The NiT has issued a technical decision for Restricting FTP_ITC.1 to only IP address identifiers.

DNS resolution is not mandatory to support FTP_ITC.1. There are no resolution mandates or requirements in RFC 6125.

The use of the dnsName identifiers in X.509 certificates must be supported by TOEs that claim FCS_DTLSC_EXT or FCS_TLSC_EXT when associated with FTP_ITC.1. Inability to parse dnsName identifiers shall be considered a failure to meet these requirements.

For further information, please see the NiT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201918rev3.pdf

See issue description.