![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel
TYPE: NIAP Interpretation
NUMBER: I-0479
STATUS: Sent to CCEVS Management and CCIMB for Review
TITLE: FTP_ITC.1.3 Specifies The Functions Needing A Trusted
Channel
FIRST POST: [cc-cmt 01251]
SOURCE REFERENCE: CC v2.1 Part 2 Subclause 13.1 FTP_ITC.1
CC v2.1 Part 2 Subclause M.1 FTP_ITC.1
RELATED TO: <None>
ISSUE:
In CC v2.1/v2.2, FTP_ITC.1.3 specifies the list of functions for which a trusted channel is required AND for which the TSF shall initiate communication. The problem is that, given that FTP_ITC.1.2 permits either the TSF or the remote IT to initiate the channel, FTP_ITC.1.3 is contradictory if the remote trusted IT product was assigned in 1.2 (that is, 1.3 seems to be incorrectly stated in requiring the TSF to initiate the channel).STATEMENT
The trusted channel should be able to be initiated by the remote IT trusted product, if such is specified in the assignment of FTP_ITC.1.2.RECOMMENDED CRITERIA CHANGES
FTP_ITC.1.3 is changed to:
The TSF shallintiate communication via theuse a trusted channel for the following functions: [assignment: list of functions for which a trusted channel is required].
SUPPORT:
The intents of the three elements of FTP_ITC.1 are, respectively:- There must be a trusted channel.
- Either the TSF or the remote trusted IT product may initiate the communication.
- The trusted channel must be used for the functions listed in the assignment.
The cited criteria changes remove the contradiction that would result if "the remote trusted IT product" was assigned in 1.2.