[cifs-protocol] [EXTERNAL] [MS-GKDI] GetKey — Group Keys and Seed Keys - TrackingID#2311210040001551
Jeff McCashland (He/him)
jeffm at microsoft.com
Tue Nov 21 05:06:46 UTC 2023
[DocHelp to BCC, support on CC, SR ID on Subject]
Hi Joseph,
Thank you for your question. We have created SR 2311210040001551 to track this issue. One of our engineers will respond soon.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
-----Original Message-----
From: Joseph Sutton <jsutton at samba.org>
Sent: Monday, November 20, 2023 7:50 PM
To: cifs-protocol at lists.samba.org; Interoperability Documentation Help <dochelp at microsoft.com>
Subject: [EXTERNAL] [MS-GKDI] GetKey — Group Keys and Seed Keys
Hi dochelp,
The documentation for GetKey ([MS-GKDI] 3.1.4.1) states that, in general, there are four types of GetKey request: two requesting the latest group key, and two requesting a specific seed key. If L0KeyID, L1KeyID, and L2KeyID are all equal to −1, the caller has requested a group key, and if they are all greater than −1, a seed key.
Further on, the documentation states:
“6. If the client is only authorized to access public keys […] compute the public key corresponding to the SK […] Return the result in the ppbOut parameter of the GetKey method […] and then exit.
“7. If the client is authorized to access seed keys […] then:
[directions follow for returning a seed key].”
Steps 6 and 7, taken literally, seem to imply that whether to return a seed key depends only on the client’s access privileges. But that would be contrary to the earlier passage which leaves the choice up to the client — although still restricted by their privileges.
Which reading is the correct one?
Regards,
Joseph
More information about the cifs-protocol
mailing list