8 Change Tracking

This section identifies changes that were made to this document since the last release. Changes are classified as Major, Minor, or None.

The revision class Major means that the technical content in the document was significantly revised. Major changes affect protocol interoperability or implementation. Examples of major changes are:

  • A document revision that incorporates changes to interoperability requirements.

  • A document revision that captures changes to protocol functionality.

The revision class Minor means that the meaning of the technical content was clarified. Minor changes do not affect protocol interoperability or implementation. Examples of minor changes are updates to clarify ambiguity at the sentence, paragraph, or table level.

The revision class None means that no new technical changes were introduced. Minor editorial and formatting changes may have been made, but the relevant technical content is identical to the last released version.

The changes made to this document are listed in the following table. For more information, please contact dochelp@microsoft.com.

Section

Description

Revision class

2.1 Transport

11173 : Clarified how authentication level configuration impacts client CA connections: 1) If CA server has IF_ENFORCEENCRYPTICERTREQUEST set and RPC_C_AUTHN_LEVEL_PKT_PRIVACY (0x06) auth level is not specified by client, CA MUST deny connection to client and return non-zero error; 2) If CA server has IF_ENFORCEENCRYPTICERTADMIN set and RPC_C_AUTHN_LEVEL_PKT_PRIVACY (0x06) auth level is not specified by client, CA MUST deny a connection to client and return non-zero error.

Major

2.2.2.6.5 Null Signature

11193 : Added information about conditions and processing for null signatures in certificate requests.

Major

3.1.1.4.3.1.3 New Certificate Request Using CMS and CMC Request Formats

11193 : Added reference to null signature processing.

Major

3.1.1.4.3.2.2 Renew Certificate Request Using CMS and CMC Request Formats

11193 : Added reference to null signature processing.

Major

3.1.1.4.3.3.3 Enroll on Behalf of Certificate Request Using CMS and CMC Request Formats

11193 : Added reference to null signature processing.

Major

3.1.1.4.3.6.1 Certificate Request with a Private Key Using CMC Request Format

11193 : Added reference to null signature processing.

Major

3.2.1.4.2.1.4.1.3 New Certificate Request Using CMS and CMC Request Format

11193 : Added reference to null signature processing.

Major

3.2.1.4.2.1.4.2.2 Renewing a Certificate Request Using CMS and CMC Request Format

11193 : Added reference to null signature processing.

Major

3.2.1.4.3.2.15.1 Creating a CA Exchange Certificate

11201 : Updated information about creating a CA Exchange Certificate.

Major

3.2.1.4.3.2.15.1 Creating a CA Exchange Certificate

11216 : Updated process to create exchange certificate (step 13) to clarify the value of the Signature Algorithm field as the name of the signing algorithm configured at the CA.

Major

3.2.2.6.2.1.2.1.2 Request on Behalf of Using CMS and CMC Request Format

11193 : Added reference to null signature processing.

Major

3.2.2.6.2.1.2.2 Processing Rules for Requests That Include Private Key Information

11193 : Added reference to null signature processing.

Major

3.2.2.6.2.1.4.5.7 msPKI-Private-Key-Flag

11204 : Removed extra leading zeroes in the following flags in the msPKI-Private-Key-Flag attribute to reduce the hex value length from 9 to 8 digits  in each stated value: 0x00002000  CT_FLAG_ATTEST_REQUIRED *, 0x00001000  CT_FLAG_ATTEST_PREFERRED *, 0x00004000  CT_FLAG_ATTESTATION_WITHOUT_POLICY *, 0x00000200  CT_FLAG_EK_TRUST_ON_USE *, 0x00000400  CT_FLAG_EK_VALIDATE_CERT *, and 0x00000800  CT_FLAG_EK_VALIDATE_KEY *.

Major