Archived TD0296: Update to FCS_HTTPS_EXT.1.3
It is acceptable for an application software TOE to silently fail HTTPS certificate validation if the intent of the interface is for machine-to-machine communications and not user-initiated.
FCS_HTTPS_EXT.1.3 is modified as follows:
The application shall [selection: not establish the connection, notify the user and not establish the connection, notify the user and request authorization to establish the connection ] if the peer certificate is deemed invalid.
This requirement depends upon selection in FTP_DIT_EXT.1.1.
Application Note: Validity is determined by the certificate path, the expiration date, and the revocation status in accordance with RFC 5280. If the communication is user-initiated, the application must select to notify the user.
Assurance Activity: Certificate validity shall be tested in accordance with testing performed for FIA_X509_EXT.1, and the evaluator shall perform the following test:
Test 1: The evaluator shall demonstrate that using a certificate without a valid certification path results in the selected action in the SFR. If "notify the user" is selected in the SFR, then the evaluator shall also determine that the user is notified of the certificate validation failure. Using the administrative guidance, the evaluator shall then load a certificate or certificates to the Trust Anchor Database needed to validate the certificate to be used in the function, and demonstrate that the function succeeds. The evaluator then shall delete one of the certificates, and show that again, using a certificate without a valid certification path results in the selected action in the SFR, and if "notify the user" was selected in the SFR, the user is notified of the validation failure.
See issue description.