TD0634: NIT Technical Decision for Clarification required for testing IPv6
FCS_DTLSC_EXT.1.2, FCS_TLSC_EXT.1.2, ND SD v2.2
NIT Technical Decision for Clarification required for testing IPv6.
SD NDv2.2 FCS_DTLSC_EXT.1.2 and FCS_TLSC_EXT.1.2 Test 6 shall be changed as follows:
Objective: The objective of this test is to ensure the TOE is able to differentiate between IP address identifiers that are not allowed to contain wildcards and other types of identifiers that may contain wildcards.
Test 6: [conditional] If IP address identifiers supported in the SAN or CN, the evaluator shall present a server certificate that contains a CN that matches the reference identifier, except one of the groups has been replaced with a wildcard asterisk (*) (e.g. CN=*.168.0.1 when connecting to 192.168.0.1...
This negative test corresponds to the following section of the Application Note 64/105: "The exception being, the use of wildcards is not supported when using IP address as the reference identifier."
For further information, please see NIT Interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI202110.pdf
See issue description.