[cifs-protocol] [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759
Jeff McCashland (He/him)
jeffm at microsoft.com
Thu Nov 10 22:58:13 UTC 2022
Hi Andrew,
AES256-CTS-HMAC-SHA1-96-SK is a temporary value we have added as part of the security update to indicate that if an insecure encryption algorithm is used, you must always use a secure algorithm for session keys instead.
I will file a request to update [MS-KILE] with a description of the encryption type.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=02%7C01%7Cjeffm%40microsoft.com%7C92c4c7bb8c6d4412e78108d80d79f45f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637274164726698458&sdata=KtEL7V58Q7rscYvr9cPik%2FmYKZIv0rh3E3kBdGywwwI%3D&reserved=0> | Extension 1138300
From: Jeff McCashland (He/him)
Sent: Thursday, November 10, 2022 8:53 AM
To: Andrew Bartlett <abartlet at samba.org>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759
[Michael to BCC]
Hi Andrew,
I will research the algorithm and let you know what I learn.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=02%7C01%7Cjeffm%40microsoft.com%7C92c4c7bb8c6d4412e78108d80d79f45f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637274164726698458&sdata=KtEL7V58Q7rscYvr9cPik%2FmYKZIv0rh3E3kBdGywwwI%3D&reserved=0> | Extension 1138300
From: Michael Bowen <Mike.Bowen at microsoft.com<mailto:Mike.Bowen at microsoft.com>>
Sent: Wednesday, November 9, 2022 9:38 PM
To: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>; Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: RE: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759
[DocHelp to bcc, Support mail to cc]
Hi Andrew,
Thanks for your inquiry. I've created case number 2211100040001759 to track this issue. In your correspondence, please leave the case number in the subject line and use reply all. One of our engineers will contact you soon
Best regards,
Mike Bowen
Escalation Engineer - Microsoft Open Specifications
From: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Sent: Wednesday, November 9, 2022 3:03 PM
To: Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Subject: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK
Kia Ora Dochelp!
In the errata to MS-KILE I see references to AES256-CTS-HMAC-SHA1-96-SK however I can't find any public references to this constant, nor further documentation on what it is used for.
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c982f6c4-2f70-4dc7-b252-09092e9f1eed<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc982f6c4-2f70-4dc7-b252-09092e9f1eed&data=05%7C01%7Cjeffm%40microsoft.com%7Ce730ecff3dae4229990608dac2ddba4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638036554828914535%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=I5NN%2Bk%2B5%2B5TAyRKTymanQ26bBFimUemQanM%2FErf66tg%3D&reserved=0>
Can you explain what this encryption type is and where to learn more about it?
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F~abartlet%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Ce730ecff3dae4229990608dac2ddba4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638036554828914535%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PQHWYGfmzBNHKlLmeHW7nIV67tsABq69gOHF%2FSDbYvU%3D&reserved=0>
Samba Team Member (since 2001) https://samba.org<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Ce730ecff3dae4229990608dac2ddba4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638036554828914535%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ccL22TE7f3wdDBzolleaJJTQHCwKg3hgCX%2Fz1qUAB24%3D&reserved=0>
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=05%7C01%7Cjeffm%40microsoft.com%7Ce730ecff3dae4229990608dac2ddba4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638036554828914535%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FjbmDKW9kq491brr37q7r198MnONqcDA6K4mqULxz%2BA%3D&reserved=0>
Samba Development and Support, Catalyst IT - Expert Open Source Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20221110/90ec4807/attachment.htm>
More information about the cifs-protocol
mailing list