[MS-WCCE] and [MS-CRTD] incorrent CT_FLAG_DONOTPERSISTINDB definition

Vadims Podāns 9,036 Reputation points MVP
2022-05-11T09:41:27.513+00:00

The CT_FLAG_DONOTPERSISTINDB certificate template's setting flag numerical value is incorrect.

The CT_FLAG_DONOTPERSISTINDB is defined in [MS-CRTD] §2.4 as: 

CT_FLAG_DONOTPERSISTINDB = 0x00000400

and referenced in [MS-WCCE] §3.2.2.6.2.1.4.4.1 with same value.

However, after modifying the certificate template to enable this flag the flags value changed by 4096 (0x1000). And certutil dump for template shows same (0x1000) value for this bit:

200915-image.png

I tend to believe that my observation and certutil output are correct and [MS-CRTD] and [MS-WCCE] docs are not correct.

Although not related to protocols, same incorrect value is referenced in Windows SDK samples: https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/security/certificateservices/policy/c++/WindowsServer2008R2/policy.h

Windows Open Specifications
Windows Open Specifications
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Open Specifications: Technical documents for protocols, computer languages, standards support, and data portability. The goal with Open Specifications is to help developers open new opportunities to interoperate with Windows, SQL, Office, and SharePoint.
39 questions
0 comments
Accepted answer
  1. Sreekanth Nadendla 321 Reputation points Microsoft Employee
    2023-04-03T15:46:58.52+00:00

    Hello Vadim, this issue has been resolved. MS-WCCE and MS-CRTD specifications have been updated to show correct value 0x00001000 for CT_FLAG_DONOTPERSISTINDB. Let us know if you have additional questions.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open Specifications

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sreekanth Nadendla 321 Reputation points Microsoft Employee
    2022-05-11T14:40:20.113+00:00

    Hello Crypt32, thank you for your question about open specifications (MS-* documents from Microsoft Open Specifications library). I will investigate this issue for you.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open Specifications

    0 comments
  2. Sreekanth Nadendla 321 Reputation points Microsoft Employee
    2022-05-16T17:46:40.117+00:00

    Hello Crypt32, it seems your findings are accurate. I will inform our documentation team to get these references updated. Hope this helps.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open Specifications