FIA_PSK_EXT.1 is a mandatory requirement in PP_WLAN_AS_EP_V1.0 when it should be a selection-based requirement because it specifies IPsec or other protocols that uses pre-shared keys, which may not be implemented in the TSF.

Updated 10/09/2018 to allow RADIUS over TLS as a selection in FIA_PSK_EXT.1

The following changes will be made to the PP_WLAN_AS_EP_V1.0:


1.  FIA_PSK_EXT.1 is moved to Appendix C – Selection-Based Requirements of PP_WLAN_AS_EP_1.0.

2.  FIA_PSK_EXT.1.1 is modified as follows:

FIA_PSK_EXT.1.1 The TSF shall be able to use pre-shared keys for [selection: RADIUS over TLS, IPSEC] and [selection: IEEE 802.11 WPA2-PSK, [assignment: other protocols that use pre-shared keys], no other protocols].

3. The first paragraph of the application note is modified as follows:

This requirement shall be included if IPsec or another protocol that uses pre-shared Keys is claimed, and pre-shared key authentication is selected. In the second selection, if other protocols can use pre-shared keys, they should be listed in the assignment as well; otherwise “no other protocols” should be chosen. The intent of this requirement is that all protocols will support both text-based and bit-based pre-shared keys.

See issue description.