NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0331:  SSH Rekey Testing

Publication Date

Protection Profiles

Other References

Issue Description

The SSHEPv1.0 does not impose any audit requirements.  However two test cases mention using audit logs in testing - FCS_SSHS_EXT.1.7 and FCS_SSHC_EXT.1.7.   It is not necessary to use any audit logs to test that rekey is actually occuring as expected.


Test 1 for both FCS_SSHS_EXT.1.7 and FCS_SSHC_EXT.1.7 is replaced as follows:

Test 1: The evaluator will configure the TOE to create a log entry when a rekey occurs. The evaluator will connect to the TOE with an SSH client and cause a rekey to occur according to the selection(s) in the ST, and subsequently the evaluator uses available methods and tools to verify that rekeying occurs. This could be done, e.g., by checking that a corresponding audit event has been generated by the TOE, if the TOE supports auditing of rekey events. 


See issue description.

Site Map              Contact Us              Home