 unknown value
       ServerHelloDone
 1 5  0.0360 (0.0320)  C>SV3.1(7)  Handshake
       Certificate
 1 6  0.0360 (0.0000)  C>SV3.1(262)  Handshake
       ClientKeyExchange
 1 7  0.0360 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
 1 8  0.0360 (0.0000)  C>SV3.1(48)  Handshake
 1 9  0.0770 (0.0410)  S>CV3.1(170)  Handshake
 1 10 0.0770 (0.0000)  S>CV3.1(1)  ChangeCipherSpec
 1 11 0.0770 (0.0000)  S>CV3.1(48)  Handshake
 1 12 0.0780 (0.0010)  C>SV3.1(32)  application_data
 1 13 0.0780 (0.0000)  C>SV3.1(448)  application_data
 1 14 0.2804 (0.2023)  S>CV3.1(32)  application_data
 1 15 0.2804 (0.0000)  S>CV3.1(416)  application_data
 1 16 12.3288 (12.0483)  S>CV3.1(32)  Alert
 1    12.3293 (0.0004)  S>C  TCP FIN



Jennings, et al.        Expires November 5, 2009               [Page 13]

Internet-Draft            SIP Secure Call Flows                 May 2009


 1 17 12.3310 (0.0017)  C>SV3.1(32)  Alert

5.2.  MESSAGE Message Over TLS

   Once the TLS session is set up, the following MESSAGE message (as
   defined in [15] is sent from fluffy@example.com to
   kumiko@example.net.  Note that the URI has a SIPS URL and that the
   VIA indicates that TLS was used.  In order to format this document,
   the <allOneLine>convention from [11] is used to break long lines.
   The actual message does not contain the linebreaks contained within
   those tags.

   MESSAGE sips:kumiko@example.net:5061 SIP/2.0
   Via: SIP/2.0/TLS 208.77.188.166:15001;\
        branch=z9hG4bK-d8754z-3be7667f18d2f53c-1---d8754z-;\
        rport=54499
   Max-Forwards: 70
   Contact: <sips:fluffy@example.com:15001>
   To: <sips:kumiko@example.net:5061>
   From: <sips:fluffy@example.com:15001>;tag=2eff6a6f
   Call-ID: NmE1NDk1YzFmYmMzMDVjOTEwMzVlZjNkMTBjZGZlMzY.
   CSeq: 1 MESSAGE
   Accept: multipart/signed, text/plain, application/pkcs7-mime,\
           application/sdp, multipart/alternative
   Content-Type: text/plain
   Content-Length: 6

   Hello!

   The response is sent from example.net to example.com over the same
   TLS connection.  It is shown below.

   SIP/2.0 200 OK
   Via: SIP/2.0/TLS 208.77.188.166:15001;\
        branch=z9hG4bK-d8754z-3be7667f18d2f53c-1---d8754z-;\
        rport=54499
   Contact: <sip:208.77.188.166:5061;transport=TLS>
   To: <sips:kumiko@example.net:5061>;tag=00e62966
   From: <sips:fluffy@example.com:15001>;tag=2eff6a6f
   Call-ID: NmE1NDk1YzFmYmMzMDVjOTEwMzVlZjNkMTBjZGZlMzY.
   CSeq: 1 MESSAGE
   Content-Length: 0









Jennings, et al.        Expires November 5, 2009               [Page 14]

Internet-Draft            SIP Secure Call Flows                 May 2009


6.  Callflow with S/MIME-secured Message

6.1.  MESSAGE Message with Signed Body

   Example Signed Message.  The value on the Content-Type line has been
   broken across lines to fit on the page but it should not be broken
   across lines in actual implementations.

   MESSAGE sip:kumiko@example.net SIP/2.0
   Via: SIP/2.0/TCP 208.77.188.166:15001;\
        branch=z9hG4bK-d8754z-36f515466f3a7f5c-1---d8754z-;\
        rport=54500
   Max-Forwards: 70
   Contact: <sip:fluffy@example.com>
   To: <sip:kumiko@example.net>
   From: <sip:fluffy@example.com>;tag=e8cc1b5c
   Call-ID: NjVjYjNjNzQzNTZlYzdjMWUwM2VjYjcwOTVjM2RkZDM.
   CSeq: 1 MESSAGE
   Accept: multipart/signed, text/plain, application/pkcs7-mime,\
           application/sdp, multipart/alternative
   Content-Type: multipart/signed;boundary=ac31fa52a112030f;\
                 micalg=sha1;protocol="application/pkcs7-signature"
   Content-Length: 772

   --ac31fa52a112030f
   Content-Type: text/plain
   Content-Transfer-Encoding: binary

   hello
   --ac31fa52a112030f
   Content-Type: application/pkcs7-signature;name=smime.p7s
   Content-Disposition: attachment;handling=required;\
                        filename=smime.p7s
   Content-Transfer-Encoding: binary

   *****************
   * BINARY BLOB 1 *
   *****************
   --ac31fa52a112030f--

   It is important to note that the signature includes the header and
   excludes the boundary.  The value on the Message-body line ends with
   CRLF.  The CRLF is included in the boundary and should not be part of
   the signature computation.  In the example below, the signature is
   computed over data starting with the C in the Content-Type and ending
   with the o in the hello.





Jennings, et al.        Expires November 5, 2009               [Page 15]

Internet-Draft            SIP Secure Call Flows                 May 2009


   Content-Type: text/plain
   Content-Transfer-Encoding: binary

   hello

   ASN.1 parse of binary Blob 1.  Note that at address 30, the hash for
   the signature is specified as SHA-1.  Also note that the sender's
   certificate is not attached as it is optional in [8].

 0  471: SEQUENCE {
 4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15  456:   [0] {
19  452:     SEQUENCE {
23    1:       INTEGER 1
26   11:       SET {
28    9:         SEQUENCE {
30    5:           OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
37    0:           NULL
       :           }
       :         }
39   11:       SEQUENCE {
41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
       :         }
52  419:       SET {
56  415:         SEQUENCE {
60    1:           INTEGER 1
63  124:           SEQUENCE {
65  112:             SEQUENCE {
67   11:               SET {
69    9:                 SEQUENCE {
71    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
76    2:                   PrintableString 'US'
       :                   }
       :                 }
80   19:               SET {
82   17:                 SEQUENCE {
84    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
89   10:                   PrintableString 'California'
       :                   }
       :                 }
 101   17:               SET {
 103   15:                 SEQUENCE {
 105    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
 110    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
 120   14:               SET {



Jennings, et al.        Expires November 5, 2009               [Page 16]

Internet-Draft            SIP Secure Call Flows                 May 2009


 122   12:                 SEQUENCE {
 124    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 129    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 136   41:               SET {
 138   39:                 SEQUENCE {
 140    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 145   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 179    8:             INTEGER 01 52 01 54 01 90 00 47
       :             }
 189    9:           SEQUENCE {
 191    5:             OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
 198    0:             NULL
       :             }
 200   13:           SEQUENCE {
 202    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 213    0:             NULL
       :             }
 215  256:           OCTET STRING
       :             B1 08 00 AA 15 AC 59 6D 1A 66 66 61 40 A7 BB B1
       :             D6 7C 32 D8 CE 59 98 E3 8F 69 94 09 A5 F2 C4 34
       :             6F 49 4D 56 64 FE EB A9 EA 71 5D 44 B4 0C 77 C1
       :             0E BF FD 42 17 E3 84 A2 7E 5E 13 6C A6 F8 2B A9
       :             24 3F BE AE 14 51 0E 0D 3E 9A 93 9A 16 52 25 AB
       :             28 AA C5 8D 15 EB 96 29 C0 9B D9 52 3E 38 D8 07
       :             86 2D 22 28 9F 66 0F 74 DF B1 63 0B 26 0D 51 11
       :             EF AD 54 01 6D A4 C9 65 C6 3E 78 E3 CE 1C 78 5A
       :             41 85 B5 20 22 9F 0B 70 5A 0B 62 1F EF 92 56 75
       :             22 25 41 90 2B F5 12 08 60 07 09 F7 73 5A 89 B9
       :             0D F1 48 54 FF 1C FA C3 A8 10 58 6D 58 98 18 A5
       :             0B B3 24 24 D5 CE DB 33 FC 31 75 E9 AC 15 1F 02
       :             F2 A8 E0 3A 3F 1E D2 22 B8 4D EA 11 0A 08 76 A7
       :             14 1B 55 8F E7 E7 1C E0 16 E7 1B 62 D4 D4 F2 0A
       :             7C AB B0 2C 46 02 08 B7 CA 2A 1E 08 CB 4D 1C AA
       :             09 34 AA 53 5F 59 95 3D C7 87 DD 17 8D 78 04 01
       :           }
       :         }
       :       }
       :     }
       :   }



Jennings, et al.        Expires November 5, 2009               [Page 17]

Internet-Draft            SIP Secure Call Flows                 May 2009


   SHA-1 parameters may be omitted entirely, instead of being set to
   NULL, as mentioned in [10].  The above dump of Blob 1 has SHA-1
   parameters set to NULL.  Below are the same contents signed with the
   same key, but omitting the NULL according to [10].  This is the
   preferred encoding.  This is covered in greater detail in Section 7.

 0  467: SEQUENCE {
 4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15  452:   [0] {
19  448:     SEQUENCE {
23    1:       INTEGER 1
26    9:       SET {
28    7:         SEQUENCE {
30    5:           OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
       :           }
       :         }
37   11:       SEQUENCE {
39    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
       :         }
50  417:       SET {
54  413:         SEQUENCE {
58    1:           INTEGER 1
61  124:           SEQUENCE {
63  112:             SEQUENCE {
65   11:               SET {
67    9:                 SEQUENCE {
69    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
74    2:                   PrintableString 'US'
       :                   }
       :                 }
78   19:               SET {
80   17:                 SEQUENCE {
82    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
87   10:                   PrintableString 'California'
       :                   }
       :                 }
99   17:               SET {
 101   15:                 SEQUENCE {
 103    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
 108    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
 118   14:               SET {
 120   12:                 SEQUENCE {
 122    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 127    5:                   PrintableString 'sipit'



Jennings, et al.        Expires November 5, 2009               [Page 18]

Internet-Draft            SIP Secure Call Flows                 May 2009


       :                   }
       :                 }
 134   41:               SET {
 136   39:                 SEQUENCE {
 138    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 143   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 177    8:             INTEGER 01 52 01 54 01 90 00 47
       :             }
 187    7:           SEQUENCE {
 189    5:             OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
       :             }
 196   13:           SEQUENCE {
 198    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 209    0:             NULL
       :             }
 211  256:           OCTET STRING
       :             B1 08 00 AA 15 AC 59 6D 1A 66 66 61 40 A7 BB B1
       :             D6 7C 32 D8 CE 59 98 E3 8F 69 94 09 A5 F2 C4 34
       :             6F 49 4D 56 64 FE EB A9 EA 71 5D 44 B4 0C 77 C1
       :             0E BF FD 42 17 E3 84 A2 7E 5E 13 6C A6 F8 2B A9
       :             24 3F BE AE 14 51 0E 0D 3E 9A 93 9A 16 52 25 AB
       :             28 AA C5 8D 15 EB 96 29 C0 9B D9 52 3E 38 D8 07
       :             86 2D 22 28 9F 66 0F 74 DF B1 63 0B 26 0D 51 11
       :             EF AD 54 01 6D A4 C9 65 C6 3E 78 E3 CE 1C 78 5A
       :             41 85 B5 20 22 9F 0B 70 5A 0B 62 1F EF 92 56 75
       :             22 25 41 90 2B F5 12 08 60 07 09 F7 73 5A 89 B9
       :             0D F1 48 54 FF 1C FA C3 A8 10 58 6D 58 98 18 A5
       :             0B B3 24 24 D5 CE DB 33 FC 31 75 E9 AC 15 1F 02
       :             F2 A8 E0 3A 3F 1E D2 22 B8 4D EA 11 0A 08 76 A7
       :             14 1B 55 8F E7 E7 1C E0 16 E7 1B 62 D4 D4 F2 0A
       :             7C AB B0 2C 46 02 08 B7 CA 2A 1E 08 CB 4D 1C AA
       :             09 34 AA 53 5F 59 95 3D C7 87 DD 17 8D 78 04 01
       :           }
       :         }
       :       }
       :     }
       :   }








Jennings, et al.        Expires November 5, 2009               [Page 19]

Internet-Draft            SIP Secure Call Flows                 May 2009


6.2.  MESSAGE Message with Encrypted Body

   Example encrypted text/plain message that says "hello":

   MESSAGE sip:kumiko@example.net SIP/2.0
   Via: SIP/2.0/TCP 208.77.188.166:15001;\
        branch=z9hG4bK-d8754z-1c7dd40a5fff4463-1---d8754z-;\
        rport=54502
   Max-Forwards: 70
   Contact: <sip:fluffy@example.com>
   To: <sip:kumiko@example.net>
   From: <sip:fluffy@example.com>;tag=5a10502e
   Call-ID: YTk3ODIwN2FiYTUwMGZmYTM1MDJiMzY2ODcyYzE4MGM.
   CSeq: 1 MESSAGE
   Accept: multipart/signed, text/plain, application/pkcs7-mime,\
           application/sdp, multipart/alternative
   Content-Disposition: attachment;handling=required;\
                        filename=smime.p7
   Content-Transfer-Encoding: binary
   Content-Type: application/pkcs7-mime;smime-type=enveloped-data;\
                 name=smime.p7m
   Content-Length: 564

   *****************
   * BINARY BLOB 2 *
   *****************

   ASN.1 parse of binary Blob 2.  Note that at address 453, the
   encryption is set to aes128-CBC.

 0  560: SEQUENCE {
 4    9:   OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
15  545:   [0] {
19  541:     SEQUENCE {
23    1:       INTEGER 0
26  408:       SET {
30  404:         SEQUENCE {
34    1:           INTEGER 0
37  124:           SEQUENCE {
39  112:             SEQUENCE {
41   11:               SET {
43    9:                 SEQUENCE {
45    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
50    2:                   PrintableString 'US'
       :                   }
       :                 }
54   19:               SET {
56   17:                 SEQUENCE {



Jennings, et al.        Expires November 5, 2009               [Page 20]

Internet-Draft            SIP Secure Call Flows                 May 2009


58    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
63   10:                   PrintableString 'California'
       :                   }
       :                 }
75   17:               SET {
77   15:                 SEQUENCE {
79    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
84    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
94   14:               SET {
96   12:                 SEQUENCE {
98    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 103    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 110   41:               SET {
 112   39:                 SEQUENCE {
 114    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 119   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 153    8:             INTEGER 01 52 01 54 01 90 00 48
       :             }
 163   13:           SEQUENCE {
 165    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 176    0:             NULL
       :             }
 178  256:           OCTET STRING
       :             6E 48 A2 78 07 3A 47 09 C0 57 6F CB 01 AA 0E E7
       :             3E 2C 1B 78 8F 6B 0B C2 D4 F2 BD 41 8E 3E CB 95
       :             CD 35 9C 2E 59 8B E8 E5 35 59 6F 0E FC 3B BB A4
       :             2E 66 0D 68 6E 45 04 CA 4B E5 29 BE 65 F1 51 A1
       :             E3 40 83 95 7C 8F B0 A9 56 CF 34 D4 DE C4 63 BE
       :             26 55 1D 57 51 E2 86 8C 2A 7D B1 37 13 B5 F8 8D
       :             B8 3C F1 84 31 0C 57 B2 24 E3 D2 F6 94 5D A2 80
       :             2E 45 B7 36 96 6C EF A3 90 23 8E 9D B3 50 0A 6F
       :             DB E7 47 54 EA 2D 5E 38 75 77 CB 05 EE 45 71 B6
       :             BB 95 93 AF 59 31 BC B3 10 F7 FE 72 B9 85 22 51
       :             80 A6 7E F6 E5 9E 46 32 2C 8A BB ED 60 C8 F6 7B
       :             2D 9E CF 5F 9E D9 21 68 08 BE 00 51 27 A7 1B 54
       :             53 CF 45 2A 58 61 63 3C 19 75 86 67 04 C3 05 77



Jennings, et al.        Expires November 5, 2009               [Page 21]

Internet-Draft            SIP Secure Call Flows                 May 2009


       :             6D 77 19 3B A4 16 32 38 1C 79 05 7B 71 11 7B 56
       :             24 75 24 6B F7 75 D1 8A DA AE B8 3A 86 4D 31 0A
       :             1B D2 80 88 64 52 13 DA FE 93 DD AA C9 E0 D2 CB
       :           }
       :         }
 438  124:       SEQUENCE {
 440    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 451   29:         SEQUENCE {
 453    9:           OBJECT IDENTIFIER
       :             aes128-CBC (2 16 840 1 101 3 4 1 2)
 464   16:           OCTET STRING
       :             E8 E4 34 63 AE 68 F7 C1 62 C5 9E 7B 6F 25 22 AF
       :           }
 482   80:         [0]
       :           41 4C FE FA A4 B4 70 1A 62 86 BC C1 DE 90 94 69
       :           7D 0A D2 0F F3 4E 7D 6F 72 2F 7A A7 4B B4 4A 59
       :           C9 C0 CB F3 AD 92 D6 31 66 94 0E B3 49 01 63 D5
       :           BA 5A AE 29 ED C9 8A 87 EA 00 FC 4B 97 62 54 56
       :           91 DB 78 50 B6 AD B7 B8 5D F6 11 41 3C C0 20 DD
       :         }
       :       }
       :     }
       :   }


6.3.  MESSAGE Message with Encrypted and Signed Body

   In the example below, one of the headers is contained in a box and is
   split across two lines.  This was only done to make it fit in the RFC
   format.  This header should not have the box around it and should be
   on one line with no whitespace between the "mime;" and the "smime-
   type".  Note that Content-Type is split across lines for formatting
   but is not split in the real message.


















Jennings, et al.        Expires November 5, 2009               [Page 22]

Internet-Draft            SIP Secure Call Flows                 May 2009


   MESSAGE sip:kumiko@example.net SIP/2.0
   Via: SIP/2.0/TCP 208.77.188.166:15001;\
        branch=z9hG4bK-d8754z-c2d73f665e157842-1---d8754z-;\
        rport=54503
   Max-Forwards: 70
   Contact: <sip:fluffy@example.com>
   To: <sip:kumiko@example.net>
   From: <sip:fluffy@example.com>;tag=5e4dd355
   Call-ID: MDQ2ZGVkZWQ4YzJhZTZhZDRjNzE0MDJkNzk1NGIxNTQ.
   CSeq: 1 MESSAGE
   Accept: multipart/signed, text/plain, application/pkcs7-mime,\
           application/sdp, multipart/alternative
   Content-Type: multipart/signed;boundary=e0c6b73cedc44967;\
                 micalg=sha1;protocol="application/pkcs7-signature"
   Content-Length: 1453

   --e0c6b73cedc44967
   Content-Type: application/pkcs7-mime;smime-type=enveloped-data;\
                 name=smime.p7m
   Content-Disposition: attachment;handling=required;\
                        filename=smime.p7
   Content-Transfer-Encoding: binary

   *****************
   * BINARY BLOB 3 *
   *****************
   --e0c6b73cedc44967
   Content-Type: application/pkcs7-signature;name=smime.p7s
   Content-Disposition: attachment;handling=required;\
                        filename=smime.p7s
   Content-Transfer-Encoding: binary

   *****************
   * BINARY BLOB 4 *
   *****************
   --e0c6b73cedc44967--

   Binary blob 3

 0  560: SEQUENCE {
 4    9:   OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
15  545:   [0] {
19  541:     SEQUENCE {
23    1:       INTEGER 0
26  408:       SET {
30  404:         SEQUENCE {
34    1:           INTEGER 0
37  124:           SEQUENCE {



Jennings, et al.        Expires November 5, 2009               [Page 23]

Internet-Draft            SIP Secure Call Flows                 May 2009


39  112:             SEQUENCE {
41   11:               SET {
43    9:                 SEQUENCE {
45    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
50    2:                   PrintableString 'US'
       :                   }
       :                 }
54   19:               SET {
56   17:                 SEQUENCE {
58    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
63   10:                   PrintableString 'California'
       :                   }
       :                 }
75   17:               SET {
77   15:                 SEQUENCE {
79    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
84    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
94   14:               SET {
96   12:                 SEQUENCE {
98    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 103    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 110   41:               SET {
 112   39:                 SEQUENCE {
 114    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 119   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 153    8:             INTEGER 01 52 01 54 01 90 00 48
       :             }
 163   13:           SEQUENCE {
 165    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 176    0:             NULL
       :             }
 178  256:           OCTET STRING
       :             8A C2 F2 23 B0 D4 11 0E EB 38 60 3A 47 99 14 33
       :             78 01 1A F9 12 9E 97 93 D5 68 B2 B8 4E CF 76 15
       :             EF CD 36 0E A5 B8 36 5F E1 05 78 45 F7 05 12 6D
       :             55 0A A1 50 4C A9 F7 E3 B1 69 65 F8 38 A8 F7 2F



Jennings, et al.        Expires November 5, 2009               [Page 24]

Internet-Draft            SIP Secure Call Flows                 May 2009


       :             A1 74 0F 15 6F 29 B6 5C 74 21 49 21 77 07 E4 0A
       :             4D A9 02 30 15 45 2F 8F AE 08 2E 49 D9 B2 77 73
       :             E8 41 08 4E 2D B0 B0 EE 2F 49 B7 75 D7 70 E0 60
       :             FC A3 C9 49 38 C8 B3 79 71 46 98 C3 17 20 A9 13
       :             E7 EE E3 99 AA E2 1F C3 C3 7A B3 70 40 DA F3 40
       :             0B 69 99 DC EB 5C 10 A9 FF A8 66 D1 56 BB B9 B9
       :             84 CB 6D 03 3F 96 CC 6D 5A 92 8B 00 23 CB 8B FE
       :             FB BF 19 26 7F C9 69 CC 93 98 5A E4 DE D3 B0 DE
       :             6E 0E 29 9C E8 05 D7 4F 3D A0 F7 C2 B2 8E 0E FF
       :             06 DA 46 0B ED 3B 84 BF 88 17 9C 40 DA 52 65 62
       :             A9 BB F5 7A E7 D1 78 69 9D 61 D5 48 53 56 0A BB
       :             DD F3 35 C3 04 0D C0 BD 26 41 C1 E4 9E 19 A2 4B
       :           }
       :         }
 438  124:       SEQUENCE {
 440    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 451   29:         SEQUENCE {
 453    9:           OBJECT IDENTIFIER
       :             aes128-CBC (2 16 840 1 101 3 4 1 2)
 464   16:           OCTET STRING
       :             9E C3 11 33 C1 F5 42 09 C8 8B D2 C9 54 32 78 46
       :           }
 482   80:         [0]
       :           89 5B E2 84 60 E5 45 2B 74 CC 61 4F A2 E4 03 37
       :           D3 C6 83 52 A3 CF C9 E8 C7 8D AF F3 36 39 56 BF
       :           8F 7D E3 F8 65 43 6E 61 65 85 5B 62 AC BF 3A DD
       :           99 C7 8B B7 BA A7 3F 97 61 3C B1 E2 E0 45 BC 17
       :           43 51 03 F4 41 8C 55 E7 02 5F CC AE F5 02 6B D8
       :         }
       :       }
       :     }
       :   }


   Binary Blob 4

 0  471: SEQUENCE {
 4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15  456:   [0] {
19  452:     SEQUENCE {
23    1:       INTEGER 1
26   11:       SET {
28    9:         SEQUENCE {
30    5:           OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
37    0:           NULL
       :           }
       :         }
39   11:       SEQUENCE {



Jennings, et al.        Expires November 5, 2009               [Page 25]

Internet-Draft            SIP Secure Call Flows                 May 2009


41    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
       :         }
52  419:       SET {
56  415:         SEQUENCE {
60    1:           INTEGER 1
63  124:           SEQUENCE {
65  112:             SEQUENCE {
67   11:               SET {
69    9:                 SEQUENCE {
71    3:                   OBJECT IDENTIFIER countryName (2 5 4 6)
76    2:                   PrintableString 'US'
       :                   }
       :                 }
80   19:               SET {
82   17:                 SEQUENCE {
84    3:                   OBJECT IDENTIFIER
       :                     stateOrProvinceName (2 5 4 8)
89   10:                   PrintableString 'California'
       :                   }
       :                 }
 101   17:               SET {
 103   15:                 SEQUENCE {
 105    3:                   OBJECT IDENTIFIER localityName (2 5 4 7)
 110    8:                   PrintableString 'San Jose'
       :                   }
       :                 }
 120   14:               SET {
 122   12:                 SEQUENCE {
 124    3:                   OBJECT IDENTIFIER
       :                     organizationName (2 5 4 10)
 129    5:                   PrintableString 'sipit'
       :                   }
       :                 }
 136   41:               SET {
 138   39:                 SEQUENCE {
 140    3:                   OBJECT IDENTIFIER
       :                     organizationalUnitName (2 5 4 11)
 145   32:                   PrintableString 'Sipit Test Certificate Aut
hority'
       :                   }
       :                 }
       :               }
 179    8:             INTEGER 01 52 01 54 01 90 00 47
       :             }
 189    9:           SEQUENCE {
 191    5:             OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
 198    0:             NULL
       :             }



Jennings, et al.        Expires November 5, 2009               [Page 26]

Internet-Draft            SIP Secure Call Flows                 May 2009


 200   13:           SEQUENCE {
 202    9:             OBJECT IDENTIFIER
       :               rsaEncryption (1 2 840 113549 1 1 1)
 213    0:             NULL
       :             }
 215  256:           OCTET STRING
       :             29 C3 93 9D 71 C5 93 52 80 4B 0F C5 66 C7 CD 18
       :             2F 4D A0 07 E1 29 CE F9 2E CE 92 16 CD 7D B1 45
       :             5A 6D C2 5A 90 51 C3 20 66 FC 76 F0 DF D3 AE C5
       :             CE 4D DF C8 0D D7 87 B3 69 ED 81 BA 71 EA B4 C0
       :             E3 F5 A3 A4 CA 2E 36 A3 29 37 86 37 C3 B6 90 A7
       :             EA 6A 27 52 C6 9C AB B1 2C 7B 60 10 26 E9 33 43
       :             83 BA 06 B0 68 05 26 88 A2 68 1A 4E E5 82 16 5B
       :             E4 00 7D 18 09 4A 13 09 2D B5 F1 A6 C0 39 60 29
       :             02 32 24 29 D6 37 55 4C 42 DA 7D E9 98 F8 C6 FE
       :             E8 01 1C 56 8B AD DB D2 B2 C4 20 A0 CC 92 BD 9B
       :             9F 0E C9 9E 5C BF 4E DA 1D D9 E4 02 DC DA 57 A6
       :             59 EC 89 CD AD 66 D3 A3 7A 88 F9 A2 DA D5 9E FB
       :             4F AD 7D D9 69 68 35 B1 98 10 64 42 1D 3D 24 57
       :             C5 BF 48 C3 B0 E6 3C 91 3C 27 52 28 D2 BE 2C AC
       :             79 79 32 2E C4 9D 7C 8A 73 73 68 EC 60 E0 22 0D
       :             50 7F 72 33 96 89 F8 9F 7B ED D1 4A 75 7B D5 14
       :           }
       :         }
       :       }
       :     }
       :   }



7.  Observed Interoperability Issues

   This section describes some common interoperability problems.
   Implementers should verify that their clients do the correct things
   and when possible make their clients forgiving in what they receive.
   Implementations should take extra care to produce reasonable error
   messages when interacting with software that has these problems.

   Some SIP clients incorrectly only do SSLv3 and do not support TLS.

   Many SIP clients were found to accept expired certificates with no
   warning or error.

   When used with SIP, TLS and S/MIME provide the identity of the peer
   that a client is communicating with in the Subject Alternative Name
   in the certificate.  The software must check that this name
   corresponds to the identity the server is trying to contact.  If a
   client is trying to set up a TLS connection to good.example.com and



Jennings, et al.        Expires November 5, 2009               [Page 27]

Internet-Draft            SIP Secure Call Flows                 May 2009


   it gets a TLS connection set up with a server that presents a valid
   certificate but with the name evil.example.com, it must generate an
   error or warning of some type.  Similarly with S/MIME, if a user is
   trying to communicate with sip:fluffy@example.com, one of the items
   in the Subject Alternate Name set in the certificate must match.

   Some implementations used binary MIME encodings while others used
   base64.  Implementations should send only binary but must be prepared
   to receive either.

   In several places in this draft, the messages contain the encoding
   for the SHA-1 digest algorithm identifier.  The preferred form for
   encoding as set out in Section 2 of RFC 3370 [10] is the form in
   which the optional AlgorithmIdentifier parameter field is omitted.
   However, RFC 3370 also says the recipients need to be able to receive
   the form in which the AlgorithmIdentifier parameter field is present
   and set to NULL.  Examples of the form using NULL can be found in
   Section 4.2 of RFC 4134 [14].  Receivers really do need to be able to
   receive the form that includes the NULL because the NULL form, while
   not preferred, is what was observed as being generated by most
   implementations.  Implementers should also note that if the algorithm
   is MD5 instead of SHA-1, then the form that omits the
   AlgorithmIdentifier parameters field is not allowed and the sender
   has to use the form where the NULL is included.

   The preferred encryption algorithm for S/MIME in SIP is AES as
   defined in RFC 3853 [9].

   Observed interoperability has been better when UAs did not attach the
   senders' certificates.  Attaching the certificates significantly
   increases the size of the messages, and since it can not be relied
   on, it does not turn out to be useful in most situations.


8.  Additional Test Scenarios

   This section provides the beginning of a list of tests that
   implementations should perform while developing systems that use
   S/MIME and TLS for SIP.

   Much of the required behavior for inspecting certificates when using
   S/MIME and TLS with SIP is currently underspecified.  The non-
   normative recommendations in this document capture the current
   folklore around that required behavior, guided by related normative
   works such as [16] (particulary the section on Domain Names and
   Subordination) and [17] section 3.1.  To summarize that non-normative
   lore:




Jennings, et al.        Expires November 5, 2009               [Page 28]

Internet-Draft            SIP Secure Call Flows                 May 2009


   o  For S/MIME the peer's URI must appear in the subjectAltName of the
      peer's certifcate as a uniformResourceIdentifier field.
   o  For TLS the peer's hostname (as fed into 3263 for resolution for
      locating the peer) must appear as
      *  an exact match in a dNSName entry in the subjectAltName if
         there are any dNSNames in the subjectAltName.  (Wildcard
         matching is not allowed against these dNSName entries)
      *  the most specific CommonName in the Subject field if there are
         no dNSName entries in the subjectAltName at all (which is not
         the same as there being no matching dNSName entries).  This
         match can be either exact, or against an entry that uses the
         wildcard matching character '*'

   For each of these tests, an implementation will proceed past the
   verification point only if the certificate is "good".  S/MIME
   protected requests presenting bad certificate data will be rejected.
   S/MIME protected responses presenting bad certificate information
   will be ignored.  TLS connections involving bad certificate data will
   not be completed.

   1.   S/MIME : Good peer certificate
   2.   S/MIME : Bad peer certificate (peer URI does not appear in
        subjAltName)
   3.   S/MIME : Bad peer certificate (valid authority chain does not
        end at a trusted CA)
   4.   S/MIME : Bad peer certificate (the current time does not fall
        within the period of validity)
   5.   S/MIME : Bad peer certificate (certificate or cert in authority
        chain has been revoked)
   6.   TLS : Good peer certificate (hostname appears in dNSName in
        subjAltName)
   7.   TLS : Good peer certificate (no dNSNames in subjAltName,
        hostname appears in CN of Subject)
   8.   TLS : Bad peer certificate (no match in dNSNames or in the
        Subject CN)
   9.   TLS : Bad peer certificate (valid authority chain does not end
        at a trusted CA)
   10.  TLS : Bad peer certificate (the current time does not fall
        within the period of validity)
   11.  TLS : Bad peer certificate (certificate or cert in authority
        chain has been revoked)


9.  IANA Considerations

   No IANA actions are required.





Jennings, et al.        Expires November 5, 2009               [Page 29]

Internet-Draft            SIP Secure Call Flows                 May 2009


10.  Acknowledgments

   Many thanks to the developers of all the open source software used to
   create these call flows.  This includes the underlying crypto and TLS
   software used from openssl.org, the SIP stack from
   www.resiprocate.org, and the SIMPLE IMPP agent from www.sipimp.org.
   The TLS flow dumps were done with SSLDump from
   http://www.rtfm.com/ssldump.  The book "SSL and TLS" [18] was a huge
   help in developing the code for these flows.  It's sad there is no
   second edition.

   Thanks to Jim Schaad, Russ Housley, Eric Rescorla, Dan Wing, Tat
   Chan, and Lyndsay Campbell who all helped find and correct mistakes
   in this document.

   Vijay Gurbani and Alan Jeffrey contributed much of the additional
   test scenario content.


11.  Changelog

   (RFC Editor: remove this section)

   -01 to -02
      *  Changed RFC 3369 references to RFC 3852.
      *  Changed draft-ietf-sip-identity references to RFC 4474.
      *  Added an ASN.1 dump of CMS signed content where SHA-1
         parameters are omitted instead of being set to ASN.1 NULL.
      *  Accept headers added to messages.
      *  User and domain certificates are generated with EKU as
         specified in [12].
      *  Message content that is shown is computed using certificates
         generated with EKU.
      *  Message dump archive returned.
      *  Message archive contains messages formed with and without EKU
         certificates.
   -00 to -01
      *  Incorporated the Test cases from Vijay Gurbani's and Alan
         Jeffrey's Use of TLS in SIP draft
      *  Began to capture the folklore around where identities are
         carried in certificates for use with SIP
      *  Removed the message dump archive pending verification (will
         return in -02)


12.  Known Problems with this version

   The flows, encryption and signatures captured in this document were



Jennings, et al.        Expires November 5, 2009               [Page 30]

Internet-Draft            SIP Secure Call Flows                 May 2009


   manually collected from actual test runs.  Those runs need to be
   reproduced so the source messages can be modified (as below for
   instance).  This reproduction is being automated, but is not yet
   complete.


13.  References

13.1.  Normative References

   [1]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
         Levels", BCP 14, RFC 2119, March 1997.

   [2]   Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
         Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
         Session Initiation Protocol", RFC 3261, June 2002.

   [3]   Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509
         Public Key Infrastructure Certificate and Certificate
         Revocation List (CRL) Profile", RFC 3280, April 2002.

   [4]   Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A., and
         P. Kocher, "The TLS Protocol Version 1.0", RFC 2246,
         January 1999.

   [5]   Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and
         T. Wright, "Transport Layer Security (TLS) Extensions",
         RFC 3546, June 2003.

   [6]   Chown, P., "Advanced Encryption Standard (AES) Ciphersuites for
         Transport Layer Security (TLS)", RFC 3268, June 2002.

   [7]   Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions
         (S/MIME) Version 3.1 Message Specification", RFC 3851,
         July 2004.

   [8]   Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852,
         July 2004.

   [9]   Peterson, J., "S/MIME Advanced Encryption Standard (AES)
         Requirement for the Session Initiation Protocol (SIP)",
         RFC 3853, July 2004.

   [10]  Housley, R., "Cryptographic Message Syntax (CMS) Algorithms",
         RFC 3370, August 2002.

   [11]  Sparks, R., Hawrylyshen, A., Johnston, A., Rosenberg, J., and
         H. Schulzrinne, "Session Initiation Protocol (SIP) Torture Test



Jennings, et al.        Expires November 5, 2009               [Page 31]

Internet-Draft            SIP Secure Call Flows                 May 2009


         Messages", RFC 4475, May 2006.

   [12]  Lawrence, S. and V. Gurbani, "Using Extended Key Usage (EKU)
         for Session Initiation Protocol (SIP) X.509  Certificates",
         draft-ietf-sip-eku-04 (work in progress), April 2009.

   [13]  Gurbani, V., Lawrence, S., and B. Laboratories, "Domain
         Certificates in the Session Initiation Protocol (SIP)",
         draft-ietf-sip-domain-certs-03 (work in progress), April 2009.

13.2.  Informative References

   [14]  Hoffman, P., "Examples of S/MIME Messages", RFC 4134,
         July 2005.

   [15]  Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., and
         D. Gurle, "Session Initiation Protocol (SIP) Extension for
         Instant Messaging", RFC 3428, December 2002.

   [16]  Peterson, J. and C. Jennings, "Enhancements for Authenticated
         Identity Management in the Session Initiation Protocol (SIP)",
         RFC 4474, August 2006.

   [17]  Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

   [18]  Rescorla, E., "SSL and TLS - Designing and Building Secure
         Systems", 2001.


Appendix A.  Making Test Certificates

   These scripts allow you to make certificates for test purposes.  The
   certificates will all share a common CA root so that everyone running
   these scripts can have interoperable certificates.  WARNING - these
   certificates are totally insecure and are for test purposes only.
   All the CA created by this script share the same private key to
   facilitate interoperability testing, but this totally breaks the
   security since the private key of the CA is well known.

   The instructions assume a Unix-like environment with openssl
   installed, but openssl does work in Windows too.  Make sure you have
   openssl installed by trying to run "openssl".  Run the makeCA script
   found in Appendix A.1; this creates a subdirectory called demoCA.  If
   the makeCA script cannot find where your openssl is installed you
   will have to set an environment variable called OPENSSLDIR to
   whatever directory contains the file openssl.cnf.  You can find this
   with a "locate openssl.cnf".  You are now ready to make certificates.




Jennings, et al.        Expires November 5, 2009               [Page 32]

Internet-Draft            SIP Secure Call Flows                 May 2009


   To create certs for use with TLS, run the makeCert script found in
   Appendix A.2 with the fully qualified domain name of the proxy you
   are making the certificate for.  For example, "makeCert
   host.example.net".  This will generate a private key and a
   certificate.  The private key will be left in a file named
   domain_key_example.net.pem in pem format.  The certificate will be in
   domain_cert_example.net.pem.  Some programs expect both the
   certificate and private key combined together in a PKCS12 format
   file.  This is created by the script and left in a file named
   example.net.p12.  Some programs expect this file to have a .pfx
   extension instead of .p12 - just rename the file if needed.  A filed
   with a certificate signing request, called example.net.csr, is also
   created and can be used to get the certificate signed by another CA.

   A second argument indicating the number of days for which the
   certificate should be valid can be passed to the makeCert script.  It
   is possible to make an expired certificate using the command
   "makeCert host.example.net 0".

   Anywhere that a password is used to protect a certificate, the
   password is set to the string "password".

   The root certificate for the CA is in the file
   root_cert_fluffyCA.pem.

   For things that need DER format certificates, a certificate can be
   converted from PEM to DER with "openssl x509 -in cert.pem -inform PEM
   -out cert.der -outform DER".

   Some programs expect certificates in PKCS#7 format (with a file
   extension of .p7c).  You can convert these from PEM format to PKCS#7
   with "openssl crl2pkcs7 -nocrl -certfile cert.pem -certfile demoCA/
   cacert.pem -outform DER -out cert.p7c"

   IE, Outlook, and Netscape can import and export .p12 files and .p7c
   files.  You can convert a pkcs7 certificate to PEM format with
   "openssl pkcs7 -in cert.p7c -inform DER -outform PEM -out cert.pem".

   The private key can be converted to pkcs8 format with "openssl pkcs8
   -in a_key.pem -topk8 -outform DER -out a_key.p8c"

   In general, a TLS client will just need the root certificate of the
   CA.  A TLS server will need its private key and its certificate.
   These could be in two PEM files or one .p12 file.  An S/MIME program
   will need its private key and certificate, the root certificate of
   the CA, and the certificate for every other user it communicates
   with.




Jennings, et al.        Expires November 5, 2009               [Page 33]

Internet-Draft            SIP Secure Call Flows                 May 2009


A.1.  makeCA script

   #!/bin/sh
   set -x

   rm -rf demoCA

   mkdir demoCA
   mkdir demoCA/certs
   mkdir demoCA/crl
   mkdir demoCA/newcerts
   mkdir demoCA/private
   echo "01" > demoCA/serial
   hexdump -n 4 -e '4/1 "%04u"' /dev/random > demoCA/serial
   touch demoCA/index.txt

   # You may need to modify this for where your default file is
   # you can find where yours in by typing "openssl ca"
   for D in /etc/ssl /usr/local/ssl /sw/etc/ssl /sw/share/ssl; do
     CONF=${OPENSSLDIR:=$D}/openssl.cnf
     [ -f ${CONF} ] && break
   done

   CONF=${OPENSSLDIR}/openssl.cnf


   if [ ! -f $CONF  ]; then
       echo "Can not find file $CONF - set your OPENSSLDIR variable"
       exit
   fi
   cp $CONF openssl.cnf

   cat >> openssl.cnf  <<EOF
   [ sipdomain_cert ]
   subjectAltName=\${ENV::ALTNAME}
   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment
   extendedKeyUsage=serverAuth,1.3.6.1.5.5.7.3.20

   [ sipdomain_req ]
   basicConstraints = CA:FALSE
   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   [ sipuser_cert ]
   subjectAltName=\${ENV::ALTNAME}



Jennings, et al.        Expires November 5, 2009               [Page 34]

Internet-Draft            SIP Secure Call Flows                 May 2009


   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment
   extendedKeyUsage=emailProtection,1.3.6.1.5.5.7.3.20

   [ sipuser_req ]
   basicConstraints = CA:FALSE
   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   [ sipdomain_noeku_cert ]
   subjectAltName=\${ENV::ALTNAME}
   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment

   [ sipdomain_noeku_req ]
   basicConstraints = CA:FALSE
   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   [ sipuser_noeku_cert ]
   subjectAltName=\${ENV::ALTNAME}
   basicConstraints=CA:FALSE
   subjectKeyIdentifier=hash
   authorityKeyIdentifier=keyid,issuer:always
   keyUsage = nonRepudiation,digitalSignature,keyEncipherment

   [ sipuser_noeku_req ]
   basicConstraints = CA:FALSE
   subjectAltName=\${ENV::ALTNAME}
   subjectKeyIdentifier=hash

   EOF


   cat > demoCA/private/cakey.pem <<EOF
   -----BEGIN RSA PRIVATE KEY-----
   Proc-Type: 4,ENCRYPTED
   DEK-Info: DES-EDE3-CBC,4B47A0A73ADE342E

   aHmlPa+ZrOV6v+Jk0SClxzpxoG3j0ZuyoVkF9rzq2bZkzVBKLU6xhWwjMDqwA8dH
   3fCRLhMGIUVnmymXYhTW9svI1gpFxMBQHJcKpV/SmgFn/fbYk98Smo2izHOniIiu
   NOu2zr+bMiaBphOAZ/OCtVUxUOoBDKN9lR39UCDOgkEQzp9Vbw7l736yu5H9GMHP
   JtGLJyx3RhS3TvLfLAJZhjm/wZ/9QM8GjyJEiDhMQRJVeIZGvv4Yr1u6yYHiHfjX
   tX2eds8Luc83HbSvjAyjnkLtJsAZ/8cFzrd7pjFzbogLdWuil+kpkkf5h1uzh7oa



Jennings, et al.        Expires November 5, 2009               [Page 35]

Internet-Draft            SIP Secure Call Flows                 May 2009


   um0M1EXBE4tcDHsfg1iqEsDMIei/U+/rWfk1PrzYlklwZp8S03vulkDm1fT76W7d
   mRBg4+CrHA6qYn6EPWB37OBtfEqAfINnIcI1dWzso9A0bTPD4EJO0JA0PcZ/2JgT
   PaKySgooHQ8AHNQebelch6M5LFExpaOADJKrqauKcc2HeUxXaYIpac5/7drIl3io
   UloqUnMlGa3eLP7BZIMsZKCfHZ8oqwU4g6mmmJath2gODRDx3mfhH6yaimDL7v4i
   SAIIkrEHXfSyovrTJymfSfQtYxUraVZDqax6oj/eGllRxliGfMLYG9ceU+yU/8FN
   LE7P+Cs19H5tHHzx1LlieaK43u/XvbXHlB5mqL/fZdkUIBJsjbBVx0HR8eQl2CH9
   YJDMOPLADecwHoyKA0AY59oN9d41oF7yZtN9KwNdslROYH7mNJlqMMenhXCLN+Nz
   vVU5/7/ugZFhZqfS46c1WdmSvuqpDp7TBtMeaH/PXjysBr0iZffOxQ==
   -----END RSA PRIVATE KEY-----
   EOF

   cat > demoCA/cacert.pem <<EOF
   -----BEGIN CERTIFICATE-----
   MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eTAeFw0wMzA3MTgxMjIxNTJaFw0xMzA3MTUxMjIxNTJaMHAxCzAJBgNVBAYTAlVT
   MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEOMAwGA1UE
   ChMFc2lwaXQxKTAnBgNVBAsTIFNpcGl0IFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9y
   aXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDIh6DkcUDLDyK9BEUxkud
   +nJ4xrCVGKfgjHm6XaSuHiEtnfELHM+9WymzkBNzZpJu30yzsxwfKoIKugdNUrD4
   N3viCicwcN35LgP/KnbN34cavXHr4ZlqxH+OdKB3hQTpQa38A7YXdaoz6goW2ft5
   Mi74z03GNKP/G9BoKOGd5QIDAQABo4HNMIHKMB0GA1UdDgQWBBRrRhcU6pR2JYBU
   bhNU2qHjVBShtjCBmgYDVR0jBIGSMIGPgBRrRhcU6pR2JYBUbhNU2qHjVBShtqF0
   pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcT
   CFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBD
   ZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
   AQUFAAOBgQCWbRvv1ZGTRXxbH8/EqkdSCzSoUPrs+rQqR0xdQac9wNY/nlZbkR3O
   qAezG6Sfmklvf+DOg5RxQq/+Y6I03LRepc7KeVDpaplMFGnpfKsibETMipwzayNQ
   QgUf4cKBiF+65Ue7hZuDJa2EMv8qW4twEhGDYclpFU9YozyS1OhvUg==
   -----END CERTIFICATE-----
   EOF


   # uncomment the following lines to generate your own key pair

   # openssl req -newkey rsa:1024 -passin pass:password \
   #     -passout pass:password \
   #     -sha1 -x509 -keyout demoCA/private/cakey.pem \
   #     -out demoCA/cacert.pem -days 3650 -config ${CONF} <<EOF
   # US
   # California
   # San Jose
   # sipit
   # Sipit Test Certificate Authority
   #
   #
   # EOF



Jennings, et al.        Expires November 5, 2009               [Page 36]

Internet-Draft            SIP Secure Call Flows                 May 2009


   openssl crl2pkcs7 -nocrl -certfile demoCA/cacert.pem \
           -outform DER -out demoCA/cacert.p7c

   cp demoCA/cacert.pem root_cert_fluffyCA.pem



A.2.  makeCert script

  #!/bin/sh
  set -x

  # Make a symbolic link to this file called "makeUserCert"
  # if you wish to use it to make certs for users.

  # ExecName=$(basename $0)
  #
  # if [ ${ExecName} == "makeUserCert" ]; then
  #   ExtPrefix="sipuser"
  # elif [ ${ExecName} == "makeEkuUserCert" ]; then
  #   ExtPrefix="sipuser_eku"
  # elif [ ${ExecName} == "makeEkuCert" ]; then
  #   ExtPrefix="sipdomain_eku"
  # else
  #   ExtPrefix="sipdomain"
  # fi


  if [  $# == 3  ]; then
    DAYS=1095
  elif [ $# == 4 ]; then
    DAYS=$4
  else
    echo "Usage: makeCert test.example.org user|domain eku|noeku [days]"
    echo "       makeCert alice@example.org [days]"
    echo "days is how long the certificate is valid"
    echo "days set to 0 generates an invalid certificate"
    exit 0
  fi

  ExtPrefix="sip"${2}

  if [ $3 == "noeku" ]; then
    ExtPrefix=${ExtPrefix}"_noeku"
  fi






Jennings, et al.        Expires November 5, 2009               [Page 37]

Internet-Draft            SIP Secure Call Flows                 May 2009


  DOMAIN=`echo $1 | perl -ne '{print "$1\n" if (/\.(.*)$/)}'   `
  ADDR=$1

  echo "making cert for $DOMAIN ${ADDR}"

  rm -f ${ADDR}_*.pem
  rm -f ${ADDR}.p12

  case ${ADDR} in
  *:*) ALTNAME="URI:${ADDR}" ;;
  *@*) ALTNAME="URI:sip:${ADDR},URI:im:${ADDR},URI:pres:${ADDR}" ;;
  *)   ALTNAME="DNS:${DOMAIN},URI:sip:${ADDR}" ;;
  esac

  rm -f demoCA/index.txt
  touch demoCA/index.txt
  rm -f demoCA/newcerts/*

  export ALTNAME

  openssl genrsa  -out ${ADDR}_key.pem 2048
  openssl req -new  -config openssl.cnf -reqexts ${ExtPrefix}_req \
          -sha1 -key ${ADDR}_key.pem \
          -out ${ADDR}.csr -days ${DAYS} <<EOF
  US
  California
  San Jose
  sipit

  ${ADDR}



  EOF

  if [ $DAYS == 0 ]; then
  openssl ca -extensions ${ExtPrefix}_cert -config openssl.cnf \
      -passin pass:password -policy policy_anything \
      -md sha1 -batch -notext -out ${ADDR}_cert.pem \
      -startdate 990101000000Z \
      -enddate 000101000000Z \
       -infiles ${ADDR}.csr
  else
  openssl ca -extensions ${ExtPrefix}_cert -config openssl.cnf \
      -passin pass:password -policy policy_anything \
      -md sha1 -days ${DAYS} -batch -notext -out ${ADDR}_cert.pem \
       -infiles ${ADDR}.csr
  fi



Jennings, et al.        Expires November 5, 2009               [Page 38]

Internet-Draft            SIP Secure Call Flows                 May 2009


  openssl pkcs12 -passin pass:password \
      -passout pass:password -export \
      -out ${ADDR}.p12 -in ${ADDR}_cert.pem \
      -inkey ${ADDR}_key.pem -name ${ADDR} -certfile demoCA/cacert.pem

  openssl x509 -in ${ADDR}_cert.pem -noout -text

  case ${ADDR} in
  *@*) mv ${ADDR}_key.pem user_key_${ADDR}.pem; \
       mv ${ADDR}_cert.pem user_cert_${ADDR}.pem ;;
  *)   mv ${ADDR}_key.pem domain_key_${ADDR}.pem; \
       mv ${ADDR}_cert.pem domain_cert_${ADDR}.pem ;;
  esac


Appendix B.  Certificates for Testing

   This section contains various certificates used for testing in PEM
   format.

B.1.  Certificates Using EKU

   These certificates make use of the EKU specification described in
   [12].

   Fluffy's certificate.

























Jennings, et al.        Expires November 5, 2009               [Page 39]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN CERTIFICATE-----
   MIIEHzCCA4igAwIBAgIIAVIBVAGQAEcwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDI5MTcxMDQ2WhcNMTIwNDI4MTcxMDQ2WjBiMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJmbHVmZnlAZXhhbXBsZS5jb20wggEi
   MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0D+gYLbGbk+9kaxnXg6z3rxI3
   MEjfblUKzvcqGRdmvEKveq94bJbGwd5eOGeTjfJAE7VvB3neMiwj57rkqDYyg4p1
   eYaFolDRu7WBNn5r8mSbtlTTi8RNTSaUrnxQ5LLmX6w04JdRzf9muZKYxcwi5www
   pEymN7ohMbKBkw0k7qcnybPsRuP5etJCClmr56OLMGY9MYhv7sSNJMqZ8chMUA1L
   a3OArHRvRbEpKaGJQJQCVyOLbWBcONMfw7t0PRWHry0pFmwwAU7jORMXa+pYl3Wf
   YDiELDGVbthtaYG7LvpZovsIU1nfHpQX5RD4clr7Tk8vzTs9MMW2yDvg5zLtAgMB
   AAGjggFKMIIBRjBRBgNVHREESjBIhhZzaXA6Zmx1ZmZ5QGV4YW1wbGUuY29thhVp
   bTpmbHVmZnlAZXhhbXBsZS5jb22GF3ByZXM6Zmx1ZmZ5QGV4YW1wbGUuY29tMAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFNKiIvtNoTe5FQse/Ce8+gCnHPIpMIGaBgNVHSME
   gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIBADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMU
   MA0GCSqGSIb3DQEBBQUAA4GBAICg20XdfbZQtpMnNs3NKDw5I6rkbpz32YyWTbc2
   9qzBj4bYapE6T1poMjffD91AtzRokc4P8BYC7r62HeGSh8leqUJ4JkW7Fwjug+rp
   2DCEZpBpuHj/xAlc6uKKEOb5ZOvbRw4QKU0Ou1NlcOFxgsjQFPQkMEmm/ICosYS8
   6XN1
   -----END CERTIFICATE-----

   Fluffy's private key
























Jennings, et al.        Expires November 5, 2009               [Page 40]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEowIBAAKCAQEA9A/oGC2xm5PvZGsZ14Os968SNzBI325VCs73KhkXZrxCr3qv
   eGyWxsHeXjhnk43yQBO1bwd53jIsI+e65Kg2MoOKdXmGhaJQ0bu1gTZ+a/Jkm7ZU
   04vETU0mlK58UOSy5l+sNOCXUc3/ZrmSmMXMIucMMKRMpje6ITGygZMNJO6nJ8mz
   7Ebj+XrSQgpZq+ejizBmPTGIb+7EjSTKmfHITFANS2tzgKx0b0WxKSmhiUCUAlcj
   i21gXDjTH8O7dD0Vh68tKRZsMAFO4zkTF2vqWJd1n2A4hCwxlW7YbWmBuy76WaL7
   CFNZ3x6UF+UQ+HJa+05PL807PTDFtsg74Ocy7QIDAQABAoIBAGAETgQNHf2eAqVX
   +U+vLwI2bw0lQtYb+vsIl3aJboptcDLHKndPCTZimRAqUp1bT73jwxJON6SxymnJ
   xd4lS0UuOO+kgsbaJ7+LgIm4HZ5sOyaDYfXj27OpsY724lOU1ckKRJ586Ss2xs7s
   HP9beccVbNdKHBmcfO6INbkCWD55nLspPlNOaRZwW/h7ID0hT+Kd4e+U4Kz9TeeD
   NsmugwrPaNX3T1R1QBPK9HDLv8cyo3AJskfN7K+14tY+bkwAH+6IySq2JvhUBHnZ
   xI/ieO0SeX+kG2nEk8nkXlphyrUJ5o+HQBeWec8nx9jYH6jFN1fvB5GsLUEw9GHo
   AOe5YgUCgYEA/KwR2E/pq4oRy3b6WbH3tSktmCcF9nzmBn0fUGYliX0HRtnp1pwx
   x+OEUMsDmnwE4TmMJudzFYLRWbddm4pYHiqZGLjmd96UDUsjU+eV0INw4sebsoP4
   ymO7JEPt+ewOz07/+aKsqtUCeJUFXksqUmz8yPOkSRgwG7WdJtZvcm8CgYEA90bO
   gtR3Owc17X7i1eeNmpo7PHFuAK3b3ULqmLSQebIPBYTMBJ0GMPqSqHcCSYwAuT3O
   HIH6i7B7I2GniqgC2nGaN962yy1nh3S8NnUuJ0LcxoMoDSpy6d2INlL27XG6K9dv
   ROLhVylPlFnlo/QEWJy2OrzXtRPQOYAMJS2iLmMCgYBZLPmXWIzl5/Lj1ngBFBiS
   rZfT7WHjXq1oeNyGaaax4Zih3uLyxWmkXJ4kTaJV8ZNfUgou6NzrKKJugZLeBHOZ
   IfuqiAd/IuUp0+0B/egYEWvT/hLrbDxwYcZ4xCjHXhLUA9O/7TP3jvoySJX+c5Ta
   RnDpE2RWD91ayjxOqrvmrQKBgQDw2OWiJoGvW9mZ5mHYiL2y3RBfUfgb7ztcaqYH
   cK/b6KOa83qn762tHRKlxazTp+q4gstzluJLFu0JTD+c3QJSdB4K1wFiKmpRVFFS
   FZaLpSNWsz7afAMLaLwYdXyPT5tOwnpdNULY26LoUxtKMw3cpV8VHQRZGeBRcTfj
   KmxyEwKBgH/8LJfit80sEYSUB0MDa8diI8Bc/BJwHJYgZpihpjGXh0YFGN+laX9+
   CSgbG9FyvSTO6fRhRlhRSVlZt4fcx9woMXcmG+PzITLcCdaJHFOuqWUS8cPa+II2
   NW30dkcLPKpxa8bOBC7x6mxYzdw4GfpZmQlIo9SS6NwqU7sHuqpC
   -----END RSA PRIVATE KEY-----

   Kumiko's certificate






















Jennings, et al.        Expires November 5, 2009               [Page 41]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN CERTIFICATE-----
   MIIEHzCCA4igAwIBAgIIAVIBVAGQAEgwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDI5MTcxMDQ3WhcNMTIwNDI4MTcxMDQ3WjBiMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJrdW1pa29AZXhhbXBsZS5uZXQwggEi
   MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9KZU33jUDzO1UjmSEWEjKPjA3
   yzJJTZuKTRq0BOmwtYwPBeGzp3gePo5jTOUB3PAqzm26PlobjqmobPOErKuIFLsX
   1Wz4BsQEArBqm8951Z5TreerajP1SgIvCFHw9B/QOQQaLr7r9JSEQCYSM2mh/w9j
   QzbB/cvl3EV70rPgtOoDxvWu0X11YmblvRjDUum1sECSPOsMbj+a+lZWR/VRkUoz
   /nrRCy1JGLm6U7ZJ+It2ZTXOQHbAHhuOm4g+JduG20vqefF6hWyu7FuPFKSQqynk
   LEqvxU5gf11T50b4cesE3beqUZjfA9Pnuhi80oSmJ4F8t5eLkli8+5CQgkX/AgMB
   AAGjggFKMIIBRjBRBgNVHREESjBIhhZzaXA6a3VtaWtvQGV4YW1wbGUubmV0hhVp
   bTprdW1pa29AZXhhbXBsZS5uZXSGF3ByZXM6a3VtaWtvQGV4YW1wbGUubmV0MAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFP2goFhmLdm2DfWUq+4yspNxHAkAMIGaBgNVHSME
   gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIBADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMU
   MA0GCSqGSIb3DQEBBQUAA4GBALDTtkB6X0HQ08QnmVQBCex1/TuZ5I+sT8IWayp3
   6rXEtRrAvnzgC8wF5qIVevL6jo6D2lShR5EEeu1ICxJzZuDKTZu3aen2XJgyhLds
   MuxlHWCZ+Gxlo4EPzx9cc7NdW7x62qoHr2uyhrdvkNsqUfBl1TJRNc9l+RmdAzwa
   t4NG
   -----END CERTIFICATE-----

   Kumiko's private key
























Jennings, et al.        Expires November 5, 2009               [Page 42]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpQIBAAKCAQEAvSmVN941A8ztVI5khFhIyj4wN8sySU2bik0atATpsLWMDwXh
   s6d4Hj6OY0zlAdzwKs5tuj5aG46pqGzzhKyriBS7F9Vs+AbEBAKwapvPedWeU63n
   q2oz9UoCLwhR8PQf0DkEGi6+6/SUhEAmEjNpof8PY0M2wf3L5dxFe9Kz4LTqA8b1
   rtF9dWJm5b0Yw1LptbBAkjzrDG4/mvpWVkf1UZFKM/560QstSRi5ulO2SfiLdmU1
   zkB2wB4bjpuIPiXbhttL6nnxeoVsruxbjxSkkKsp5CxKr8VOYH9dU+dG+HHrBN23
   qlGY3wPT57oYvNKEpieBfLeXi5JYvPuQkIJF/wIDAQABAoIBAQCI9zv5WOawGsjZ
   icTUYwxJjB/jtjhyBUSTLmMgZ9JBxiJkmlCjgaYi2A7Hbdz/rVck15Vx3kXmYDUO
   I91reo81GDWj+0BMkrGJad0NREZFJFzgoDH31w1KFU1herfCLTF/1ljXEHPja5PB
   8qTeVuWsi38702YprrfddtHE53qhP3xWgzhYS8jcGfBYCccC8lPYPiHaU4gqErF9
   Uxk6JGOS0D4iCY8Y4mvSQvWHHiYFVegnx9uuUCChX8CQtYZJvfNdOHJszlxxnGy7
   O8/EvrEVrO9hmTrbG10nrFu/RVFUQDrY8N2ngtsVXYeso2aUT+Hnhzg6FQBLZXKh
   lOWejTCxAoGBAPnY0RO5JAoaFjhYmlCd79GySUfBsrI50np6KNdrtWsylS6EETdv
   QR5PFZG/sr3U/ez2FD2NadGABl1rMthSf4MT6J4oiMNuffLocXkVeXwUMgg+eHu7
   rn0gDL8ZjzVVcwQPVsodjfJzC76Cbjb8JZoLxU/pa09agFTIDe2YDF/pAoGBAMHS
   LNA6w0b1O/ZvQj0bZ6SLiPgydufodU6wvkxNBj+93k64eq/+S53SeDQA7oJpFBMZ
   2kEhgEObYbYY+ZH9GGbsIJMGYcCG7dqXqpMljs4RM99ef5QrdzdDFUDRmRbd2Z+d
   /28cEFsPeMKqU/kPTWZtjrJf+HMybQU4Dvb0Xe2nAoGBALJtX+r49j7soF+/Dv1x
   vToBXAoNz6MuXh0vrokhl58lsZpVoMH5BwUxL1M2Ft0xBeK7XnsSybZe+qyuiNIq
   IHwotKB2jC0ddH8L9zWk22x8M7rlej/LKfKb995lz3skOg51MeMHtj6mYIW+Oh20
   dtoLe+704Lj8BdgGQsQiKPw5AoGBAK/biguY9auBQNm1Uy1smxpB/JHt/9MlKKKw
   XMmQLXZSSM22NqNOoL9ewu+0VLQAsVUvZMcppV4yMnLtsCvUr3pbDqc36COuiUuH
   xx3huvOfyigGbs06rt12QWdhhXyo6BcaXTQsC28D17cQokZdqwWfrBSOXTfwbdiJ
   Z5KMYFkLAoGAGL9UX9Dea9qnsJZUryxhTxo55ggbKBcJQv+syT8veEJFL9oBsU+b
   bz+OXOmw0GauPywgok3qpLZ+4mxWs4sX4ca3c/eVCKmpUJ4oWnarhEn5n+jIiWVo
   wJP99QCcEdajdf4r/E8tywJ7LgiE37YMQYl9oWOYexOQNg/HRqtM1VU=
   -----END RSA PRIVATE KEY-----

   Certificate for example.com






















Jennings, et al.        Expires November 5, 2009               [Page 43]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN CERTIFICATE-----
   MIID5jCCA0+gAwIBAgIIAVIBVAGQAEMwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDI4MjIxMjAwWhcNMTIwNDI3MjIxMjAwWjBbMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZI
   hvcNAQEBBQADggEPADCCAQoCggEBAMdgCSziC6aNLI+G60dyTdwgpUhpnMZ5czpl
   5HS2gJlPbqQbG29ckSl8EaG9rSXGQqOWu9jIEdgqvDlf41+aVPUMd0TG8O6nc4XQ
   0dc0ltgkg/4dp16UaqZ55ovWlgYxjdpN8XLAopxIydIfgCdgUrgSzEN852ast24H
   vOfVD/pBszdPFjNx/G1zF7Vli2UDNIOOmH2LozbxpzeUZa/dEyn4G8KL+gUDa0sm
   rqmTq10M8wiEnhbAE/rajxy2aZUEbcjPwBKP/ScqyxYW/cL6lP7oeEDkWqyn79cX
   fej4howWNf8+Mv1DHMEgCCyqVqYXT7x0sF1XuqUZtCBG3TY9FbMCAwEAAaOCARgw
   ggEUMB8GA1UdEQQYMBaCA2NvbYYPc2lwOmV4YW1wbGUuY29tMAkGA1UdEwQCMAAw
   HQYDVR0OBBYEFCjMmytPfENcna2Wi3OiT1hdMNQEMIGaBgNVHSMEgZIwgY+AFGtG
   FxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
   Q2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoTBXNpcGl0MSkw
   JwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eYIBADALBgNV
   HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMUMA0GCSqGSIb3
   DQEBBQUAA4GBAB+3woRDkNIGgUdI5xQ5Wq2gUzb7b9fhv7FlmP2mxeBat1+QCKvU
   hSrRV/IOwSZD3uEmHu+QlZRudEU2AUHOQ8KRVN01qG5XO7I0carU6jSqjI7d4aQs
   BUX7uDgMex9P1zzXaHxXV20Txj9E3f1r+2WWm4eSlRCv50fNcmxu12D1
   -----END CERTIFICATE-----

   Private key for example.com


























Jennings, et al.        Expires November 5, 2009               [Page 44]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEowIBAAKCAQEAx2AJLOILpo0sj4brR3JN3CClSGmcxnlzOmXkdLaAmU9upBsb
   b1yRKXwRob2tJcZCo5a72MgR2Cq8OV/jX5pU9Qx3RMbw7qdzhdDR1zSW2CSD/h2n
   XpRqpnnmi9aWBjGN2k3xcsCinEjJ0h+AJ2BSuBLMQ3znZqy3bge859UP+kGzN08W
   M3H8bXMXtWWLZQM0g46YfYujNvGnN5Rlr90TKfgbwov6BQNrSyauqZOrXQzzCISe
   FsAT+tqPHLZplQRtyM/AEo/9JyrLFhb9wvqU/uh4QORarKfv1xd96PiGjBY1/z4y
   /UMcwSAILKpWphdPvHSwXVe6pRm0IEbdNj0VswIDAQABAoIBACW1MScO/ZsbekEP
   CHKz2Kv4dKo0Z1VWZQe3e7TjS4Ezd76L7e1q+X16HK+Veyj4zWO5P3/pnw5eTskf
   LJbJTqYmHGyin7DTdNLrQrTMGnd4uIoYO650rZMc3RC3nho/xw9xzGeirV6Xmawn
   DwrjeeGclItzFSTjJ7IkvoKuVl5DNzDAY2DA4YIb8uTYPsqX/jFMaPwxFFhT+mXJ
   LX+oniwAsnihfHeXbFiTF1yEw4UCxn3xQ5YE8wZshG+8yjHyLzLAc8NQ7XnCkze8
   G/En/LwwTAaX7L5yRSjBeb8Mp+96s11LtlzR+8uGVbu6nfcXbVTD2zYxuLiyp2VB
   EZDaMQECgYEA79YZvUGhNt7F59N+oFpL1xaOjPprN7HV3OevJ5k2sue8B/NjVb5U
   RNDxpANkyKh4wARzR25DEAh103XKlfsPOMCdZ9t/3zdOrl5SC7URPPEd4QGvWyKb
   0KiNbwIQdSmiPHeMLsT/+pXu9HbH7key7Sl0pdGwvgNI1oy5xy3dnTMCgYEA1M/b
   mviLD48Zzb3GtMnZHf4uh7W58muNsy9gAEFb4eNLFSpi11m/5s1+YiqB6WwkGjeF
   Rrp8tGcNyOK6oaAa0G4g/CrSY1GHdDhketD26mFVhbwpYkvr3oPjFcTMnqbS1uTs
   c8dniGnknMlP5e1jh4+GyPg6o+/1/6LIp4nFpYECgYBkg2wiHwE7h72VXNOyzGUA
   bZmsh76rhsJEZGzJwbJk5C2vf1dgNfYHKTI8NJfmaITCpJrTkuhULdeDmdgfZyqH
   9GGDh0BeAkXdWfY0pdvlmH+XLyeYoDaBCkLMBSd0ktBFWyzK5REKqg+NMMK1oCLi
   tf8HB4x09ddu42dwjE5WdQKBgF3SSbIX008HusuO2DTKLHNhpWflQVZT/oO55iwW
   pIiA6ZAqQKtKgSUjAY4LyXx8VapNQe+9tc7fBB/FfZxV9pxfgSFLS7fHsN0XI41V
   5RXN1aOBIgmZCSLvqETnn4Jub9OX13rvtYBZlxVcV2I590BDkZu2fDvcReru/GGI
   ht+BAoGBAKpKk0umVaTdJyrZQQtXy+vTomQPKA9CkAkY2UEtlaMYe6+/NfxG0Kwz
   cWBUlm18LQkN+Xxzfv+fccqgq9bWDxXQOQN4+4kzNALCtpRiVT7PetXyxlIqHSvW
   dR/DaSj/2QyIkamHYlQ/38X/dfgIXWSSRz28HOfBl+KRY/Hr+McO
   -----END RSA PRIVATE KEY-----

   Certificate for example.net






















Jennings, et al.        Expires November 5, 2009               [Page 45]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN CERTIFICATE-----
   MIID5jCCA0+gAwIBAgIIAVIBVAGQAEQwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDI4MjIxMjAwWhcNMTIwNDI3MjIxMjAwWjBbMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLm5ldDCCASIwDQYJKoZI
   hvcNAQEBBQADggEPADCCAQoCggEBAOQ2eHy6Rcp2qJwG5nOtjPapW28C0KJgFDWf
   VF3cFearrhGJh5HznphcjhUnyfIoVSn3PA138ZWZ4ecZFDyAgB5gXYfgs3rXGAD6
   3d5iGYeTCT2jV3z69ppZdlDK+sMmySa2N/oZYaQfkHz62MdA0pT58oLPvi/PKWrz
   4EEOAYUrt3u5bCaIK+jt1KkpVkXBitxdlHDHmne6sZ+9foBQnPxiB3FRVPvX3c2K
   fzdMfru6PCAyC6wqR/ZJ2ExoH6AZKB/mMn27WLs1IKdgJecYMh3jWHnm03ZN7sG9
   JT3lSh7HDmbPtTzf8k/v9khx+0jOF9oGAuubRDB7Jmu3Fzr3wGUCAwEAAaOCARgw
   ggEUMB8GA1UdEQQYMBaCA25ldIYPc2lwOmV4YW1wbGUubmV0MAkGA1UdEwQCMAAw
   HQYDVR0OBBYEFC2E2M9LFIlojb9rx+9mOPAye5W7MIGaBgNVHSMEgZIwgY+AFGtG
   FxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
   Q2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoTBXNpcGl0MSkw
   JwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eYIBADALBgNV
   HQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMUMA0GCSqGSIb3
   DQEBBQUAA4GBADsZEm9o1Pjs0zA7AST1fu7IdkxIn6aEdXCRQ/HQn5QCg2qzVYjb
   5rvv+Fj5Jdj0SNm2fXD5NX/ny5Bcq26mmMzrB5GtZAYPyNxmWvX4cN1MrKLGVVtB
   wIguHgGYgF1AWhCguOMqSBxaI98+J4VMQuJ+w2NR7sW+wtyc9KMCW3OT
   -----END CERTIFICATE-----

   Private key for example.net


























Jennings, et al.        Expires November 5, 2009               [Page 46]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEowIBAAKCAQEA5DZ4fLpFynaonAbmc62M9qlbbwLQomAUNZ9UXdwV5quuEYmH
   kfOemFyOFSfJ8ihVKfc8DXfxlZnh5xkUPICAHmBdh+CzetcYAPrd3mIZh5MJPaNX
   fPr2mll2UMr6wybJJrY3+hlhpB+QfPrYx0DSlPnygs++L88pavPgQQ4BhSu3e7ls
   Jogr6O3UqSlWRcGK3F2UcMead7qxn71+gFCc/GIHcVFU+9fdzYp/N0x+u7o8IDIL
   rCpH9knYTGgfoBkoH+YyfbtYuzUgp2Al5xgyHeNYeebTdk3uwb0lPeVKHscOZs+1
   PN/yT+/2SHH7SM4X2gYC65tEMHsma7cXOvfAZQIDAQABAoIBAC1K/kjK83UGbdph
   qDVHOZXu8N2scln3tasazzS9rH8WjbqfUA/QiSZ2ICDkv7jW9mgY0ItfxcvKOcKT
   AKgtXMAqogWIvDZiIDp5j7VGRQjaTtgz5fZBHNZvcQMB9hjrRrrvKVby2KUpOpUD
   eCi7nc/Bd7csofN9Kxw2AMkIjZavQXvNLpOCxoNj5k8XwOyCvrQ5SUoqeeA2a+Vq
   FE1YNgmtVE2oFOXw/5xvrPIZyjfR9rwIijD7pUs1Inmrc/WZRYDKuYUfQ+DG0TiA
   IFv1zYcamjVEaOqBErI+G8wM0PA6bVQz/J9gdsmIUtXIXLWkxdD7+5VgVqkLXbOX
   kP+J4HUCgYEA+1zg6p0pMUdh54AU9qghMv1s+di8gBtxHLCF8LP3wFe1AHRgopfn
   NppDz6TjQjcc6+0OeHwLlgoEwSnR3+3ik/Ae4dn1Ynfzrw8RqLuc/hfRgUC4zHxr
   9kvqTIpV0R2Ytj4GaZW+xKTjzVHYR3gEkP+ItDGUXkT0T7w7I1UvAR8CgYEA6GxC
   rm/HIlhwyo9nT9hxGliw7GbiENc2ql79a3H/es7EkSdn4NvDq2dUHvSCinISHQH3
   +b0znHkGaQ3iFvlCdvA4yylRYx8WLvJI19J1K8dmi26BTAVvorNpWgvmSfbmZZHh
   Y61T4BAwi1SToXjcCcfu/2Hz7Jqxg3jXrXRmefsCgYEA5mMGs4NA0i3/ClRW4ozP
   gRDO5WFFxJViY01YNnp9RgodmEESoXRhM6bJKHSU54fkNkmczcnERM0B9poCByDe
   X4HijFddldcjvvwsz17GUg46tCFCQAp6WdDS+zx/058w7TiEYBokM9B+Cx5NAZR7
   evr7rU0UFCNXWg3IlmXpIzkCgYBVQol/hd+N2NWfaNWkM6jh2lEkl2UselZCT1A1
   Xv8yJLF08fioQtXXhbMVG+rbMJc2budxhJdvOfJBDWe3t75K9TpQRJrneprfo99W
   1IxI//+8/E+P/JqEG7502tKipWDFN6tvrkCLfETih6cUX8qQB/jDVEJvtBuUN/se
   VQnWiwKBgGrvslD5N2wGmnCxjBdMb2KvCPRq0t28t/D5plHgGpEC6k1rhRHCtXpE
   IK+QEb6/DWjqGYaWHamaVEfUVLrKPVA25hAl+nMg9qQYC0cufmN+Ufe9nLn47IY0
   NXOdHuhaYsf6g/UQEZKSj2wX9poBfAkXZBWnBYKOn0gfq6KjvW82
   -----END RSA PRIVATE KEY-----

B.2.  Certificates NOT Using EKU

   These certificates do not make use of the EKU specification described
   in [12].  Most existing certificates fall in this category.

   ASN.1 dump of Fluffy's certificate.

   Version: 3 (0x2)
   Serial Number:
       02:55:01:38:02:00:00:6a
   Signature Algorithm: sha1WithRSAEncryption
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
            OU=Sipit Test Certificate Authority
   Validity
       Not Before: Apr 30 21:37:01 2009 GMT
       Not After : Apr 29 21:37:01 2012 GMT
   Subject: C=US, ST=California, L=San Jose, O=sipit,
            CN=fluffy@example.com
   Subject Public Key Info:
       Public Key Algorithm: rsaEncryption



Jennings, et al.        Expires November 5, 2009               [Page 47]

Internet-Draft            SIP Secure Call Flows                 May 2009


       RSA Public Key: (2048 bit)
           Modulus (2048 bit):
               00:c8:4c:e9:f6:18:17:0e:99:48:d5:b6:d9:aa:ea:
               c9:78:14:a8:a1:2c:c9:ef:6b:00:7b:0d:73:64:bc:
               51:74:5b:bc:9a:48:2a:6d:67:af:53:ae:17:75:61:
               55:33:16:c2:8f:f2:1b:7b:e1:f9:64:44:50:3a:48:
               42:e2:91:8b:44:25:b3:81:32:d8:03:cc:c5:fc:4b:
               2d:10:83:3b:e9:a9:a8:f9:b0:e5:6a:8d:80:82:84:
               7e:f9:95:17:c9:2d:d0:50:28:a0:c2:ae:44:53:90:
               4b:53:d5:f3:44:85:22:cb:96:99:d3:8e:ff:22:97:
               1e:24:e7:3d:c2:89:ce:10:c7:05:65:6a:6d:18:44:
               ea:20:ff:25:e1:95:be:1f:03:51:bc:27:fd:70:da:
               24:cf:d1:43:33:d0:fe:c2:85:0c:f2:75:51:3f:bf:
               bb:b8:8a:ed:99:2f:74:a7:6a:60:a8:31:1f:71:78:
               07:c8:d5:63:38:2e:52:3f:2c:27:b6:42:12:0c:d3:
               b5:f5:90:89:f7:20:af:0a:0d:a0:a2:99:46:40:6d:
               ac:2c:7c:a2:93:7f:f5:70:28:18:af:14:e0:6f:0b:
               dc:a9:e6:22:b2:47:0c:91:68:20:1f:ff:18:5f:be:
               d1:85:5c:1a:28:f1:71:b4:d1:3b:68:e3:c4:03:d8:
               f6:99
           Exponent: 65537 (0x10001)
   X509v3 extensions:
       X509v3 Subject Alternative Name:
           URI:sip:fluffy@example.com, URI:im:fluffy@example.com,
              URI:pres:fluffy@example.com
       X509v3 Basic Constraints:
           CA:FALSE
       X509v3 Subject Key Identifier:
           2F:A3:00:77:AC:EB:4E:0C:16:99:01:3A:11:A3:6B:29:04:04:44:1A
       X509v3 Authority Key Identifier:
           6B:46:17:14:EA:94:76:25:80:54:6E:13:54:DA:A1:E3:54:14:A1:B6
           DirName:/C=US/ST=California/L=San Jose/O=sipit/
            OU=Sipit Test Certificate Authority
           serial:00

       X509v3 Key Usage:
           Digital Signature, Non Repudiation, Key Encipherment
       Signature Algorithm: sha1WithRSAEncryption
   08:26:de:cc:56:64:ae:39:24:9b:07:19:13:28:b4:67:4f:11:
   81:97:56:e6:f3:dc:84:12:e4:a6:08:d4:b3:f5:46:35:6c:e5:
   90:65:55:52:e6:92:de:b8:2f:f9:e1:fc:ff:45:1b:fe:5b:b0:
   37:97:99:b6:d7:54:30:d6:cb:08:e5:55:32:9f:0d:41:c3:76:
   49:fa:e7:e6:33:9b:ef:3b:dd:f6:f9:01:a6:61:8c:34:91:33:
   86:de:1d:8e:3d:ec:58:a0:f8:d5:f0:db:33:9c:97:40:b9:5f:
   7c:7f:b9:01:56:05:85:ad:35:af:9b:0d:c9:82:84:c1:0a:21:
   ba:99





Jennings, et al.        Expires November 5, 2009               [Page 48]

Internet-Draft            SIP Secure Call Flows                 May 2009


   Fluffy's certificate.

   -----BEGIN CERTIFICATE-----
   MIIEADCCA2mgAwIBAgIIAlUBOAIAAGowDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDMwMjEzNzAxWhcNMTIwNDI5MjEzNzAxWjBiMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJmbHVmZnlAZXhhbXBsZS5jb20wggEi
   MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDITOn2GBcOmUjVttmq6sl4FKih
   LMnvawB7DXNkvFF0W7yaSCptZ69Trhd1YVUzFsKP8ht74flkRFA6SELikYtEJbOB
   MtgDzMX8Sy0Qgzvpqaj5sOVqjYCChH75lRfJLdBQKKDCrkRTkEtT1fNEhSLLlpnT
   jv8ilx4k5z3Cic4QxwVlam0YROog/yXhlb4fA1G8J/1w2iTP0UMz0P7ChQzydVE/
   v7u4iu2ZL3SnamCoMR9xeAfI1WM4LlI/LCe2QhIM07X1kIn3IK8KDaCimUZAbaws
   fKKTf/VwKBivFOBvC9yp5iKyRwyRaCAf/xhfvtGFXBoo8XG00Tto48QD2PaZAgMB
   AAGjggErMIIBJzBRBgNVHREESjBIhhZzaXA6Zmx1ZmZ5QGV4YW1wbGUuY29thhVp
   bTpmbHVmZnlAZXhhbXBsZS5jb22GF3ByZXM6Zmx1ZmZ5QGV4YW1wbGUuY29tMAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFC+jAHes604MFpkBOhGjaykEBEQaMIGaBgNVHSME
   gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIBADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEFBQADgYEACCbezFZkrjkkmwcZ
   Eyi0Z08RgZdW5vPchBLkpgjUs/VGNWzlkGVVUuaS3rgv+eH8/0Ub/luwN5eZttdU
   MNbLCOVVMp8NQcN2Sfrn5jOb7zvd9vkBpmGMNJEzht4djj3sWKD41fDbM5yXQLlf
   fH+5AVYFha01r5sNyYKEwQohupk=
   -----END CERTIFICATE-----

   Fluffy's private key























Jennings, et al.        Expires November 5, 2009               [Page 49]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEAyEzp9hgXDplI1bbZqurJeBSooSzJ72sAew1zZLxRdFu8mkgq
   bWevU64XdWFVMxbCj/Ibe+H5ZERQOkhC4pGLRCWzgTLYA8zF/EstEIM76amo+bDl
   ao2AgoR++ZUXyS3QUCigwq5EU5BLU9XzRIUiy5aZ047/IpceJOc9wonOEMcFZWpt
   GETqIP8l4ZW+HwNRvCf9cNokz9FDM9D+woUM8nVRP7+7uIrtmS90p2pgqDEfcXgH
   yNVjOC5SPywntkISDNO19ZCJ9yCvCg2goplGQG2sLHyik3/1cCgYrxTgbwvcqeYi
   skcMkWggH/8YX77RhVwaKPFxtNE7aOPEA9j2mQIDAQABAoIBAQDEaOdiseyqHBUX
   u91lhCVa4qcYpNq/MqWeBGqK9T7KYspmXy17api57ZSDPZZWKpNOo5HfwI7Ui0hA
   Xmt30FBH2tBSeJDp6Pqbkvv1nTo6vms7rQLJoUfKtDHuewx/8bS7ZZt+S3QknPHA
   m6OYJRUhnePpV+dG+/hLJ5WgFZFDUKhXf6+xkfks3N/gi4iqO/fpJZM+2xvjQNqf
   l1YmzhWoDWI/mmDR0CSnomlUOKc0khr0WOO2K5yeJTJO8cc2S08KX9Tr+idHZoqK
   FC/brIM0J9v5ObNGUqhtpSz97MJ5cvms+QO7gmOJkC/wbeGhIyY19xLJSmAtGso6
   mBz/89iBAoGBAPAKzgZOHZgaMEWKaBBqg5QU/M39YXYHCYPDv9UNyPE+amAvGfuV
   JZHAz4pOcVzfdkf7eOsX2YcGV4qC/THHfG6/rwIsQcAF5ovuIm28XH60VrMwlcES
   jfgx8wZXMIgJZXw9+7fHALh6nttFN0dK7ZyFcZazq1qwoIcFnjSCBX41AoGBANWd
   wgJ2ZXwpVFrSVjXjZBotypsuUr+NvadoODX7l/OWlYdee9+jugoimahKHTQr7nBP
   AYiqa+5B1GuOBYHNrrQCetiD/1Pc96bRu93Hb1v8/N8qiOobrN8P8ZhvDa1doRLz
   BxCNv38Yhi4Anf87GqqnZWVG8r9xlUjPXEjSi7NVAoGAbPRKjZwZXLfOX1IyZ/kg
   3i8kjI9NFJifHfrU8Oy/35h4Ck522bXaBq1gxqNSW1hmxMeFHBiIOPyM8acBK/4j
   IdXJpw/VjEZhXfRqFisgRLawf8c2whsc66IocCFVOvog4WL1BXbDgfjOcDKbo7WD
   4r7DTycgSRrQ0lifda/qtF0CgYBKTZGKYbxzL70Tyk4KeIn9QShUSgymbJsne+zx
   eg4kwKBKcecMp1qy484m54C5AP7zOcgCzaS1P1iwALqRqAW4v5QTc/aAKUBLWnDK
   d/CYQquCxLzTEcVT4avbpeVQBF1exgITE/skLled8MEEYn6oFYoDbGZLiSqwJNCo
   0/Ob8QKBgQDh5zhQd7wfV7DCHhxacso0co9SwIk7IX6/MsrL9vRoPB9qJlJLcLUR
   SjJxCycnJq6uA1Fk24KDmiFppe6VB3uAHsOktzGFQ6rN2Y4F6h+XiwlY+pu2nK/3
   2dL4K6mIQzObQRvjChesqs/HmdmKxpDGCFH1H7JKEHjoTdHLWie1tQ==
   -----END RSA PRIVATE KEY-----

   Kumiko's certificate






















Jennings, et al.        Expires November 5, 2009               [Page 50]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN CERTIFICATE-----
   MIIEADCCA2mgAwIBAgIIAlUBOAIAAGswDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDMwMjEzNzAzWhcNMTIwNDI5MjEzNzAzWjBiMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRswGQYDVQQDFBJrdW1pa29AZXhhbXBsZS5uZXQwggEi
   MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMo9o0vL0mReda5lLtBEyQFrr4
   SG8/bHQ6vgYls+5+S/rwLcEayXRHyPqYoBc5Homl4FZkvtTQFJ96A85SeIhErf7J
   yVagTRSUcpk0eOBtlxur0y1O72tmUujMycoa/mMepbHSzvfJtLr4b8BEVA8PluGY
   kw8LV21tl8wOExpX9of2QY76Rk8/lhvcW5SGBiKzbTiZaKuyySdGSb6bZKKIeQUw
   Hv80AeaacdSk98VxJsMwTypRSLJfRSfPCOTzu5XtGB8QVjIINjnzJRsbt5i/h3Iy
   I1SGW/j3RrgKOBP02eg5snoGbfJRwxvuC1nh90k3CmXs/3k+xugIF6Yudz5nAgMB
   AAGjggErMIIBJzBRBgNVHREESjBIhhZzaXA6a3VtaWtvQGV4YW1wbGUubmV0hhVp
   bTprdW1pa29AZXhhbXBsZS5uZXSGF3ByZXM6a3VtaWtvQGV4YW1wbGUubmV0MAkG
   A1UdEwQCMAAwHQYDVR0OBBYEFJRQpMOT7qyBSBOm6uIyMQdmRo+tMIGaBgNVHSME
   gZIwgY+AFGtGFxTqlHYlgFRuE1TaoeNUFKG2oXSkcjBwMQswCQYDVQQGEwJVUzET
   MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
   BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
   eYIBADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEFBQADgYEAfqRaxNc9QXObxn3x
   LWD4NRLvzrYDKdGeIpHBfqoobA7QrP8Z0eAO2ec8z6p5/MR9gqTRi8eHB6z/DoFx
   l0Ilbs31UNUBjS/ymB6+dInXfHbrjOINi1y1i1hRx2gftvMPaTX7eBD+CZLap9j6
   wsAIErFUgng4nwt7K4rHOz49Op8=
   -----END CERTIFICATE-----

   Kumiko's private key

























Jennings, et al.        Expires November 5, 2009               [Page 51]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpQIBAAKCAQEAzKPaNLy9JkXnWuZS7QRMkBa6+EhvP2x0Or4GJbPufkv68C3B
   Gsl0R8j6mKAXOR6JpeBWZL7U0BSfegPOUniIRK3+yclWoE0UlHKZNHjgbZcbq9Mt
   Tu9rZlLozMnKGv5jHqWx0s73ybS6+G/ARFQPD5bhmJMPC1dtbZfMDhMaV/aH9kGO
   +kZPP5Yb3FuUhgYis204mWirssknRkm+m2SiiHkFMB7/NAHmmnHUpPfFcSbDME8q
   UUiyX0Unzwjk87uV7RgfEFYyCDY58yUbG7eYv4dyMiNUhlv490a4CjgT9NnoObJ6
   Bm3yUcMb7gtZ4fdJNwpl7P95PsboCBemLnc+ZwIDAQABAoIBAQCF9kVj/KH+Kgi3
   0ss6aXQNZzPiUNiytjaoNbkkeVOIzghprioZdQNv8rtJqpNJSxpkwiUMMnhx9u4n
   G9K23jymaRi/09OngI4WV6a/WNniI+dzZfzlDYpLI79OQFLTtPACIgn0rJQ9MNis
   xcshb72kQOtRzAMvM35pHdPw6sR2C7tgJARA+kd01KWQsDdoUbmoFNus5BIJ2O8f
   12fbYmX4BPCByGi3uXywuOKkXrxfVwmP2chlz3NjwA1ptdad6Yfa7vy7Yp2Jg0mN
   MHuIohLwolF1jTJExCWe9QPpWzkT5zTTCqFnRyDX953UWiJiizPTDGySsjKcS/Uq
   ljJg27ihAoGBAOlLrH6+SIevLq6Z72f73P4xEdZzhXJogOOskijNbjw/uuSHsdEy
   SL4mSRL3/GBCpWXjurOJcBtjX98qwdrscZhQ3HW6cEFX9BrcC8LssYk6jcinIIK2
   FMh9JpF637wWvo+kiK9dJLSOUW+KTIHSdCOqIEqxVRjfN9Ndk3a0PYIvAoGBAOCO
   QRF+UXu3PLlU9Sdkkr+PJbeDwFvHycelwWu1PsvOQb8Xev8ayKh1XfmOU6r79Ke3
   IdWyESyqy1gGuhtGXDo7rjg4oKgjz96GA9jBfoC8F3kpotuiuQ0Pz+l3eE/y0qaP
   ILgRgQt0UVU/GIlvJ72aLw1oF4TFAgiuULIXOBFJAoGBAI4H1yV2fTu16Gq+JuWc
   jadngl+YBwdnHgj+OCGFJ/agKg0Vm6krvuOc9WIJ/ekwyfdlFHZXVxwlfOml402A
   I4xCtmUqM0tk26U6kCKE7XUJY+Zj8UQCzFZe8wsgznN5OVzEI773qvANsQCCJx/m
   W3SXD3/JxHAW/aq9zpg3FTdbAoGATwJebJxIaUIwsHjvBRxC8fmY6LgHr4NdQMzW
   gGI2JRl+UpEdarLu1S7ukMb+M1QRYg1ybzEHD/NMNr2vL7eS7b5f71IlXOO02PPI
   WLTEIOGNVMlMjwDzIWBl5BxwDZk/evEzLvChufkEQP1BUeH1VqXwVkRAuitjKtDC
   fdbjmFkCgYEAruDA4aeOd6ElmvAXR075Qf+0fg5kgmjq624GGauxfG5armQtvxZe
   guoYUETHIzUiyjAnOCak5k5Jad0ZMdOth5vvjSiGfnGDq2U7L4xcQObpZjCdIUVt
   tfVJqzOZxpiSeGZEsDbhgXo19ydHxGcPiTs6XD/2h3MlEVoNUT+t9b8=
   -----END RSA PRIVATE KEY-----

   Certificate for example.com






















Jennings, et al.        Expires November 5, 2009               [Page 52]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN CERTIFICATE-----
   MIIDxTCCAy6gAwIBAgIIAlUBOAIAAGwwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDMwMjEzNzA1WhcNMTIwNDI5MjEzNzA1WjBbMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZI
   hvcNAQEBBQADggEPADCCAQoCggEBAK2x9ZEaSvqBVpvdG2iyCO66Ryp0ZY0YI8EH
   v/nx1F9ZqUcaJrN8Kv0DGP7mJFxQWy9xaJSL4LU2xvdVEqusr2TXYhTzbTJvFO9S
   TdRGqQqwpqKQSvyaxjrTTGC1B2RRUdVvqr+Q1eyiACxiXjnPJxnFAdRVNj/bxz7a
   sekrkw2jChBdLBsmq6RRbLpmmxOB7/IIub+pZ+QthqHUFS/I/Y5mHd2QB9VCwMfO
   zQUVtik/D4JfwwWFPRR9ScjT2kuIDL55eeqgEfyultBv5pex4O0AHaoU+Ja2o63H
   5jcdzuV26Z5A7MoIg1+Xjg5RE0K2OOpMn642lIh2WydqsHYXI+cCAwEAAaOB+DCB
   9TAfBgNVHREEGDAWggNjb22GD3NpcDpleGFtcGxlLmNvbTAJBgNVHRMEAjAAMB0G
   A1UdDgQWBBQxQBBUszDzhuSJyTDpNZQ+BBLxATCBmgYDVR0jBIGSMIGPgBRrRhcU
   6pR2JYBUbhNU2qHjVBShtqF0pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
   bGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcG
   A1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwCwYDVR0P
   BAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBABUwuaPt8wiTkxjT0uKn7ouOidr6F9aV
   WyZ5KuPnkTPiZWKwyW8SAN9+6iU4BJNvj/3sPxu/lrQy9k+YzJ/a7JHbZgVPVI37
   euMOu9SgV2Nc2nakkYwONRnQsnsMBd3NkcL2fgBfV2vVbLNHygaqb1u9XXRr2VWP
   x2FiTk+jxdye
   -----END CERTIFICATE-----

   Private key for example.com


























Jennings, et al.        Expires November 5, 2009               [Page 53]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpQIBAAKCAQEArbH1kRpK+oFWm90baLII7rpHKnRljRgjwQe/+fHUX1mpRxom
   s3wq/QMY/uYkXFBbL3FolIvgtTbG91USq6yvZNdiFPNtMm8U71JN1EapCrCmopBK
   /JrGOtNMYLUHZFFR1W+qv5DV7KIALGJeOc8nGcUB1FU2P9vHPtqx6SuTDaMKEF0s
   GyarpFFsumabE4Hv8gi5v6ln5C2GodQVL8j9jmYd3ZAH1ULAx87NBRW2KT8Pgl/D
   BYU9FH1JyNPaS4gMvnl56qAR/K6W0G/ml7Hg7QAdqhT4lrajrcfmNx3O5XbpnkDs
   ygiDX5eODlETQrY46kyfrjaUiHZbJ2qwdhcj5wIDAQABAoIBAQCRYwvxUNjBpdEg
   1YpDsAHaEQHQf20hFLuYryv5wnnI9fvDEBik06IH9bfOZES7IGey5nJrJEoKZLdV
   /1eJaxnEhqQKdVdJh8E2MOYEcMC9ue9A0xZxKfwS8RpVODHfvlGJHdcGUe0+DLuo
   aw4DxWktIMHPQSQPf57e9Z9FVLvaBOU8cgqhK62YpzSe53g97EXGKF+rMres/6Mx
   hLZIgNKAyPzS7xhUJSYScMk8aWubj/yJ0soGCmB8KWPaFyFsDd40mz0M3I6qEVYc
   dFy9cCgsTHdPLRbUqLon5ferQFQhQpZjKhn3a0PxjjnRXcKXqDHSBpVAla5P8ykN
   A59L5EBBAoGBANN+f5XZrKTiSYhLJsGC+PU66rUJiCsRNcjCvPKbLKFD31pw4xjY
   AoFKwwmoU7NrA93NzC7ijwmnTuhS3IV9TDiEuX3lb5tQPi/fs4LxJwD+p5gd1X7s
   rVUjubqtLljPTzRtjnV0vkDgmpl0YubtvQfCzqpARfUxSNeGb+ODAIOLAoGBANI/
   LIP8AXr1dG9wM3V759P9DX1SP/zMI4igqw3C1aeDCLJ+baMS6qFq8bler9Qzl8hD
   8U6BLCfSiNdYfuACd6pAIJjvYPGyJrQoWihbB7GdrrWUcOCpLgMCa4HjDUtLUyqU
   Q9I8EKzDhf5F0Y6IXpWlt35zFA7Br2UWtazOojyVAoGBAMb+300/4xHBWS7Eh1LM
   yTL0nKJ6tYTQTKr5kI81MmkKU73lOcjGdpTwo1MS7q6CosCwQs5anfuXUMeIL7Xq
   jy0etOmgV8LrXZfuBBnQjcKB2W9notoqF21kj/z1tgYaCYxrCP+7OMgSjWSV/fkK
   +DG1On82upxaIw+njt+jA3jBAoGBALVbsTaYp149ZRbLnlf1beC7JGu6C2AxZ2Vv
   0p2oN0ysB1CRJlnI84QSEDlqqBlP99nUYc7qNgCT5157A9aPylGdx4Ck3OcgWaqG
   NF8jRtu7vPz88vGYfgwyhjIgfVM5wp+0DVzIW0nrzyWrbDya/ZvwuvvkoKSqBnYY
   xNYv2FqRAoGAXjAUgIfsjZcx69SwC4GkZdrq3ipoqEUxgPqZl46Nl79WAYaBmCd5
   4R8sdhVY8j4+CHxmluv9f3FTqtomCkp1XtjihUtyihKl/xC6Xgk4EnPg88ZaIX70
   Dok3E3dzccrCjhdhogYPhKV4vp7n3yB4fh+FutmD7GhTDFM34NlEBuA=
   -----END RSA PRIVATE KEY-----

   Certificate for example.net






















Jennings, et al.        Expires November 5, 2009               [Page 54]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN CERTIFICATE-----
   MIIDxTCCAy6gAwIBAgIIAlUBOAIAAG0wDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
   BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4w
   DAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBB
   dXRob3JpdHkwHhcNMDkwNDMwMjEzNzA2WhcNMTIwNDI5MjEzNzA2WjBbMQswCQYD
   VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux
   DjAMBgNVBAoTBXNpcGl0MRQwEgYDVQQDEwtleGFtcGxlLm5ldDCCASIwDQYJKoZI
   hvcNAQEBBQADggEPADCCAQoCggEBAMbRhCP0KuQJqmOR2Fo/DZx6tx/PpnKhZBpu
   Euw8PkFpmQBm/p7MvpzicT/iEwWP48PokCRwwK9uB1tMTMXObyM2cv4q7vwqV8Bp
   3afhG2GLwxuoUAl4quS3/31nnnwE2+sKORLrFDQ80lm9G6DRua4AKTXbpsNbHB49
   MW6bHe6Yil7YUd5/n+OMu7EDWgyham0rrzjNdbR8gLl+Z6Up9jARWwwaWRKGxJGh
   Dl5kWLS5bmlOqNOnomxisttnDwzbrq5aWn5Wz3kjRqlAjgvhtEiotYLDetpILlSt
   m3jUYGx8OUzPUSGNYDBxrr4kz2ltidJfdtcbQkQJ/w8NKxeZWekCAwEAAaOB+DCB
   9TAfBgNVHREEGDAWggNuZXSGD3NpcDpleGFtcGxlLm5ldDAJBgNVHRMEAjAAMB0G
   A1UdDgQWBBSxkh6t3TKqE/MN9yVjRnNfwUyUAjCBmgYDVR0jBIGSMIGPgBRrRhcU
   6pR2JYBUbhNU2qHjVBShtqF0pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
   bGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcG
   A1UECxMgU2lwaXQgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwCwYDVR0P
   BAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBAByhC23DAxjh3PII0wvqZxMh6WbQJ+JB
   x2tpAywGbNvEpL7yRqJCwLoMofWsBOnWRVEHl020h9hpqjFTNWhq2XuUh45yedEI
   jhFBgOpGn3qWUnGLmbT6iLzCPayrvTSRWpt7NnMyAQJdfRXlZN3gl+czyKegtfki
   l9Lb3Ne0UpV+
   -----END CERTIFICATE-----

   Private key for example.net


























Jennings, et al.        Expires November 5, 2009               [Page 55]

Internet-Draft            SIP Secure Call Flows                 May 2009


   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEAxtGEI/Qq5AmqY5HYWj8NnHq3H8+mcqFkGm4S7Dw+QWmZAGb+
   nsy+nOJxP+ITBY/jw+iQJHDAr24HW0xMxc5vIzZy/iru/CpXwGndp+EbYYvDG6hQ
   CXiq5Lf/fWeefATb6wo5EusUNDzSWb0boNG5rgApNdumw1scHj0xbpsd7piKXthR
   3n+f44y7sQNaDKFqbSuvOM11tHyAuX5npSn2MBFbDBpZEobEkaEOXmRYtLluaU6o
   06eibGKy22cPDNuurlpaflbPeSNGqUCOC+G0SKi1gsN62kguVK2beNRgbHw5TM9R
   IY1gMHGuviTPaW2J0l921xtCRAn/Dw0rF5lZ6QIDAQABAoIBAHxgwCDZ9CcaoNyP
   deDnRzWYU410EzXtHzmlmPLusSeszwnAZROlFK4Cv0RuwuWc4alCiUIyw2g8FiAY
   eILapQ5LVt8Irt9UAfeegwsuOTnp/FIGFqQGOCrDrPKf6za8t3OvvorGQ6p2TkXT
   l0AhU961vRIzan0WN133fEAsjCohavopWJfPKVYROsdqOEeqtw1m1QW7a9p3jo/L
   4jBw+xyLnlis5D2xxOjDjvRWDP/NEKAoWPBS4+VFRAnLdqOEIAqBVG0Q+SvZ6efy
   ViI8xhBMq2rda29rNMZkdK5cEr3X0g44YzC70zWgMuXiOIzLYxCEKw9BfhLQPOFw
   YOTNGYECgYEA7Orf2TDxScuESMJh+tlqXjssEbU43K+ox91NVh+U4gvmtWLUHgxC
   EYT/j+Fvd2FoRKfhWEoVJ9K24k+admPdDv4YIPxaUuRlSxmo8FeHhzY62Fkv8Gss
   sCf7SsJ+HLGZcOlkF7ed/eMn+XzvWgHR6bHqLOIQS2hhslIlm03mVjECgYEA1tUO
   sHSDCJ3AjLQeCU0iVn4aDMrA8HlJ4NBJqFnl2sSCZT7nxvs3YIfkTQ35hg6Zz12A
   6gF9hcHk87mHDB579qVBHRauAO5czTy1CAGF6e3gzMy1oz4eaFqoV9NMZfkSuaok
   egBl4k73C8P9Y/o7L9v6aJZ/hrgaEX8P0j4DeTkCgYEAwNFfocp9dkvWu8jIKXqt
   YUfTVA4j2yhzu0ZXXNKTP23kNJfcfyAG3W9a92TIbWavj8D6W/rfQOvzwDh9RAF+
   tmcCiEYZ1QDhl7+oiQMT4G24csATjh4L3sqLcIreTMgWU5j/x3W/dhRcQmb1/lEg
   4IvWRPUvwc+QQ6srxDwgTOECgYBK0i9og1uzn4WVO5IOeT/RUd/uvprN5eA2HTTa
   Hl0wgSpM6si8g3f49bssnwZdiy5Ei3M/jL9T24DK5b3EGcXg1BNGd0So7FuD23XN
   UQJ7w658hXtpXFQo0hI5bEz6YvIDmd9UYlkZpZjjDyJsNJVyiLHAxVGq8OmbWF6B
   Qbnh+QKBgQCF4xV6Ha7dSRZoU6iPYp2t6y4JRCXf9H1kIJVrFzPv0sfysdwflbJS
   XAn+206ShYN6OBPt6f9As6oggw+xzKiiAxHdlhsipuUlQRIUGMIxJ1DQcXtsLp7L
   8YeoLWCvYknXw/k5TT3uzrZ6I5GsqzNSzh0jsay91zp/4qrdcnr7fg==
   -----END RSA PRIVATE KEY-----


Appendix C.  Message Dumps

   This section contains a base64 encoded gzipped, compressed tar file
   of various CMS messages used in this document.  Saving the data in a
   file foo.tgz.b64 then running a command like "openssl base64 -d -in
   foo.tgz.b64 | tar xfz -" would recover the CMS messages and allow
   them to be used as test vectors.

   -- BEGIN MESSAGE ARCHIVE --
   H4sIALBi/0kCA+xcaUATV9cmYV/CIoriGilisQRmJplJAEHBhEVJEAjQpFqZ
   JBMSyGYSBIOoRaUW14ILWkVcEVRk0brgjhuyVdzB7QUtiFvFutRafYdqK0UU
   v764ftw/Se7MPXMyufc8z3nOnQjlGopGLpVjFLkm2lWEavU6vwF4Q2i0P1/p
   CPyPV7xBMIDogSBIpyMICCGAHgBSIQjSIwN676DFabSomkzWE6ilqOI153V0
   /CNtbFZYmI8/i6yRqjxi4+TSWOVwLAGVq2SYqwLTksMCR7tBrgDJLEKKevz1
   yY07YjQZAhiudLoryGC4ggjiAcIAAHoK1KhCKPHSuUv8aYJRFBGDDtN0FJrY
   HUJpCAOgoxCMAQAFpFD+OuapVinVWi+YBgMgyYyNJlD8lOp4VC3SeJDp+HVH
   KBVaVKj1IA9t8VAsixOLJ/7toVAp9yaZcZXPj77sP37UT62Uv3q0pxaN9hKg
   EN0dAmD8aqhMRglkepDZkJ+MA42UsuWcWH4MX86Rh9PYkSEAJ5Kn48gDwWCu
   JIbHlcXwI8Nd8WFh2HgPMkh+fjNJZj5CIabCnZbHybRSFarWummk0QpM5ELW



Jennings, et al.        Expires November 5, 2009               [Page 56]

Internet-Draft            SIP Secure Call Flows                 May 2009


   YglaN5UMlSpcyKhKJZMKUa1UqXBTxQo1dErLQvxnv0akcmllBpVpMbUCPzQB
   e3ZvMIWWwp2owl6+lqdAGacQoeqJXgIaAoEQTSxGhAiKgiJPOW5dFu2lkaCg
   p0qt1CqFSpmXw8vutBhCtXFqzOHFxYIwRbRWgv84CINkRjKjUNpab+vXi2/c
   6gg+TzRiTE1hKYRKkVQR7UEWSBW4ry0mJZhMpnwTy69x2FOByjGvPwObq4qu
   eTGSKdWolBppyxjcgBafWxI53u8pQRUiGe6IlxobHydV47dPLJVhr7LyWv+B
   ZMIJI9MhKQEpD0gEY2JWMuEg3rWPSCCApoCxkeEXlvrE3oD5i1MIYDJhJX7K
   cvwUYBKgAs0BUyP9cAMjW2J4GGgL2LR8MLH9c3pKxUq1QoqCNoBVS6+xrUkY
   qiCPVGow0BKwaOkimdka4rNdqgWdgcEtHea25LCWz2QuptGSR2BqrVTcctsw
   sk+cVqJUS7UTiSaEUAKXMF/P/4WDpL8dJBAM9QySCXoFJnq5PTby5L3FYnR4
   dnHB6UnQ2UpeRv086QLTtc0HacpAdoToyfWcpvFjmVss4vdb7v3Dt2f99FWT
   v7aVrXv4RY7jsD153UMsSd5L05fahQ7a8HnuoTk9ri9y3vfDuVBvxlnjFIrD
   5yvEVtpLBUJzJ1KIze1NXIJ8TSl22DuhvrJvAt9nxlaywwpzFd9cMOB2WkSc
   wyCf+V/c62YSZWz6QMP/bgfpTgD3ad9HJeutv5R/mdFrrXmRo+OpylrqYzDu
   2sYeA4jN6y97DOtf7bCd3WRDMjOZkN29T/i8hoa+l+0a+ghOnmwmmU3akO/i
   RzTZdmxIf5Mydt9cU1pu2DjeQq8j317oOSfBgNDerKRQSGYfb/yXYxoNGo1R
   tDINRY1pVG+DAnSA/wAM09riP50GdOH/u2jPIR2Hc4AcPKotzgeF/V9wnirA
   8J+QLgYZIkgMU4Xt4jzN3b0tqre5BE4HQU9tS4T9cwjuRCuQ17SD8n+OeAbl
   AIAhkDuCtMZ9TTvA/+x7PBsDYfhaRhFxK/jnyFkghxkL8nR+cp6crWMzI2KC
   uax4ti5Cxo/hxLK5vjF8f76MreO1B/9tsRJogYUPM0q0Wv9vif13uP5BAITb
   rH+IjnTx/3fN/1+5tF6VBbyt6NBBFvCa9fwmceL9hob3kRm0x8D/Ck1IS2AK
   aGHcAz9mGtPV/mVTKLHYOIrwrapAHes/beM/jdrF/z4d/cfdXUCFIQRxp2Ei
   oQgSvkL/gd+b/uMO0gXudGqrKM9nhsAcLk8XzJXFsiFWQnBkeDyHyYnhRIbE
   c3TRMFvnJ8VjP8iDeB++/gMBQpoQoDEwDBLBMB3pXP2nrfXO0386styl/3Se
   /kMMJzCIenoxr9N/5mOZ2DdP0rqrgjwTCn9mCAbZuk22G9MvdHPijejsw4f7
   z3FxsDu5JPDi+SzUwmR8TGrNF9W5wxqHINZVFeqi895X0ZP09QmZpS47NivP
   pA45qnHWNY35eYftzdObf5I/OjkW7nWdNlOxtepIWoPIHfY/vt2U0++AsLK+
   2mpR9+QdrtduVEUb2U35OWyB/44thazi7kGJ0Wy3HcfMLSInJM+1WkAymxlm
   oZ9Lqf5slH3q/uWZa/OtoCka8/KUhFzniYWVcw5NntRwfNPvyWcTBevjo3L2
   3ns8N/X4rxfWbpuTe/6z/sWV64rXOB7eJu8fcOPosocjFixqPH9sqQtvQ3bD
   jopfgGNJzCcrytublB+3/PMc/59hP6YQqieqtJiokxlAR/hPBaht8Z+OULvw
   /1PBfwgG3YVUmAqDiBAHeugV+I+8L/zHpx0dd8u9Ff4HMzkSPjc6viXbY0M8
   HPN9pRyIR+PpQuUcfxaVw2UBPG6gLpjJfv/4/z9g2htBWkeo22LL81kI0eKn
   eGGKCZhMqcJEFDyOoP+EYvnLTAJGaM9gkwi8wET9rGTiQLyrH5Ggh8NjBg6P
   C/C37xkeY9tBxR1LBIYVrullpovgjYSSxLwVTQ+tbX6tfBRYtGf2uAHcbHbA
   YOa4G5RS1Yn+v9QbE8h7h91MmMVcvjGF/a1nSrz5k7xSlxjf5NmDq5W045ec
   etxpssiQuTTuqluVkk5zBKsK7zhVTRYd+W7o1WW7mxcbL/aqnnfhRPfl4NXT
   6Qeoq5tOrFfMlPdx2mRsYF3EY53TN7hun3bu6Rp75mXfCzuvMWdY9VpyL5lk
   NuC6TH9CaaDRdwrT9FGuzROIdiFjf+hXsi4F7ZUTLqsUyT738nhovCG/dHJW
   KtGXdGBeuvWgvQHOQmP5T32KHgcsC4hSnuzf7da2sqAh4LZyrzyXoKepDoD1
   l1vumKQBk1pRGaCfkWlUSgAB0zcgEA2s2VMLjE83D7U5Pe/Y0rsDKx2mju5t
   PwMY4JNvmqGvl5UUaaz8dpeo1GsUH8gsqRgqU912s1gXHEBnbV9yq1vRwLNr
   V4yN6plE/rpPIXFYvesZQ4+yuTPq0mqnHfV/9Pnvm9lr4SHVXapFp+H/29oB
   0mH+D4Jt6z8wDHfh/6eC/4jAXQBgABWjutOoMI3xCvynvS/8p2E0VIABrfGf
   A+H5P7MF7yUyvjwE5wBsgBcjBDlMkTTYPzQmmBkN85mBENs/8CPY/wEKUSFE
   EwioiFgEIZ2U/9Oh5/s/2ljvxP0fHVj+cPP/M//M/4/iXQdb8v8W5vIsvTbU
   a6sArMZPWvEhKACtXOzSANrVANpOzI9YA2iN/y2r5y8RoDOJQAf4T6XTgTb4
   D9MgsAv/PxX8pzIgEZVBpcFUqhgBQfdX4D/9feG/SCwGaYyWLLRV/s+PZev4
   sXw5X8qLYVHZ/iPlwUwfHUfnKwvmhoPB/myIxw2N5UAfAf7jFBsVwQhVjNMv



Jennings, et al.        Expires November 5, 2009               [Page 57]

Internet-Draft            SIP Secure Call Flows                 May 2009


   OgrCnYL/IP5zPiMAbc2/NcHgbescH7gG8XyLZkA7qAwf+fWunf7iolqT33bf
   +M3mMsmMWJq1yFxceWrGcrA++fvMXUn2vwaUk6423Zi1bJZSQ1hTviA7ZQHR
   z/qEOYfXr3749ebynwaRGx+K+CZxt47kHNk3tts1sfuc/DpReZJ0tsBogrKX
   /pHEeuMV3ap3Hrc/W1xcl5MyNbO7d1NfBskzqKrwP18pz1FjMwqP3mf1+p1l
   cf7UkkVFk6Y5zNgYWsuoxeBuRdnCb/JPZUaft6yLzbr5aOylLZZ6WQ369bd5
   Fm70y7yB40VhUc3f6G+NThziWzNqi8W8pU8Jy4hbsz17RE4uyrD2KfHOmXa9
   QhNx3+hpzgETZ+6BhbsdOCPdM7dYPcm1P7528es0CMv9q7pbo1eCg0hmK+8M
   oZ9kTx3d7LxuZ5PbBpLZUm3tmUHdDmptfI2f3FynnFq3cN79rx29S8LmRsXZ
   OwXf2RAer3cs07WQZLZho++hgtnsIUDfA8WTB91fILFZPogyPtLWp2DD3OV+
   ef9uIXTx1U7YsfxavnrNYNG+dIt+f2Tb7ZvNX7NaYr4/WpJK/V0cdYMQOCLZ
   5Pb1QxO/th14L0oOVfdlXZvts/kQsVK01KJH0sO1ptw0sM96ydVEDdND3GvD
   4cwpU+42263/Y+uN0tvf/0GzmeF0vW7wWL1Ncb5ztwSNGSCg7bE4H5S2obnW
   MnlNGcMiNhX9yu3uz+mqp+xGx+PKCysFKxT9HbO652EZ8YKly4jkCu8xA84+
   bazt1zD9yco4+cVovyPNTuI9v9RZFRndWZqxsMeY2gYkXStMqDGoWLzXyTQ9
   43ZK5IW7zPBx6xiOe2JvbLuR22fZsUt2jVe7n2BXpSX1NMn2v6zHPMyAva+p
   rWZM8SsaMelue/OyNV19u5WfN63/tN3/QUVoSBf/+1T4Hyiki0Q0AIXFYjGN
   hlBfwf+g98X/YBQE8MtjrfgfjxtLDWYGxnMgPymPGx7P9ufLeVw2yGaOlLJ1
   PCiYKZzI07FobP+u+s//h/rPa7iXImBVgrGHv+m+SGUZIdeywdulT8K8WPMD
   J5t3+8z1LltYAS9z5c1qvArzlJaPPYvXuIpJEgXL4Nioq857sDshK+uHT1s4
   aV5+TkQV7eTFg8I9TuH9IkPqUmYPSSqg2259OGf70DvTQYvIQsf66vsLxq6a
   6srahiyS3V49/7O5y4tGk8yUtQ3+3CbK14y4+DLDW6zxPxYvTN/MA3cVWT94
   ot4xwyFk6rrJ969m+kEuqcU3o47eT6RkVo3LPDdQYrJHL2Rwdh9uWBVryJeo
   cKh9XEq0QYlhvDze3nONHcToO9EwcbxNYoRjnGPsg7jjqTV52z1S2CDJrE/1
   1JmiUNuaJ+kXcksvV5e9jnw1XqEJ8yQP9gsOZSYqBzlsnjraJ+jJozVbVL0F
   Kbv2X5y/QJpEMqu2ustJUqrddNmjtozkle4ru7sp7TQoXmBZFEgQntrJz3O+
   WZr6bZPe41GLBdyI72sTRv+4adv2sfdtfIbuI1/oqgD9D+3vyg8lXoJqKdFK
   LeVZqOpEJtDR8z8gQHtJ/6F26T/vpHWGVt+1ij6B9f/Wnv55k/ov1Pb5HzxR
   6Vr/n4z+i4hhPKQjiJiK0sXwq/Z/A++L/2MMoRAUwMLW9d+YiBheDCeGowvR
   cbh8GU8nimFH4nkA1NIvjA/mRsSwodBY/oew/6sj/RcVUkExCkMoCEIAFRB3
   bv23rfXOq/92ZLlLT3v3elrXfwC0NzM/3gLw2638vmH9F6G/9PwX2PX81yeD
   /0JIRKeKEQTGQJjOoL1q/zf1vel/GE0kosL/+P8fZgjE94+I5UeG0Hi6kRI+
   ly/hM0NxPsAC2MyRsRxdLMjxD0zgcEM+fPzHACEioFOFmEhIo7kj9E6u/7Y1
   31X/fecaZOqB5s/yT9pYXmdEefgv6U5NIPT+rVvm4vRTksLtnKoJPW5XIJZr
   tyPj/mOYwHpg2E0eTjJbOToo50F9gRR7yFj/wG2l1qqH0vnHMdqBgQPjja/g
   KzGHCPRguc3LM3ENPFcYr2n0MeFQ8vNvuQVuizujuhz1eHVpIONo0cTxfhkl
   Pck5tg236pfk1g0oKdEVqYbX3B1uLl1y/voY65yn68XHI4p37JheJtcftqhc
   zk+bpfdZ2awnv++1d5pSKi1Pz+BfuXgi/6LC0nlZo+GZYK+sBwcK51o+Narx
   M7/pOX3vzJ7LhteEYoKc4nu6huMJ0uXoqYCwCJJZ8YW7cIkBad9uJ5/9VzLt
   V416nQiZWWJD3X/P1/TorOpSLpTgN3X0d1/VTY+6yvpCW44Gr7qiTz9xeFro
   6qrSxiNzNt9F3CP2zkuqf4iNUKDYjK8EG/d6XFhyZNa2ndnDFqNDC+ous3b1
   HBGi/6vP7PAG4rjyvHvE2LP/bh100dW3TVedS9KXjz+UHjp1lNUh8ZGKXm7s
   LOP/OFf+5lqZZleRVMDiyw/w54eUkMWPJ/xy6UTeoUr2paOkM98WSW9+s3N8
   05Z99fdWrznmiqx2pqfQS36cn90UMzj08LINBS6JUdZO16gjpu00ypcYOs1c
   JenNuZps99UVvaRepiNtTSlb76zb5x7lTIQcnU/Tw4N8a5KuZTw8/KSR0Ddi
   1qba6sKD5KzytN0/rLAszRyzl1PT79wV4vmayHW8G99VbBKfWK2b+duqmlOZ
   vwdvSjonlcAFGdYi335ejpGH/tu+HeIgCAAAFD2BzRNYMDgDVA7gTMwTGMkw
   A4PNLM1Cc17A4Akg6AV0o5tM2onO7gXc3jvDr79bXM7PeB8Hq+m9nZ2KIpxf
   D1Wd5+lr/ZiMkm0WNbvhWL5vy03Zj391+efHIgAAAAAAAAAAAF8f+pPqBgB4



Jennings, et al.        Expires November 5, 2009               [Page 58]

Internet-Draft            SIP Secure Call Flows                 May 2009


   AAA=
   -- END MESSAGE ARCHIVE --


Authors' Addresses

   Cullen Jennings
   Cisco Systems
   170 West Tasman Drive
   Mailstop SJC-21/2
   San Jose, CA  95134
   USA

   Phone: +1 408 421 9990
   Email: fluffy@cisco.com


   Kumiko Ono
   NTT Corporation
   Musashino-shi, Tokyo  180-8585
   Japan

   Phone: +81 422 59 4508
   Email: ono.kumiko@lab.ntt.co.jp


   Robert Sparks
   Tekelec
   17210 Campbell Road
   Suite 250
   Dallas, TX  75252
   USA

   Email: rjsparks@estacado.net


   Brian Hibbard (editor)
   Tekelec
   17210 Campbell Road
   Suite 250
   Dallas, TX  75252
   USA

   Email: brian@estacado.net







Jennings, et al.        Expires November 5, 2009               [Page 59]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/