NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0186:  NIT Technical Decision for Applicability of X.509 certificate testing to IPsec

Publication Date
2017.04.10

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
NDcPP V1.0, FWcPP V1.0, FIA_X509_EXT.1.1

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding the applicability of X.509 certificate testing to IPsec.

Resolution

To align with NIT interpretation # 201628, the following guidance is issued.

The X.509 certificate testing should be performed for all functionality using X.509 certificates, including IPsec. MITM is not practical for modification of the certificates used in IPsec/IKE, instead the X.509 tests should use instrumented clients or servers, presenting modified certificates, to perform the tests.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI28.pdf

Justification

The X.509 requirements are about ensuring the behavior of the TOE when encountering malformed or invalid X.509 certificates regardless of protocol.

 
 
Site Map              Contact Us              Home