'Re: [cifs-protocol] =?utf-8?q?=5BEXTERNAL=5D_=5BMS-GKDI=5D_GetKey_?='

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    Re: [cifs-protocol]  =?utf-8?q?=5BEXTERNAL=5D_=5BMS-GKDI=5D_GetKey_?=
From:       "Jeff McCashland \(He/him\) via cifs-protocol" <cifs-protocol () lists ! samba ! org>
Date:       2023-11-21 5:06:46
Message-ID: MN0PR21MB370144C586952246990E40CAA3BBA () MN0PR21MB3701 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]

[DocHelp to BCC, support on CC, SR ID on Subject]

Hi Joseph,

Thank you for your question. We have created SR 2311210040001551 to track this issue. \
One of our engineers will respond soon. 

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open \
                Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific \
Time (US and Canada) Local country phone number found here: \
http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Joseph Sutton <jsutton@samba.org> 
Sent: Monday, November 20, 2023 7:50 PM
To: cifs-protocol@lists.samba.org; Interoperability Documentation Help \
                <dochelp@microsoft.com>
Subject: [EXTERNAL] [MS-GKDI] GetKey — Group Keys and Seed Keys

Hi dochelp,

The documentation for GetKey ([MS-GKDI] 3.1.4.1) states that, in general, there are \
four types of GetKey request: two requesting the latest group key, and two requesting \
a specific seed key. If L0KeyID, L1KeyID, and L2KeyID are all equal to −1, the caller \
has requested a group key, and if they are all greater than −1, a seed key.

Further on, the documentation states:

“6. If the client is only authorized to access public keys […] compute the public key \
corresponding to the SK […] Return the result in the ppbOut parameter of the GetKey \
method […] and then exit. “7. If the client is authorized to access seed keys […] \
then:  [directions follow for returning a seed key].”

Steps 6 and 7, taken literally, seem to imply that whether to return a seed key \
depends only on the client’s access privileges. But that would be contrary to the \
earlier passage which leaves the choice up to the client — although still restricted \
by their privileges.

Which reading is the correct one?

Regards,
Joseph
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

[prev in list] [next in list] [prev in thread] [next in thread] 