none
[MS-OCSPA] missing revocation provider property RRS feed

  • Question

  • Last table in [MS-OCSPA] §3.2.4.1.3 describes defined Provider properties. However, it seems, there is missing property called "RefreshTimeOut". Windows implementation has definition for this property in certadm.h file:

    #define wszOCSPREVPROP_REFRESHTIMEOUT	L"RefreshTimeOut"

    but no reference in protocol specifications. Is this a doc bug? Value type for this property is VT_I4. This property is exposed via IOCSPCAConfiguration::get_ProviderProperties method which is built on top of [MS-OCSPA], I believe.


    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    Wednesday, May 27, 2020 7:51 AM

Answers

  • Hi Vadims,

    It appears you are correct about the missing property. I will file a ticket to update the spec and follow up. 

    Thank you for reporting this issue. 

    Thanks,


    Jeff McCashland | Microsoft Protocols Open Specifications Team

    Wednesday, May 27, 2020 10:07 PM
    Moderator

All replies

  • Thank you for your question.  An engineer from the protocols team will contact you soon.

    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team

    Wednesday, May 27, 2020 8:57 PM
    Moderator
  • Hi Vadims,

    I will research your question and let you know what I find. 

    Thanks,


    Jeff McCashland | Microsoft Protocols Open Specifications Team

    Wednesday, May 27, 2020 9:39 PM
    Moderator
  • Hi Vadims,

    It appears you are correct about the missing property. I will file a ticket to update the spec and follow up. 

    Thank you for reporting this issue. 

    Thanks,


    Jeff McCashland | Microsoft Protocols Open Specifications Team

    Wednesday, May 27, 2020 10:07 PM
    Moderator
  • Hi Vadims,

    We have updated [MS-OCSPA] for the next release. 

    3.2.4.1.3 GetCAConfigInformation (Opnum 5)

    We added the following to the first table:

    ReminderDuration

    The vt member of the VARIANT MUST be set to VT_I4, and the lVal member MUST be a DWORD value denoting the percentage of the signing certificate’s lifetime, after which, if the signing certificate is not renewed, a warning event will be logged.

    and to the second table:

    RefreshTimeout

    The vt member of the VARIANT MUST be set to VT_I4, and the lVal member MUST be the time-out value in milliseconds associated with refreshing the CRL information.

    I hope that helps!


    Jeff McCashland | Microsoft Protocols Open Specifications Team

    Monday, June 22, 2020 10:44 PM
    Moderator