Archived
TD0169: NIT Technical Decision for Compliance to RFC5759 and RFC5280 for using CRLs
Publication Date
2017.04.04
Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0
Other References
FIA_X509_EXT.1.1
Issue Description
The Network Interpretations Team (NIT) has issued a technical decision regarding compliance to RFC5759 and RFC5280 for using CRLs.
Resolution
The paragraph: "The TSF shall validate the revocation status of the certificate using [selection: the Online Certificate Status Protocol (OCSP) as specified in RFC 2560, a Certificate Revocation List (CRL) as specified in RFC 5759]." in FIA_X509_EXT.1.1 shall be modified as follows: "The TSF shall validate the revocation status of the certificate using [selection: the Online Certificate Status Protocol (OCSP) as specified in RFC 2560, a Certificate Revocation List (CRL) as specified in RFC 5280 Section 6.3, Certificate Revocation List (CRL) as specified in RFC 5759 Section 5]." For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI08rev2.pdf.
Justification
See issue description. |