NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0694:  FCS_SSH_EXT.1.3 Inconsistency

Publication Date

Protection Profiles

Other References

Issue Description

PKG_SSH_V1.0, FCS_SSH_EXT.1.3, tests 1 and 2 require testing for large packets by identifying the maximum supported size in the TOE SSH implementation and sending a packet 1 byte larger than this.  PKG_SSH_V1.0 section 3.2 also requires that TOE conform to RFC 4253.

However, RFC 4253 section 6 specifies that SSH packets must have a size or length which is a multiple of 8 bytes, using padding to accomplish this as necessary.

These requirements are in conflict, because it is not possible to increment an SSH packet by 1 byte; all valid SSH packets must be multiples of 8 bytes.


PKG_SSH_V1.0, FCS_SSH_EXT.1.3, Test 2, step b shall be updated as follows with underline denoting additions and strikethroughs denoting deletions:

b. Next the evaluator shall craft a packet that is one a multiple of eight bytes larger than the maximum size specified in this component and send it through the established SSH connection to the TOE.



See Issue Description.

Site Map              Contact Us              Home