Archived TD0077: Digital Signature Clarification in the SIP EP
The Application Note for FPT_TUD_EXT.1.3 mistakenly states that the NDcPP’s selection-based SFR FPT_TUD_EXT.2 must be included in the ST. Requiring support for digital signature mechanisms for trusted updates should not automatically require supporting X.509 certificates. Hence, the Application Note is being revised for clarification.
On page 8 under the Application Note for FPT_TUD_EXT.1.3, the sentence “This also triggers the inclusion of the NDcPP’s selection-based SFR FPT_TUD_EXT.2 as specified in the NDcPP” is being removed.
The new Application Note reads:
The NDcPP provides an option of which method of verification the ST author wishes to specify. For compliance with this EP, a digital signature mechanism (one of those specified in FCS_COP.1(2) must be employed. Note that the ST author should include the other two elements of the NDcPP FPT_TUD_EXT.1 in the ST without modification.
Clarification of requirement