[cifs-protocol] [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag - TrackingID#2107090040004014

Obaid Farooqi obaidf at microsoft.com
Mon Jul 12 18:17:30 UTC 2021

Hi Isaac:
I'll help you with this issue and will be in touch as soon as I have an answer.

Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Jeff McCashland <jeffm at microsoft.com> 
Sent: Friday, July 9, 2021 11:55 AM
To: Isaac Boukris <iboukris at gmail.com>; cifs-protocol at lists.samba.org; Greg Hudson <ghudson at mit.edu>
Cc: Jeff McCashland <jeffm at microsoftsupport.com>
Subject: RE: [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag - TrackingID#2107090040004014

[DocHelp to BCC, support on CC, SR ID on Subject]

Hello Isaac,

Thank you for submitting your question. We have created SR 2107090040004014 to track this issue. One of our engineers will respond soon.

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=04%7C01%7Cobaidf%40microsoft.com%7C856b47940629440c480708d942fa53dc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637614465200782810%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=h%2BRPRP60tr6LNAGuAevj75bVVelVtgKO7r7S7SkeX4I%3D&reserved=0 | Extension 1138300 We value your feedback.  My manager is Natesha Morrison (namorri), +1 (704) 430-4292

-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com>
Sent: Friday, July 9, 2021 8:13 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org; Greg Hudson <ghudson at mit.edu>
Subject: [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag

Hello dochelp!

I noticed this article [1] about CVE-2020-16996 where a new flag is introduced 'NonForwardableDelegation' in constrained-delegation protocol but couldn't find any update to MS-SFU on how this flag affects the protocol behavior. Can you please update the documentation and elaborate on this statement: "When this protection if enabled, it unifies the logic for Resource-Based Constrained Delegation (RBCD) with the original constrained delegation."

[1] https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fmanaging-deployment-of-rbcd-protected-user-changes-for-cve-2020-16996-9a59a49f-20b9-a292-f205-da9da0ff24d3&data=04%7C01%7Cobaidf%40microsoft.com%7C856b47940629440c480708d942fa53dc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637614465200782810%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q6BsbuCuD%2FsTJkw3bHuDA5xxNwrFLx7PiDwwSimIBKE%3D&reserved=0


More information about the cifs-protocol mailing list