Validated Product - Tumbleweed Valicert Validation Authority Version 4.8, Hot Fix 3 (build 388)

PRODUCT DESCRIPTION

The Tumbleweed Valicert Validation Authority is a certificate validation product produced by Tumbleweed Communications, 700 Saginaw Drive, Redwood City, CA 94063.

The TOE is Tumbleweed Valicert Validation Authority, Version 4.8, build 388. The Tumbleweed Valicert Validation Authority (VA) provides a universal clearing house for establishing the validity of a digital certificate. The VA represents a centralized store of aggregated Certification Authority (CA) published Certificate Revocation Lists (CRLs). The VA Server is CA neutral, supports multiple CAs, several different trust models, and CA specific validation policies. Certificate status data is continuously available and accessible to Public Key Infrastructure (PKI) applications via several standard real-time protocols. These protocols allow PKI enabled applications, like the Tumbleweed Desktop and Server Validator clients, to obtain the status of a specific certificate rather than the raw cumulative CRL periodically published by the CA. Thus the introduction of a VA addresses the scalability and access issues associated with client certificate validation in PKI, as well as add audit capability.

The Validation Authority offers the following capabilities:

• Supports multiple validation protocols, including SCVP, VACRL and CMP
• Can be deployed in both Responder and Repeater modes to address security and scalability issues
• Operates in multiple trust models - including direct trust, CA-delegated and VA-delegated
• Allows digital signing of Online Certificate Status Protocol (OCSP) requests so that only authorized clients' queries are processed.
• Supports software and Public Key Certificate Standard (PKCS) #11 and Cryptographic Application Programming Interface (CAPI) token-based hardware signing and encryption.
• Allows digital signing of Online Certificate Status Protocol (OCSP) requests so that only authorized clients' queries are processed.

• Includes an integrated software cryptographic module that is FIPS 140-1 compliant for key management
• Enables requests, responses, and administration to be carried out over a Secure Sockets Layer (SSL) session.
• Allows use of different private keys for signing responses, SSL, audit logs, forwarding requests and VA-to-VA mirroring.
• Provides audit trails and non-repudiation through digitally signed and tamper proof Extensible Markup Language (XML) logs.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Tumbleweed TOE meets the security requirements contained in the Security Target - Tumbleweed Valicert Validation Authority Security Target, Version 0.83, 04/03/06. While the Valicert Validation Authority can operate on any of the following operating systems: Windows 2000, Windows Server 2003, Solaris 2.7, 2.8, 2.9 and 2.10, Red Hat Enterprise Linux versions 7, 8, and 9, specific test results were analyzed for Windows 2000, Solaris 2.9, and Red Hat Enterprise Linux 9.0.

The criteria against which the Tumbleweed TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the Tumbleweed TOE is EAL 3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.

A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in April 2006. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The Tumbleweed TOE implements security functions that support Security Audit, Backup and Recovery, Access Control, Identification & Authentication, Remote Data Entry and Export, Key Management, and Profile Management.

Security Audit - VA provides the ability to audit security relevant events. Each audit record includes the responsible user, date, time, and other details. Valicert VA protects the audit trail and ensures that only authorized users can access the audit data.

Backup and Recovery - Valicert VA includes a backup and restore capability. In order to be able to recover from failures and other unanticipated undesired events, Valicert VA can back up the system. The backup can be used to restore the Valicert VA to an operational status at a previous point in time.

Access Control - Valicert VA provides the ability to limit access to the various services provided by the VA. These limitations are provided via a set of access control lists.

Identification and Authentication - Valicert VA requires that users be identified and authenticated before allowing them to perform any other functions.

Remote Data Entry and Export - Valicert VA uses SSL to protect remote data import and export functions.

Key Management - Valicert VA provides several key management functions. These functions include protecting secret and private keys.

Profile Management - Valicert VA provides management functions to manipulate several types of profiles including certificates, CRLs, and OCSP responses that are generated.