E2E Mechanism Callee bob@b.com Caller alice@a.com b.com Callee with address bob@b.com publishes public certificate at b.com (or retrieves certificate + private key) Does with SIP Publish over TLS with Digest authentication Caller wants to call bob@b.com and gets the certificate from b.com Done with SIP Subscribe with Identity Caller encrypts stuff for Callee Uses S/MIME in SIP Callee fetches caller certificate (from a.com) to verify Caller certificate Use SIP Subscribe with Identity a.com |