NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0015:  FPF_RUL_EXT.1.7 Clarification needed for IPv6 extension header numbers

Publication Date
2014.09.18

Protection Profiles
PP_ND_VPN_GW_EP_v1.1

Other References
PP_ND_VPN_GW_EP_V1.1, requirement FPF_RUL_EXT.1.7

Issue Description

FPF_RUL_EXT.1.7 Tests 4-6  refer to Table 9-1 (Defined Protocol-specific Values), which incorrectly identifies IPv6 Extension Header numbers as transport layer protocols. RFC 2460 lists the following IPv6 Extension Headers: Hop-by-Hop options (0), Destination options (60), Routing (43), Fragment (44), AH (51), and ESP (50)).

Resolution

The IPv6 extension header numbers do not need to be tested.   The VPN_GW EP will be updated to remove them from the list of IPv6 protocols in Table 9-1.

Justification

TD0007 removed the IPv6 extension header numbers from Table 4-2 in the FW EP for the tests in FFW_RUL_EXT.1.10 for the same reason.

 
 
Site Map              Contact Us              Home