NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0129:  Updates to FTP_ITC.1 in SBC EP v1.0

Publication Date
2016.12.22

Protection Profiles
CPP_ND_SBC_EP_V1.0

Other References
CPP_ND_SBC_EP_V1.0

Issue Description

FCS_DTLS_EXT.1 mandates implementation of the DTLS protocol. However, the mandated protocols for communication with VoIP clients for SIP severs do not necessitate DTLS.  As such, this requirement should be selection-based.

Resolution

Remove FCS_DTLS_EXT.1 from Section 4.2.2.3 and replace in “Appendix C – Selection-Based Requirements” with the following:

Appendix C – Selection-Based Requirements

The baseline requirements (those that must be performed by the TOE or its underlying platform) are contained in the body of this EP. Additional requirements based on selections are contained in the body of the EP: if certain selections are made, then additional requirements below will need to be included.

C.1          FCS_DTLS_EXT.1 Datagram Transport Layer Security

Application Note: This SFR is claimed if “selection: DTLS as specified in FCS_DTLS_EXT.1” is selected in FTP_ITC.1.1(3).

FCS_DTLS_EXT.1.1 The TSF shall implement the Datagram Transport Layer Security (DTLS) protocol in accordance with RFC 6347.

FCS_DTLS_EXT.1.2 The TSF shall implement the requirements in [selection: FCS_TLSC_EXT.2, FCS_TLSS_EXT.2] for the DLTS implementation, except where variations are allowed according to RFC 6347.

Application Note: Differences between DTLS and TLS are outlined in RFC 6347; otherwise the protocols are the same. In particular, for the applicable security characteristics defined for the TOE, the two protocols do not differ. Therefore, all application notes and assurance activities that are listed for FCS_TLSC_EXT.2 and/or FCS_TLSS_EXT.2 apply to the DTLS implementation, depending on whether or not the TOE is used as a DTLS client and/or server.

Assurance Activity

This assurance activity involves the same procedures as specified by FCS_TLSC_EXT.2 and/or FCS_TLSS_EXT.2 as defined in the NDcPP except that they are applied to the TOE’s DTLS implementation. Completion of the relevant assurance activities for the TOE’s DTLS interface(s) is sufficient to demonstrate the proper implementation of this SFR.

Justification

See issue description above.

 
 
Site Map              Contact Us              Home