NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0011:  Clarification on FCS_SSH_EXT.1.4

Publication Date

Protection Profiles

Other References
PP_ND_V1.1, PP_ND_V1.1_Err2, requirement FCS_SSH_EXT.1.4

Issue Description

The SFR requires that the SSH transport implementation use specific encryption algorithms.   Can the restriction to those algorithms be reliant upon configuration of the SSH client?


No.  The restrictions must be implemented by the TOE.


The SFR clearly states that “The TSF shall ensure”. Hence, although a compatible client configuration is necessary for negotiations to succeed, the restrictions must be enforced by the TOE.

Site Map              Contact Us              Home