NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0331:  SSH Rekey Testing

Publication Date
2018.06.01

Protection Profiles
PP_SSH_EP_v1.0

Other References
FCS_SSHS_EXT.1.7, FCS_SSHC_EXT.1.7

Issue Description

The SSHEPv1.0 does not impose any audit requirements.  However two test cases mention using audit logs in testing - FCS_SSHS_EXT.1.7 and FCS_SSHC_EXT.1.7.   It is not necessary to use any audit logs to test that rekey is actually occuring as expected.

Resolution

Test 1 for both FCS_SSHS_EXT.1.7 and FCS_SSHC_EXT.1.7 is replaced as follows:

Test 1: The evaluator will configure the TOE to create a log entry when a rekey occurs. The evaluator will connect to the TOE with an SSH client and cause a rekey to occur according to the selection(s) in the ST, and subsequently the evaluator uses available methods and tools to verify that rekeying occurs. This could be done, e.g., by checking that a corresponding audit event has been generated by the TOE, if the TOE supports auditing of rekey events. 

Justification

See issue description.

 
 
Site Map              Contact Us              Home