Share via

6 Appendix A: Product Behavior

  • Article

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

  • Microsoft Office 2010 suites

  • Microsoft Office Groove 2007

  • Microsoft Office Groove Server 2007

  • Microsoft Groove Server 2010

  • Microsoft SharePoint Workspace 2010

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.2:  The Office Groove 2007 and Microsoft SharePoint Workspace 2010 clients set the minor version number to 4 for account layer messages, and set the minor version number to 3 for device layer messages, while the Office Groove Server 2007 and Microsoft Groove Server 2010 relay servers always set the minor version number to 4.

<2> Section 3.1.1.1:  The encryption key in Office Groove 2007 and Office Groove Server 2007 is the Distinguished Encoding Rules (DER) encoded using the ASN.1 syntax [RFC3641]:

 DHPublicKeyForElgamalEncryption ::= SEQUENCE {
 size INTEGER, -- canned prime size, is  1536
  y     INTEGER, -- public key (g^x mod p, 
                  where x is the 1536-bit Diffie-Hellman private key) 
 }

Diffie-Hellman group parameters used in this case are as follows:

Prime p is 2^1536 minus 0x16F055.

Generator g is 3.

The encryption key in SharePoint Workspace 2010 and Groove Server 2010 is the Distinguished Encoding Rules (DER) encoded using the ASN.1 syntax:

 DHPublicKeyForElgamalEncryption ::= SEQUENCE {
       p    INTEGER, -- prime, p
       q    INTEGER OPTIONAL, -- factor of p-1, only present when p = j*q+1,
                              -- where j is not 2
       g    INTEGER, -- generator, g
       y    INTEGER -- public key (g^x mod p, where x is the private key)

}

<3> Section 3.1.1.3:  Office Groove 2007 uses ElGamal encryption to generate the encryption key pair and SharePoint Workspace 2010 uses RSA encryption to generate the encryption key pair.

<4> Section 3.2.1:  Identity URLs start with the "grooveIdentity://" prefix, and the length of the URL after the prefix does not exceed 80 characters.

<5> Section 3.2.4.3.1:  The Office Groove 2007 and SharePoint Workspace 2010 clients use the user pre-auth token from the first identity in an account when constructing the SecAccountRegister message.

<6> Section 3.2.5.3:  The Office Groove 2007 and SharePoint Workspace 2010 clients make the best effort to send a ConnectClose, but the command can be sent from different sources, and the TCP connection could have been terminated before the command is sent.

<7> Section 3.2.5.4:  The Office Groove 2007 and SharePoint Workspace 2010 clients make the best effort to send a ConnectClose, but the command can be sent from different sources, and the TCP connection could have been terminated before the command is sent.

<8> Section 3.2.5.5:  The Office Groove 2007 and SharePoint Workspace 2010 clients send no Close command when the SecAttachResponse message verification fails.

<9> Section 3.2.5.8:  The Office Groove 2007 and SharePoint Workspace 2010 clients send no Close command when the SecDeviceAccountResponse message verification fails.

<10> Section 3.3.5:  The Office Groove Server 2007 and Groove Server 2010 relay servers allow a valid SecConnectAuthenticate message to be received at any time following receipt of the initial SecConnect, provided that the contents of the duplicate SecConnectAuthenticate validates correctly according to the specified cryptographic algorithms.

<11> Section 3.3.5.1:  If the Office Groove Server 2007 or Groove Server 2010 relay server finds incorrect version numbers in the SecConnect security message header, or encounters any error in parsing the message, it embeds a SecConnectResponseDeviceRegistrationNeeded security message in a ConnectResponse command, sets the ResponseID field in the ConnectResponse to Ok (see [MS-GRVSSTP] for more details), and then sends the ConnectResponse to the client.

<12> Section 3.3.5.4:  In the Office Groove Server 2007 or Groove Server 2010 relay server, when verifying the device nonce from the SecAttachAuthenticate message, the relay server checks the device nonce only if it has generated one and sent the client the SecDeviceAccountRegisterResponse message. If the relay server has not sent the SecDeviceAccountRegisterResponse message to the client in the same SSTP connection, it ignores the device nonce received from the SecAttachAuthenticate message.

<13> Section 3.3.5.5:  In the Office Groove Server 2007 or Groove Server 2010 relay server, if the server finds incorrect version numbers in the SecDeviceAccountRegister security message header, or encounters any error in parsing the message, or detects any account layer message other than SecAccountRegister or SecAccountOnNewDeviceRegister, it ignores the Register command that contains the SecDeviceAccountRegister message.