NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0262:  NIT Technical Decision for TLS server testing - Empty Certificate Authorities list

Publication Date
2017.11.13

Protection Profiles
CPP_ND_V1.0, CPP_ND_V2.0, CPP_ND_V2.0E

Other References
ND SD V.1.0, ND SD V2.0, FCS_TLSS_EXT.2.4, FCS_TLSS_EXT.2.5

Issue Description

The NIT has issued a technical decision for TLS server testing - Empty Certificate Authorities list.

Resolution

Therefore FCS_TLSS_EXT.2.4/ FCS_TLSS_EXT.2.5 Test 4 shall be made conditional. Test 4 shall be changed as follows:


"Test 4: If the TOE supports sending a non-empty Certificate Authorities list in its Certificate Request message, the evaluator shall configure the client to send a certificate that does not chain to one of the Certificate Authorities (either a Root or Intermediate CA) in the server’s Certificate Request message. The evaluator shall verify that the attempted connection is denied. If the TOE doesn't support sending a non-empty Certificate Authorities list in its Certificate Request message, this test shall be omitted."

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201715.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home