NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0322:  NIT Technical Decision for TLS server testing - Empty Certificate Authorities list

Publication Date
2018.05.18

Protection Profiles
CPP_ND_V2.0E

Other References
ND SD V.1.0, ND SD V2.0, FCS_TLSS_EXT.2.4, FCS_TLSS_EXT.2.5

Issue Description

The NIT has issued a technical decision for TLS server testing - Empty Certificate Authorities list.

Resolution

This TD Supersedes TD0262.

FCS_TLSS_EXT.2.4 and FCS_TLSS_EXT.2.5 Test 4 is replaced as follows:

Test 4: The aim of this test is to check the response of the server when it receives a client identity certificate that is signed by an impostor CA (either Root CA or intermediate CA). To carry out this test the evaluator shall configure the client to send a client identity certificate with an issuer field that identifies a CA recognised by the TOE as a trusted CA, but where the key used for the signature on the client certificate does not in fact correspond to the CA certificate trusted by the TOE (meaning that the client certificate is invalid because its certification path does not in fact terminate in the claimed CA certificate). The evaluator shall verify that the attempted connection is denied.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201715rev2.pdf

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home