NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0433:  Assurance activity for FIA_X509_EXT.1.2

Publication Date
2019.08.13

Protection Profiles
PP_BASE_VIRTUALIZATION_V1.0

Other References
FIA_X509_EXT.1.2

Issue Description

The assurance activities for FIA_X509_EXT.1.2 in Protection Profile for Virtualization v1.0 need clarification. 

Resolution

The assurance activities for FIA_X509_EXT.1.2 are modified as follows:

Tests 4-6 shall be replaced with the following:

  • Test 4: The evaluator shall ensure that at least one of the CAs in the chain does not contain the basicConstraints extension. The evaluator confirms that the TOE rejects such a certificate at one (or both) of the following points: (i) as part of the validation of the leaf certificate belonging to this chain; (ii) when attempting to add a CA certificate without the basicConstraints extension to the TOE’s trust store (i.e. when attempting to install the CA certificate as one which will be retrieved from the TOE itself when validating future certificate chains).
  •  Test 5: The evaluator shall ensure that at least one of the CA certificates in the chain has a basicConstraints extension in which the CA flag is set to FALSE. The evaluator confirms that the TOE rejects such a certificate at one (or both) of the following points: (i) as part of the validation of the leaf certificate belonging to this chain; (ii) when attempting to add a CA certificate with the CA flag set to FALSE to the TOE’s trust store (i.e. when attempting to install the CA certificate as one which will be retrieved from the TOE itself when validating future certificate chains).
  • Test 6.: DELETED
Justification

See issue description.

 
 
Site Map              Contact Us              Home