[cifs-protocol] [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag - TrackingID#2107090040004014
jeffm at microsoft.com
Fri Jul 9 16:55:02 UTC 2021
[DocHelp to BCC, support on CC, SR ID on Subject]
Thank you for submitting your question. We have created SR 2107090040004014 to track this issue. One of our engineers will respond soon.
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback. My manager is Natesha Morrison (namorri), +1 (704) 430-4292
From: Isaac Boukris <iboukris at gmail.com>
Sent: Friday, July 9, 2021 8:13 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org; Greg Hudson <ghudson at mit.edu>
Subject: [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag
I noticed this article  about CVE-2020-16996 where a new flag is introduced 'NonForwardableDelegation' in constrained-delegation protocol but couldn't find any update to MS-SFU on how this flag affects the protocol behavior. Can you please update the documentation and elaborate on this statement: "When this protection if enabled, it unifies the logic for Resource-Based Constrained Delegation (RBCD) with the original constrained delegation."
More information about the cifs-protocol