3.1.5 Processing Events and Sequencing Rules

If a shared secret is configured for the failover relationship, then when any DHCP Failover packet is received, the message digest option is verified. If the option is not present or if the option value does not match the hash value obtained from the cryptographic hash function of the text by using the shared secret configured on the server, the packet MUST be dropped, and the TCP connection between the failover partners MUST be closed. 

When any DHCP Failover packet is received, the time at which it was received SHOULD be compared with the value of the Time option in the message header. If the value is greater than the maximum allowed delta time<9> difference between the two failover partners, the TCP connection between the failover partners MUST be closed.