[MS-WCCE] §3.2.1.4.3.2.10 ICertRequest2D::GetCAProperty(CR_PROP_CATYPE) incomplete

Vadims Podāns 9,111 Reputation points MVP
2021-04-10T09:04:14.347+00:00

Documentation says:

If the CA signing certificate that is stored in the Signing_Cert_Certificate column is a root certificate, the CA MUST return 0x00000003. Otherwise, the CA MUST return 0x00000004.

it is incomplete, because it doesn't include Enterprise CA scenario which is defined in CAINFO structure ([MS-WCCE] §2.2.2.3). Proper description would be:

If the CA signing certificate that is stored in the Signing_Cert_Certificate column is a root certificate, the CA MUST return 0x00000000 or 0x00000003. Otherwise, the CA MUST return 0x00000001 or 0x00000004.

Windows Open Specifications
Windows Open Specifications
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Open Specifications: Technical documents for protocols, computer languages, standards support, and data portability. The goal with Open Specifications is to help developers open new opportunities to interoperate with Windows, SQL, Office, and SharePoint.
39 questions
Accepted answer
  1. Sreekanth Nadendla 401 Reputation points Microsoft Employee
    2021-07-16T18:33:58.443+00:00

    Hi Crypt32, the updated specification has the fix for this issue. Please review the latest version from the following location and let us know if you have any follow up questions.

    https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/446a0fca-7f27-4436-965d-191635518466

    Regards,
    Sreekanth Nadendla-MSFT

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sreekanth Nadendla 401 Reputation points Microsoft Employee
    2021-04-28T15:19:01.36+00:00

    Hi Crypt32, I am working with our team to get this issue fixed in our specification.

    Regards,
    Sreekanth Nadendla-MSFT