NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0254:  Algorithms in FCS_SMIME_EXT.1.4

Publication Date
2017.11.08

Protection Profiles
PP_APP_EMAILCLIENT_EP_v2.0

Other References
FCS_SMIME_EXT.1.4

Issue Description

The FCS_SMIME_EXT.1.4 SFR implies that the TOE must support the mandatory sha256withRSAEncryption and an additional algorithm and no other algorithms.  However, the Application Note does not indicate that any other algorithm is required but the sha256withRSAEncryption.

Resolution

FCS_SMIME_EXT.1.4 is replaced as follows:

FCS_SMIME_EXT.1.4 The email client shall present the signatureAlgorithm field with the following sha256withRSAEncryption and [selection:

sha384WithRSAEncryption,

sha512WithRSAEncryption,

ecdsawithSHA256,

ecdsawithsha384,

ecdsawithsha512,

no other algorithms

] as part of the S/MIME protocol.

 

Test 6 of FCS_SMIME_EXT.1 is replaced as follows:

  • Test 6: The evaluator shall send an encrypted message to the email client using an encryption algorithm not supported according to the signatureAlgorithm field. The evaluator shall verify that the email client does not display/decrypt the contents of the message.
Justification

See issue description.

 
 
Site Map              Contact Us              Home