On Thu, 2015-03-19 at 21:19 +0000, Edgar Olougouna wrote: > Andrew, > MS-BKRP will be updated to reflect the following. > The current (preferred) key is rolled over 90 days from creation, this > is non configurable in Windows. When a new key is created, the > expiration date of 90 days is calculated and saved with the associated > key guid. Expiration is detected when the key is used (attempted to be > used) for encryption. If the key has expired, key roll over should > occur and encryption creates and uses a new key. Expired keys remain > available for decryption only. Encryption only uses the preferred > key.
Thanks. How specifically is the expiration date stored? > Thanks again for helping us improve the specs. My pleasure, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
