NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0516:  Behavior on Receiving TLS Certificate Request, FDP_TEP_EXT.1

Publication Date
2020.06.17

Protection Profiles
MOD_STIP_V1.0

Other References
FDP_TEP_EXT.1

Issue Description

The client behaviour defined by RFC 5246 on receiving a TLS Certificate request is that “If no suitable certificate is available, the client MUST send a certificate message containing no certificates.  That is, the certificate_list structure has a length of zero.  If the client does not send any certificates, the server MAY at its discretion either continue the handshake without client authentication, or respond with a fatal handshake_failure alert.”
The selection operation in FDP_TEP_EXT.1.7 does not allow a TLS/SSL Proxy to behave in this manner (i.e., send an empty certificate list).

Resolution

The Application Note for FDP_TEP_EXT.1.5 is modified as follows.
Application Note, Paragraph 3 is replaced:
The first item is chosen if the TOE supports multiple responses to a client certificate request message from a requested server; FDP_TEP_EXT.1.7 and its Application Note have additional details.


The FDP_TEP_EXT.1.7 SFR and its associated FDP_TEP_EXT.1 EAs in the SD are replaced as follows.

FDP_TEP_EXT.1.7 The TSF shall [selection: perform a [selection [block, bypass, mutual authentication inspection] operation, send an empty certificate list as part of the inspection operation] on the session when receiving a TLS certificate request message from the requested server when establishing the TLS in accordance with FCS_TTTC_EXT.1.

Application Note:
The ST author will select one or more response options according to the capabilities of the TSF. A mutual authentication inspection operation is a variant of the inspection operation. If this item is selected, the mutual authentication SFR in appendix B.4 must be claimed. If mutual authentication is not supported, one or more of the remaining options is selected: 'Block' and 'send an empty certificate list as part of the inspection operation' are alternative methods to ensure that certificates issued by the TOE's embedded certificate authority are not provided to requested servers that are not known to trust the CA. Block is initiated by the TSF; the TOE terminates the TLS session, whereas 'send an empty certificate list...' allows the requested server to continue with the TLS session without client authentication or terminate the session.

Inspection of mutual authenticated TLS requires both the client and server to trust the embedded CA, and therefore has limited use. It is preferred that inspection of mutual authenticated TLS be performed by components of the requested server security architecture (e.g. via a traffic filtering firewall or an attribute-based access control mechanism) and not be performed by devices described in this PP-Module. If mutual authentication inspection is selected, then the selection-based requirements in Section B.5 will be included by the ST authors, and the “mutual authentication” item will be selected in FCS_TTTC_EXT.1.1 and FCS_TTTS_EXT.1.1.

If more than one response option is selected, the ‘mutual authentication block-bypass’ exception specification must be claimed in FDP_TEP_EXT.1.5 and be configurable within the TLS session establishment policy to determine which of the supported operations will be applied for a specific requested server. It is expected, but not required, that one of the selected operations will be a default operation and the other determined by the server matching the exception specification

FDP_TEP_EXT.1 TSS EA, paragraph 5
The evaluator shall examine the TSS and verify that rules to define server allowances, client allowances, and other entity allowances (if supported) for TLS parameter usage and TLS processing errors that depend on the TLS session establishment policy is described and includes all conditions indicated in FDP_TEP_EXT.1.5. If multiple response options for receiving a client certificate request message from a requested server are selected in FDP_TEP_EXT.1.7, the evaluator shall confirm that the ‘mutual authentication block-bypass’ specification is claimed in FDP_TEP_EXT.1.5 and a description of the processing rules for a TLS client certificate request are included in the TSS description of the TLS session establishment policy.

FDP_TEP_EXT.1 TEST EA
Test 5 (conditional onboth 'send an empty certificate as part of the inspection operation' and 'perform a mutual inspection operation' claimed in the ST):
The evaluator shall establish a server to send certificate requests in its TLS handshake. The evaluator shall extablish a monitored client configured to provide a valid client certificate in response to a certificate request. The evaluator shall follow AGD guidance to configure the TLS inspection proxy policy to send an empty certificate list in a certificate message to the server, and initiate a TLS request from a monitored client to the server through the TOE. The evaluator shall observe network traffic between the TOE and the requested server and confirm that the TOE sends an empty certificate list to the server after receiving the certificate request.

Using the same server, the evaluator shall follow AGD guidance to configure the TSF to perform mutual authentication inspection with the server, and initiate a TLS request from the same monitored client ro the same requested server through the TOE. The evaluator shall observe network traffic between the TOE and the requested server and confirm the TOE sends a certificate message containing a client certificate representing the monitored client.

Justification

These changes resolve an inconsistency between the SFR and the RFC.

 
 
Site Map              Contact Us              Home