3.2.3 Initialization

Certificate revocation within the Windows Media DRM ecosystem is handled by means of certificate revocation lists (CRLs). CRLs flow from a public Microsoft server, the "enrollment server", to the license server, and then to the client. Each CRL is identified by a GUID or text string and contains a version number and a list of hashes of revoked certificates. A revocation version information list (REV_INFO) contains a list of CRL versions and is itself versioned with a revocation information version (RIV). Hence, each time a new CRL version is released, the current RIV is also increased.

The client application identity is given via CA. This is transmitted from the client to the server within all license acquisition requests.

The client application maintains a list of CRLs known to it and the associated REV_INFO and RIV. If the RIV reported by the client is lower than the RIV known to the license server, the license server MUST transmit the latest REV_INFO and CRLs to the client within the license acquisition response.

To transmit the latest REV_INFO and CRLs to the client, it is not necessary to understand the entire REV_INFO structure or the format of the CRL data. It is only necessary to understand the REV_INFO.WMDRMRLVIHEAD.dwRIV and compare that to the RIV reported by the client.

Given the previous statements a server implementation must be initialized with the CRLs, REV_INFO and client white list values from the aforementioned enrollment server, before it can successfully validate and interact with a Windows Media DRM client implementation.