2.2.1.5.3 Certificate Revocation Lists

WMDRM: Network Devices Protocol certificate revocation lists (CRLs) contain digests of revoked certificates and can be provided and signed only by Microsoft. They are typically distributed through DRM licenses, and only transmitters or receivers with transmitting capabilities need to maintain CRLs.

CRLs can revoke any certificate in the device certificate's chain. If any certificate in the chain is revoked, then that certificate and all of the certificates below it in the chain are also revoked.

When transmitters receive a CRL, they MUST make sure the CRL is valid. To verify that the CRL is valid, transmitters MUST verify that the CRL certificate, which is part of the CRL, is directly signed by the Microsoft Root Certificate and has the SignCRL element value set to the string "1". The signature of the CRL MUST also be verified.

After the CRL is verified, transmitters can store it. The CRL version number MUST be checked before storing so that the transmitter always stores the newest version.

Transmitters can also store the well-known Microsoft CRL signing public key in secure nonvolatile storage. For devices that choose this approach, verifying the CRL involves only checking the signature on the CRL itself.

A receiver that also has transmitting capabilities MUST compare its currently stored version of the CRL to the transmitter's CRL. If the transmitter's CRL is newer, the transmitter MUST send its CRL the receiver. If the transmitter's CRL is not newer, no CRL is sent to the receiver.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

CRLVersion

NumberOfEntries

RevocationEntries (variable)

...

CertificateLength

Certificate (variable)

...

SignatureType

SignatureLength

Signature (variable)

...

CRLVersion (4 bytes): Contains the version of the CRL.

NumberOfEntries (4 bytes): Indicates the number of revocation entries.

RevocationEntries (variable): The array of revocation entries.

CertificateLength (4 bytes): Indicates the length, in bytes, of the XML certificate and its certificate chain.

Certificate (variable): The XML certificate.

SignatureType (1 byte): Indicates the type of signature.

SignatureLength (2 bytes): Indicates the length of the signature, in bytes.

Signature (variable): Contains the signature of the CRL.

Header: Contains the version number of the CRL and the number of revocation entries in the CRL. A CRL can contain zero or more entries.

Revocation entries: Contains the revocation entries. Each revocation entry is the 160-bit digest of a revoked certificate. The transmitter compares this digest with the DigestValue element within the certificate it is checking.

Certificate: A 32-bit integer value. Indicates the length, in bytes, of the XML certificate and its certificate chain, along with the byte array containing the XML certificate of the certificate authority (CA) and certificate chain that has Microsoft as the root. The certificate MUST be signed by a CA that has the authority to issue CRLs.

Optionally, devices can store the well-known Microsoft CRL signing public key in secure, nonvolatile storage. For devices that choose this approach, verifying the CRL involves only checking the signature on the CRL itself.

This certificate MUST NOT be null terminated.

Signature: Contains the signature type and length, and the digital signature itself. The 8-bit type is set to 0x02 to indicate that it uses SHA-1 [FIPS180-2] with 1024-bit RSA encryption. The length is a 16-bit value containing the length of the digital signature, in bytes, and the digital signature is calculated over all prior sections of the CRL.

The signature is calculated using the RSASSA-PSS digital signature scheme defined in (version 2.1) [PKCS1]. The hash function is SHA-1 [FIPS180-2], defined in FIPS 180-2—and the mask generation function is MGF1, which is defined in section B.2.1 in PKCS#1 (version 2.1) [PKCS1].