11.2 Verifying procedure

Perform the following procedure to verify message for the peer node:

Verify "DESS Digital Signature". The DESS signature will use the public key or certificate belonging to the specific peer nodes FQDN provided in the DESS Signing-Identity AVP.

1. Verify if the signature is valid.
2. Verify if the timestamp is valid (to counter replay attacks).
3. If the signature is added by a preceding IPX provider, verify if IPX provider that signed the message is expected on the path between sending and receiving service provider.
4. Delete "DESS Signature" AVP and its nested AVPs.

Error scenarios

If the signature verification fails for the peer node, select any of the following options from the dropdown menu of Action on Verification Failure:

1. "Send Error": DSR will return Diameter answer message with result code 5012: UNABLE_TO_COMPLY.
2. "Silently Discard Error": The system will silently drop the received message without taking any further action.