[cifs-protocol] [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag - TrackingID#2107090040004014

[Jeff McCashland]

[DocHelp to BCC, support on CC, SR ID on Subject]

Hello Isaac,

Thank you for submitting your question. We have created SR 2107090040004014 to track this issue. One of our engineers will respond soon. 

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Natesha Morrison (namorri), +1 (704) 430-4292

-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com> 
Sent: Friday, July 9, 2021 8:13 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org; Greg Hudson <ghudson at mit.edu>
Subject: [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag

Hello dochelp!

I noticed this article [1] about CVE-2020-16996 where a new flag is introduced 'NonForwardableDelegation' in constrained-delegation protocol but couldn't find any update to MS-SFU on how this flag affects the protocol behavior. Can you please update the documentation and elaborate on this statement: "When this protection if enabled, it unifies the logic for Resource-Based Constrained Delegation (RBCD) with the original constrained delegation."

[1] https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fmanaging-deployment-of-rbcd-protected-user-changes-for-cve-2020-16996-9a59a49f-20b9-a292-f205-da9da0ff24d3&data=04%7C01%7Cjeffm%40microsoft.com%7C78798c5e463d42f8d0eb08d942ec1794%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637614404046710382%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qZNGmlejUqO2Le%2BEXozst%2BCd%2FkXo3s8tru%2FcExjUoKA%3D&reserved=0

Thanks!