In [MS-WCCE], §3.2.1.4.3.2.15.1 several statements are incorrect:
2.a. For the Subject of the exchange certificate, a common name attribute is used with a value the same as the value of the common name attribute in the subject information of the CA signing certificate (Signing_Cert_Certificate datum) and appending "-Xchg" to the value. The Issuer field is filled with the same value as the Subject field.
The last sentence is incorrect, it should be: The Issuer field is filled with the same value as the Subject field of the CA signing certificate.
2.g. If the CA signing certificate contains an Authority Key Identifier extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1
AKI extension is not copied from signing certificate. Instead, an SKI (subject key identifier) value is placed in AKI extension of CA Exchange certificate. The correct statement would be:
If the CA signing certificate contains a Subject Key Identifier extension, add this extension value (Signing_Cert_Certificate datum) to the Authority Key Identifier extension of CA Exchange certificate. Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1
or something like that.
2.h. If the CA signing certificate contains a Subject Key Identifier extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Subject Key Identifier extension is specified in [RFC3280] section 4.2.1.2.
Subject Key Identifier value is not copied from anywhere, it is a calculated SHA1 hash over subject's public key (which is not the same as CA key).
2.i. If the CA signing certificate contains an Authority Information Access extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Authority Information Access extension is specified in [RFC3280] section 4.2.2.1.
2.j. If the CA signing certificate contains a CRL Distribution Point extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). CRL Distribution Point extension is specified in [RFC3280] section 4.2.1.14.
AIA and CDP extensions are not copied from CA certificate, instead it is constructed using CA configuration, specifically AIA and CDP extension configuration.
2.m. The value for the Signature Algorithm field is the name of the CA signing algorithm. The Signature Algorithm field is specified in [RFC3280] section 4.1.1.2.
as above, signature algorithm is determined by CA configuration, which may differ from what is used in CA certificate itself.