NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0161:  FTP_ITC.1(2) - Test 2 Not Required

Publication Date
2017.03.21

Protection Profiles
PP_VOIP_V1.3

Other References
FTP_ITC.1(2); PP_VOIP_V1.3

Issue Description

Requiring Test 2 of FTP_ITC.1(2) within VoIP PP v1.3 is no longer common industry practice, and the requirement was dropped from VVoIP EP v1.0.

Resolution

Test 2 for FTP_ITC.1(2) does not need to be performed.

FTP_ITC.1(2)

Assurance Activity:

Test 2: The following test is repeated for each supported certificate signing algorithm supported.  The evaluator shall verify that the TSF will only use a certificate that contains the Client Authentication purpose in the extendedKeyUsage field and verify that a connection is established.  The evaluator will then verify that the TSF rejects an otherwise valid client certificate that lacks the Client Authentication purpose in the extendedKeyUsage field and a connection is not established  Ideally, the two certficates should be identical except for the extendedKeyUsage field.

 

Justification

FCS_TLS_EXT and FIA_X509_EXT requirements within VoIP PP v1.3 securely establishes a communication channel.

 
 
Site Map              Contact Us              Home