Sun Microsystems Merit Network Baltimore Technologies The DIAMETER base protocol defines message integrity and AVP encryption using symmetric transforms to secure the communication between two DIAMETER nodes. The base protocol also defines a DIAMETER proxy server, that forwards requests to other servers when it detects that a given request cannot be satisfied locally. The ROAMOPS Working Group has defined a requirement that allows for the DIAMETER servers communicating through the proxy to be able to provide for end-to-end AVP integrity and confidentiality, making it difficult for the proxy to be able to modify, and/or be able to view sensitive information, within the message. The Mobile-IP and NASREQ Working Groups have stated that strong authentication is a requirement for AAA data, such as accounting records, for the purposes of non-repudiation. This DIAMETER extension specifies how strong AVP authentication, integrity and encryption can be done using asymmetric transforms, by encapsulating Cryptographic Message Syntax (CMS) data into DIAMETER AVPs. The CMS data can also be used to carry X.509 certificates.