RMS Revocation Lists

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Revocation lists specify the content, applications, users, or other principals that have been revoked. An organization might include an entity that is in a revocation list for one or more of the following reasons:

  • A private key is known or suspected to be compromised.

  • An owner requests revocation of a key that is believed to be compromised.

  • A principal is no longer valid (for example, an employee has been terminated).

  • A security enforcement flaw exists (for example, a certificate that is issued to a client computer has been compromised).

  • Recertification is required because of authorization changes.

  • Security holes that are present in an RMS-enabled application make it inappropriate to use for consuming highly sensitive content, or for any protected content.

  • A piece of content that was earlier distributed is now out-of-date or no longer appropriate for consumption.

The following table describes the entities that you can specify in a revocation list, along with the information that is used to identify each one.

Entity Identifier

A group of licenses or certificates

Issuer ID or public key

A group of application manifests

Issuer ID or public key

A specific license or certificate

License ID or hash

A specific application manifest

License ID or hash

A specific principal

Principal ID or public key

A specific piece of content

Content ID


For revocation and exclusion, all hashes are SHA-1 [NIS94c], a revision of the Secure Hash Algorithm (SHA), which is specified in the Secure Hash Standard (SHS, FIPS 180). SHA-1 is described in the ANSI X9.30 (part 2) standard.

To revoke by application manifest, you must extract the issuer ID, issuer public key, license ID, or license hash from the application manifest. However, application manifests are base 64 encoded, so that information is not available in clear view. With the Rights Management Client SDK a program can be developed using the DRMConstructCertificateChain, DRMDeconstructCertificateChain and DRMDecode methods to decode the application manifest and obtain the required information. If you want to prevent a certain application's ability to consume rights-protected content, consider using application exclusion to prohibit the RMS cluster from granting use licenses to those applications. The limitation of exclusion is that it cannot prevent someone with a valid use license from decrypting rights-protected content. For more information about application exclusion, see Excluding Applications in "RMS: Operations" in this documentation collection.

Revocation lists are XrML files that specify the following parameters.

Parameter Description


The system time when the XrML file was created. This is used by the REFRESH condition that is in a use license to determine the age of the revocation list.


The name, ID, and address of the revocation list issuer.


The public key of the revocation list issuer.


The name, type, and ID of each revoked entity.