TD0517: WLAN Client Corrections for X509 and TLSC
TD0439 added FIA_X509_EXT.1/WLAN. This SFR removed the requirement to perform revocation checking for EAP-TLS connections; however, it introduced a number of inconsistencies:
- FCS_TLSC_EXT.1.3/WLAN indicates certificate validation must be performed according to FIA_X509_EXT.1.
- FIA_X509_EXT.2/WLAN, requirement FIA_X509_EXT.2.2 specifies TSF behavior when a connection cannot be established to determine the validity of a certificate.
The following changes are made to the WLAN Client EP:
FCS_TLSC_EXT.1.3/WLAN is updated as follows:
FCS_TLSC_EXT.1.3/WLAN The TSF shall use X509 v3 certificates as specified in FIA_X509_EXT.1/WLAN.
FIA_X509_EXT.2.2 is deleted.
Adding the /WLAN clarifies that this SFR is associated with the WLAN Client EP and not the Base-PP.
FIA_X509_EXT.2.2 in the WLAN Client EP is not needed since revocation checking is not mandated for EAP-TLS. FIA_X509_EXT.2 in the Base-PP still applies to other protocols.