Share via

[MS-WCCE] and [MS-CRTD] incorrent CT_FLAG_DONOTPERSISTINDB definition

Vadims Podāns 9,126 Reputation points MVP
May 11, 2022, 9:41 AM

The CT_FLAG_DONOTPERSISTINDB certificate template's setting flag numerical value is incorrect.

The CT_FLAG_DONOTPERSISTINDB is defined in [MS-CRTD] §2.4 as:

CT_FLAG_DONOTPERSISTINDB = 0x00000400  

and referenced in [MS-WCCE] §3.2.2.6.2.1.4.4.1 with same value.

However, after modifying the certificate template to enable this flag the flags value changed by 4096 (0x1000). And certutil dump for template shows same (0x1000) value for this bit:

200915-image.png

I tend to believe that my observation and certutil output are correct and [MS-CRTD] and [MS-WCCE] docs are not correct.

Although not related to protocols, same incorrect value is referenced in Windows SDK samples: https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/security/certificateservices/policy/c++/WindowsServer2008R2/policy.h

Windows Open Specifications
Windows Open Specifications
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Open Specifications: Technical documents for protocols, computer languages, standards support, and data portability. The goal with Open Specifications is to help developers open new opportunities to interoperate with Windows, SQL, Office, and SharePoint.
42 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sreekanth Nadendla 411 Reputation points Microsoft Employee
    Apr 3, 2023, 3:46 PM

    Hello Vadim, this issue has been resolved. MS-WCCE and MS-CRTD specifications have been updated to show correct value 0x00001000 for CT_FLAG_DONOTPERSISTINDB. Let us know if you have additional questions.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open Specifications

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Sreekanth Nadendla 411 Reputation points Microsoft Employee
    May 11, 2022, 2:40 PM

    Hello Crypt32, thank you for your question about open specifications (MS-* documents from Microsoft Open Specifications library). I will investigate this issue for you.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open Specifications

    0 comments No comments

  2. Sreekanth Nadendla 411 Reputation points Microsoft Employee
    May 16, 2022, 5:46 PM

    Hello Crypt32, it seems your findings are accurate. I will inform our documentation team to get these references updated. Hope this helps.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open Specifications


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.