TD0273: Rekey after CAK expiration
Publication Date
2017.12.20
Protection Profiles
PP_NDCPP_MACSEC_EP_V1.2
Other References
FCS_MACSEC_EXT.4
Issue Description
Issue 1: There is a discrepancy in the PP_NDCPP_MACSEC_EP_V1.2 Test 2 that requires verification that a CAK be protected when distributed, when none of the elements of FCS_MACSEC_EXT.4 state that the CAK must be wrapped, and FCS_MACSEC_EXT.4.2 specifically requires the SAK to be wrapped. Issue 2: Additionally, FCS_MACSEC_EXT.4 Test 3 and FMT_SMF.1 Test 3 are almost identical, and do not account for TOEs that only support pre-shared keys for CAK establishment. Resolution
For Issue 1: There is a typo in the PP_NDCPP_MACSEC_EP_V1.2. Therefore, FCS_MACSEC_EXT.4 Test 2 is modified to replace the word “CAK” with “SAK” as follows:
For Issue 2: FCS_MACSEC_EXT.4 Test 3 and FMT_SMF.1 Test 3 are duplicative, therefore, FCS_MACSEC_EXT.4 Test 3 shall be removed. Justification
See issue description. |