[cifs-protocol] [REG:115021012380586] Timer events in MS-BKRP - when should we roll over keys?

Edgar Olougouna edgaro at microsoft.com
Tue Feb 10 15:04:34 MST 2015

I will take a look and follow-up. 
Considering that NotBefore/NotAfter properties specify the date range within which the certificate is valid, are you asking whether this is any renewal upon/after expiry? I need to look at how the certificate is generated at the first place, perhaps the protocol has some error condition that would trigger refreshing the certificate, unless this is outside the protocol I will find out. 
I am trying to get a good scope of what you mean by "roll over keys".


-----Original Message-----
From: Vilmos Foltenyi 
Sent: Tuesday, February 10, 2015 12:11 AM
To: Andrew Bartlett
Cc: cifs-protocol at lists.samba.org; MSSolve Case Email
Subject: [REG:115021012380586] Timer events in MS-BKRP - when should we roll over keys?

[dochelp to Bcc, SR # to Subject]

Hi Andrew,

Thank you for your question. I created the case SR 115021012380586 to track this issue with the Protocol Documentation support team. An engineer from our team will contact you soon via e-mail to begin working with you.

Vilmos Foltenyi - MSFT

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Monday, February 9, 2015 19:50
To: Interoperability Documentation Help
Cc: cifs-protocol at lists.samba.org
Subject: Timer events in MS-BKRP - when should we roll over keys?

MS-BKRP has no timer events in MS-BKRP 3.1.4, but I wonder:  When does windows roll over these keys, and what policy or other configuration is used to control this?

I'm assuming the ClientWrap certificate needs to be rolled over one a year, as it has a 365 day lifetime.


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list