Archived TD0281: NIT Technical Decision for Testing both thresholds for SSH rekey
CPP_ND_V1.0, CPP_ND_V2.0, CPP_ND_V2.0E
FCS_SSHC_EXT.1.8, FCS_SSHS_EXT.1.8, ND SD V1.0, ND SD V2.0
The Network Interpretations Team (NIT) has issued a technical decision regarding Testing both thresholds for SSH rekey.
To align with NIT interpretation # 201717 the following changes shall be implemented:
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfi201717.pdf.
As stated in the 'Resolution' section above, the NIT confirms that the intention of FCS_SSHC_EXT.1.8 and FCS_SSHS_EXT.1.8 is that both thresholds are implemented and tested. But in particular case when the threshold cannot be met due to hardware limitations, it is reasonable that testing could be omitted for this threshold. It is not expected that a check is implemented for a threshold that cannot be reached by the TOE.