NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0329:  IPSEC X.509 Authentication Requirements

Publication Date
2018.05.31

Protection Profiles
EP_VPN_GW_V2.1

Other References
FIA_X509_EXT.4, FCS_IPSEC_EXT.1.14

Issue Description

FIA_X509_EXT.4 in VPN Gateway EP v2.1 is inconsistent with FCS_IPSEC_EXT.1.14 in NDcPP v2.0E after it changed from NDcPP v1.0. FCS_IPSEC_EXT.1.14 should be brought in to replace FIA_X509_EXT.4.

Resolution

VPN Gateway EPv2.1 is modified as follows:

FIA_X509_EXT.4 is removed.

FCS_IPSEC_EXT.1.14 is added to section 5.1.2:

FCS_IPSEC_EXT.1.14 The TSF shall only establish a trusted channel if the presented identifier in the received certificate matches the configured reference identifier, where the presented and reference identifiers are Distinguished Name (DN) and [selection: IP address, Fully Qualified Domain Name (FQDN), user FQDN, [assignment: other supported reference identifier types], no other reference identifier type].

Justification

See issue description.

 
 
Site Map              Contact Us              Home