NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0151:  NIT Technical Decision for FCS_TLSS_EXT Testing - Issue 1 in NDcPP v1.0.

Publication Date
2017.03.01

Protection Profiles
CPP_ND_V1.0

Other References
ND SD V1.0, FCS_TLSS_EXT.1, FCS_TLSS_EXT.2

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding FCS_TLSS_EXT Testing in NDcPP v1.0.

Resolution

To align with NIT interpretation # 201643a_Issue1, the following changes to SD ND V1.0 are made:

Issue 1: The NIT acknowledges the findings but recommends to simplify the testing requirements in the related sections instead of specifying more detailed test requirements. Tests 4a.) and 4b.) for FCS_TLSS_EXT.1.1 are related to the situation where mutual authentication is required. Tests 4a.) and 4b.) shall be removed for FCS_TLSS_EXT.1.1, because mutual authentication is not required for FCS_TLSS_EXT.1 but only for FCS_TLSS_EXT.2.

By restricting the required modification to the signature block of the client’s Certificate Verify handshake message in Test 6b.) for FCS_TLSS_EXT.2.4 and FCS_TLSS_EXT.2.5, 4b.) for FCS_TLSS_EXT.2.1 should also be covered without changing the intention of Test 6b.) for FCS_TLSS_EXT.2.4 and FCS_TLSS_EXT.2.5. Test 4c adequately covers a bad Finished message, so overall Test 4a.) is also covered.

Therefore Test 6b.) for FCS_TLSS_EXT.2.4 and FCS_TLSS_EXT.2.5 shall be modified as follows and Tests 4a.) and 4b.) for FCS_TLSS_EXT.1.1 and FCS_TLSS_EXT.2.1 shall be removed to avoid redundancy.

Test 6b.): Configure the server to require mutual authentication and then modify a byte in the *signature block of the* client’s Certificate Verify handshake message. The evaluator shall verify that the server rejects the connection.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201643a_Issue1.pdf.

Justification

See issue description.

 
 
Site Map              Contact Us              Home