[cifs-protocol] [REG:115021012380586] Timer events in MS-BKRP - when should we roll over keys?
Andrew Bartlett
abartlet at samba.org
Thu Mar 19 15:30:10 MDT 2015
On Thu, 2015-03-19 at 21:19 +0000, Edgar Olougouna wrote:
> Andrew,
> MS-BKRP will be updated to reflect the following.
> The current (preferred) key is rolled over 90 days from creation, this
> is non configurable in Windows. When a new key is created, the
> expiration date of 90 days is calculated and saved with the associated
> key guid. Expiration is detected when the key is used (attempted to be
> used) for encryption. If the key has expired, key roll over should
> occur and encryption creates and uses a new key. Expired keys remain
> available for decryption only. Encryption only uses the preferred
> key.
Thanks.
How specifically is the expiration date stored?
> Thanks again for helping us improve the specs.
My pleasure,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list