TD0423: NIT Technical Decision for Clarification about application of RfI#201726rev2
CPP_FW_V2.0E, CPP_ND_V2.0E, CPP_ND_V2.1
ND SD V2.0E, FW SD V2.0E, ND SD V2.1
The NIT has issued a technical decision for Clarification about application of RfI#201726rev2
The use of ‘endpoint’ and ‘external IT entities’ terms in RFI201726rev2 were not intended to restrict the statements applicability to machine-to-machine connections. The RfI explicitly refers to the requirements for TLS Servers. A TLS Server is expected to be capable of authenticating itself to external IT entities using X.509 certificates – independently whether mutual authentication is supported (FCS_TLSS_EXT.2) or not (FCS_TLSS_EXT.1) and independently whether the communication takes place over a trusted channel, a trusted path or Inter-TOE communication (distributed TOEs). Therefore a TLS Server shall also be capable of generating Certificate Requests which implies that FIA_X509_EXT.3 needs to be claimed.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201840.pdf
See issue description