[MS-WCCE] Incorrect CA Exchange certificate algorithm definition

Question

In [MS-WCCE], §3.2.1.4.3.2.15.1 several statements are incorrect:

2.a. For the Subject of the exchange certificate, a common name attribute is used with a value the same as the value of the common name attribute in the subject information of the CA signing certificate (Signing_Cert_Certificate datum) and appending "-Xchg" to the value. The Issuer field is filled with the same value as the Subject field.

The last sentence is incorrect, it should be: The Issuer field is filled with the same value as the Subject field of the CA signing certificate.

2.g. If the CA signing certificate contains an Authority Key Identifier extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1

AKI extension is not copied from signing certificate. Instead, an SKI (subject key identifier) value is placed in AKI extension of CA Exchange certificate. The correct statement would be:

If the CA signing certificate contains a Subject Key Identifier extension, add this extension value (Signing_Cert_Certificate datum) to the Authority Key Identifier extension of CA Exchange certificate. Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1

or something like that.

2.h. If the CA signing certificate contains a Subject Key Identifier extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Subject Key Identifier extension is specified in [RFC3280] section 4.2.1.2.

Subject Key Identifier value is not copied from anywhere, it is a calculated SHA1 hash over subject's public key (which is not the same as CA key).

2.i. If the CA signing certificate contains an Authority Information Access extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Authority Information Access extension is specified in [RFC3280] section 4.2.2.1.

2.j. If the CA signing certificate contains a CRL Distribution Point extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). CRL Distribution Point extension is specified in [RFC3280] section 4.2.1.14.

AIA and CDP extensions are not copied from CA certificate, instead it is constructed using CA configuration, specifically AIA and CDP extension configuration.

2.m. The value for the Signature Algorithm field is the name of the CA signing algorithm. The Signature Algorithm field is specified in [RFC3280] section 4.1.1.2.

as above, signature algorithm is determined by CA configuration, which may differ from what is used in CA certificate itself.

Answer 1

We have updated [MS-WCCE] for the next release of the document:

3.2.1.4.3.2.15.1 Creating a CA Exchange Certificate

2. If an exchange certificate wasn't created in previous steps, create it by adding the following fields and extensions:
3. For the Subject of the exchange certificate, a common name attribute is used with a value the same as the value of the common name attribute in the subject information of the CA signing certificate (Signing_Cert_Certificate datum) and appending "-Xchg" to the value. The Issuer field is filled with the same value as the Subject field of the CA signing certificate (Signing-_Cert_Certificate datum).
4. The Authority Key Identifier extension is added with the same value as the Subject Key Identifier extension in the CA signing certificate (Signing_Cert_Certificate datum). If the Subject Key Identifier extension is not found in the CA signing certificate (Signing_Cert_Certificate datum), then the SHA1 hash of the public key of CA signing certificate (Signing_Cert_Certificate datum) is used as the value for the Authority Key Identifier extension. The Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1.
5. The Subject Key Identifier extension is added with the same value as the SHA1 hash of the public key associated with the exchange certificate. The Subject Key Identifier extension is specified in [RFC3280] section 4.2.1.2.
6. The Authority Information Access extension is added with the same value the CA returns when ICertRequestD2::GetCAProperty is called for PropID of CR_PROP_CERTAIAURLS and propIndex of 0xFFFFFFFF. See section 3.2.1.4.3.2.42 for details on how this value is computed. The Authority Information Access extension is specified in [RFC3280] section 4.2.2.1.
7. The CRL Distribution Point extension is added with the same value the CA returns when ICertRequestD2::GetCAProperty is called for PropID of CR_PROP_CERTCDPURLS and propIndex of 0xFFFFFFFF. See section 3.2.1.4.3.2.43 for details on how this value is computed. The CRL Distribution Point extension is specified in [RFC3280] section 4.2.1.14.

We're still working on item 13.

Best Regards,
Jeff McCashland
Microsoft Open Specifications

Answer 2

Hi Crypt32,

I have been able to confirm all of your comments except for 1.

It appears to me that the AIK is constructed from the Issuer's KeyID, Name, and SerialNumber, rather than being copied from anywhere.

I have filed a request to update the documentation, and will follow up with it.

Thanks,
Jeff McCashland
Microsoft Open Specifications

Answer 3

Hi Crypt32,

We're continuing to dig into the code to understand the last few items. You can use the title of this thread as your subject, or whatever makes sense to you.

Thanks,
Jeff McCashland
Microsoft Open Specifications