NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0015:  FPF_RUL_EXT.1.7 Clarification needed for IPv6 extension header numbers

Publication Date

Protection Profiles

Other References
PP_ND_VPN_GW_EP_V1.1, requirement FPF_RUL_EXT.1.7

Issue Description

FPF_RUL_EXT.1.7 Tests 4-6  refer to Table 9-1 (Defined Protocol-specific Values), which incorrectly identifies IPv6 Extension Header numbers as transport layer protocols. RFC 2460 lists the following IPv6 Extension Headers: Hop-by-Hop options (0), Destination options (60), Routing (43), Fragment (44), AH (51), and ESP (50)).


The IPv6 extension header numbers do not need to be tested.   The VPN_GW EP will be updated to remove them from the list of IPv6 protocols in Table 9-1.


TD0007 removed the IPv6 extension header numbers from Table 4-2 in the FW EP for the tests in FFW_RUL_EXT.1.10 for the same reason.

Site Map              Contact Us              Home