Archived TD0027: Removal of FPT_RPL.1 in WLAN AS PP
PP_WLAN_AS_V1.0, requirement FPT_RPL.1
The WLAN AS PP does not define an assurance activity directly for FPT_RPL.1, but FAU_GEN.1 requires the capability to generate related audit records (specifically, detected replay attacks). The assurance activity for FAU_GEN.1 notes “…the testing here can be accomplished in conjunction with the testing of the security mechanisms directly. For example, testing to ensure the TOE can detect replay attempts will more than likely be done to demonstrate that requirement FPT_RPL.1 is satisfied.” However, as previously noted, there are no tests specified for FPT_RPL.1. It is unclear how this SFR is to be tested in a manner consistent with the goals of tailored assurance embodied in the new-style Protection Profiles—without an explicit test activity, it is unclear how the goals of consistent and repeatable evaluation results are achieved. In addition, it should be noted that FPT_RPL.1 was specified in NDPP V1.0, also without an accompanying assurance activity, but was removed from NDPP V1.1.
FPT_RPL.1 can be removed from the WLAN AS PP.
FPT_RPL.1 was removed from the NDPP because for IPsec, SSH, and TLS we believed that replay testing was covered by the testing of these protocols; we don't think we are getting any additional assurance from this requirement than we were getting from the specific requirements for these protocols. We have verified that the 802.11 protocol also provides replay detection and rejection of replayed data packets within AES-CCMP, so the needed replay functionality will be tested by the testing of 802.11 and FPT_RPL will not add any additional assurance.