NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0003:  RSA Based Key Generation in MDFPP

Publication Date
2014.04.14

Protection Profiles
PP_MD_v1.1

Other References
PP_MD_v1.1

Issue Description

FCS_CKM.1.1(1) in the MDFPP mandates RSA based key generation for key establishment (in accordance with NIST Special Publication 800-56B) with DSA and ECDSA as selections. The application notes state that RSA is required in accordance with FCS_TLS_EXT.1 and that in the future, SP-800-56A for elliptic curves will be required. However, the RSA based key establishment scheme in FCS_TLS_EXT.1 is not really “required”/mandatory in accordance with FCS_TLS_EXT.1 – neither to support the mandatory TLS_RSA_WITH_AES_128_SHA ciphersuite, nor to verify a server certificate.

Resolution

It is not required for a vendor to implement RSA key generation in accordance with SP800-56B for the purposes of key establishment as TLS does not require this capability from a client.

Justification
 
 
Site Map              Contact Us              Home