Mechanism Callee Bob@b.com Caller Alice@a.com b.com Callee with address Bob@b.com publishes public certificate at b.com Does with HTTPS PUT with Digest authentication Caller wants to call bob@b.com and gets the certificate from b.com Done with HTTPS GET. Caller encrypts stuff for Callee Uses S/MIME in SIP Callee fetches caller certificate (from a.com) to verify Caller certificate Uses HTTPS GET a.com |