NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0186:  NIT Technical Decision for Applicability of X.509 certificate testing to IPsec

Publication Date

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
NDcPP V1.0, FWcPP V1.0, FIA_X509_EXT.1.1

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding the applicability of X.509 certificate testing to IPsec.


To align with NIT interpretation # 201628, the following guidance is issued.

The X.509 certificate testing should be performed for all functionality using X.509 certificates, including IPsec. MITM is not practical for modification of the certificates used in IPsec/IKE, instead the X.509 tests should use instrumented clients or servers, presenting modified certificates, to perform the tests.

For further information, please see the NIT interpretation at:


The X.509 requirements are about ensuring the behavior of the TOE when encountering malformed or invalid X.509 certificates regardless of protocol.

Site Map              Contact Us              Home