3.2.1.4.3.1.1 dwFlags Packed Data Requirements

Article
04/23/2024

The dwFlags field consists of a set of flags and values that MUST define the pctbRequest parameter BLOB and the expected content of the pctbCertChain parameter. This field MUST contain packed data specified as follows.

0	1	2	3	4	5	6	7	8	9	1 0	1	2	3	4	5	6	7	8	9	2 0	1	2	3	4	5	6	7	8	9	3 0	1
ExtendedFlags								Flags								RequestType								Padding2

ExtendedFlags: This bit-field defines extended options for the server’s request processing.

0	1	2	3	4	5	6	7
0	0	0	0	B	A	0	0

Where the bits are defined as follows:

	Description
A	If this bit is set, the server MUST process the request as a new Certificate Transparency request, in accordance with section 3.2.1.4.2.1.4.3.1.
B	If this bit is set, the server MUST process the request as a new Pre-sign certificate request, in accordance with section 3.2.1.4.2.1.4.10.1.

Description

If this bit is set, the server MUST process the request as a new Certificate Transparency request, in accordance with section 3.2.1.4.2.1.4.3.1.

If this bit is set, the server MUST process the request as a new Pre-sign certificate request, in accordance with section 3.2.1.4.2.1.4.10.1.

Flags (1 byte): This bit-field MUST define options for the server's request processing and the response.

0	1	2	3	4	5	6	7
0	0	Z	0	X	Y	0	0

Where the bits are defined as follows:

Value	Description
X	If this bit is set, the response MUST include the CRLs for all the certificates returned in the pctbCertChain and pctbEncodedCert parameters.
Y	If this bit is set, then the response MUST be a CMC full PKI response. If it is not set, the response MUST be a CMS. This bit supported by the ICertRequestD2::Request2 method only.
Z	If this bit is set, this is a renewal request on behalf of another user. The processing rules for this type of request are specified in section 3.2.2.6.2.1.2.4.

Value

Description

If this bit is set, the response MUST include the CRLs for all the certificates returned in the pctbCertChain and pctbEncodedCert parameters.

If this bit is set, then the response MUST be a CMC full PKI response. If it is not set, the response MUST be a CMS. This bit supported by the ICertRequestD2::Request2 method only.

If this bit is set, this is a renewal request on behalf of another user. The processing rules for this type of request are specified in section 3.2.2.6.2.1.2.4.

RequestType (1 byte): RequestType MUST define the possible formats of the certificate request submitted in the pctbRequest parameter (format types are specified in [RFC2797]).

Value	Meaning
0x00	The client relies on CA to determine the request type. See section 3.2.1.4.2.1.4 for more details.
0x01	The request format MUST be a PKCS #10 request structure.
0x02	The request format MUST be a Netscape KEYGEN request structure.
0x03	The request format MUST be a CMS request structure.
0x04	The request format MUST be a Certificate Management Messages over a CMS (CMC) request structure.
0x05	The request format MUST be a response to the attestation CAChallenge.
0x06	The request format MUST be a SignedCertificateTimestampList structure.

Padding2 (1 byte): This field MUST be set to 0 and ignored upon receipt.

3.2.1.4.3.1.1 dwFlags Packed Data Requirements

Additional resources