3.2.5.1.2 Message Signing

If a message is received and Client.Connection.IsSigningActive is TRUE for the connection, the signature MUST be verified, as specified in section 3.1.5.1, unless the message is an OpLock Break Notification. OpLock Break Notification messages are exempt from signing.

The client is responsible for providing the expected sequence number for signature verification. The sequence number for the incoming response is determined by what was stored in the Client.Connection.ClientResponseSequenceNumber table. The client MUST look up the expected sequence number in that table based on the PID and MID of the response. The client uses Client.Connection.ClientResponseSequenceNumber [PID, MID] as the sequence number in signature verification, as specified in section 3.1.5.1. If signature verification fails, the message MUST be discarded and not processed. The client SHOULD choose to disconnect the underlying connection and tear down all state associated with this connection.<209>