11.2 Verifying procedure

Perform the following procedure to validate the message for the peer node:

Verify the "DESS Digital Signature". The DESS (Diameter End-to-End Security) signature uses the public key or certificate belonging to the specific peer node's FQDN (Fully Qualified Domain Name) as provided in the DESS Signing-Identity AVP.

1. Verify if the signature is valid.
2. Verify if the timestamp is valid.
3. If the signature is added by a preceding IPX provider, confirm if IPX provider that signed the message is expected on the path between the sending and receiving service providers.
4. Delete "DESS Signature" AVP (Attribute Value Pair) and its nested AVPs.

Error scenarios

If signature validation fails for the peer node, select one of the following options from the Action on Verification Failure dropdown menu:

1. "Send Error": DSR return a Diameter answer message with result code 5012: UNABLE_TO_COMPLY.
2. "Silently Discard Error": The system discards the received message without any further action.