Archived
TD0634: NIT Technical Decision for Clarification required for testing IPv6
Publication Date
2022.03.21
Protection Profiles
CPP_ND_V2.2E
Other References
FCS_DTLSC_EXT.1.2, FCS_TLSC_EXT.1.2, ND SD v2.2
Issue Description
NIT Technical Decision for Clarification required for testing IPv6. Resolution
This TD has been superseded by TD0790 and is now archived. SD NDv2.2 FCS_DTLSC_EXT.1.2 and FCS_TLSC_EXT.1.2 Test 6 shall be changed as follows: Objective: The objective of this test is to ensure the TOE is able to differentiate between IP address identifiers that are not allowed to contain wildcards and other types of identifiers that may contain wildcards. Test 6: [conditional] If IP address identifiers supported in the SAN or CN, the evaluator shall present a server certificate that contains a CN that matches the reference identifier, except one of the groups has been replaced with a wildcard asterisk (*) (e.g. CN=*.168.0.1 when connecting to 192.168.0.1... This negative test corresponds to the following section of the Application Note 64/105: "The exception being, the use of wildcards is not supported when using IP address as the reference identifier." For further information, please see NIT Interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI202110.pdf Justification
See issue description. |