1.6 Applicability Statement

The CredSSP protocol delegates the user's credentials from a client to a server over a mutually authenticated encrypted channel. To avoid revealing the user credentials to unauthorized hosts, the CredSSP client delegates only to trusted servers, as expressed through the security policy that governs the client's computer. The CredSSP protocol was designed to enable the server to impersonate the client across a number of different applications that require the user's long-lived credentials (password).