IETF RFC 5922
Domain Certificates in the Session Initiation Protocol (SIP)
|Publication Date:||1 June 2010|
RFC 5246  Transport Layer Security (TLS) is available in an increasing number of Session Initiation Protocol (SIP) RFC 3261  implementations. In order to use the authentication capabilities of TLS, certificates as defined by the Internet X.509 Public Key Infrastructure, see RFC 5280 , are required.
Existing SIP specifications do not sufficiently specify how to use certificates for domain (as opposed to host) authentication. This document provides guidance to ensure interoperability and uniform conventions for the construction and interpretation of certificates used to identify their holders as being authoritative for the domain.
The discussion in this document is pertinent to an X.509 PKIXcompliant certificate used for a TLS connection; this document does not define use of such certificates for any other purpose (such as Secure/Multipurpose Internet Mail Extensions (S/MIME)).