NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0340:  NIT Technical Decision for Handling of the basicConstraints extension in CA and leaf certificates

Publication Date
2018.08.02

Protection Profiles
CPP_FW_V2.0E, CPP_ND_V2.0E

Other References
FIA_X509_EXT.1.1

Issue Description

The NIT has issued a technical decision for handling of the basicConstraints extension in CA and leaf certificates.

Resolution

FIA_X509_EXT.1.1 (NDcPP V1.0, FWcPP V1.0) FIA_X509_EXT.1.1/Rev, item 3 (NDcPP V2.0, FWcPP V2.0) and FIA_X509_EXT.1.1/ITT, item 3 (NDcPP V2.0, FWcPP V2.0) shall be modified as follows:

"The TSF shall validate a certification path by ensuring that all CA certificates in the certification path contain the basicConstraints extension with the CA flag set to TRUE."

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201724.pdf

Justification

According to RFC 5280 the presence of the basicConstraints extension is mandated only for CA certificates. Therefore the focus of the FIA_X509_EXT.1.1 SFRs has been restricted to CA certificates. This has been ambiguous in the original SFRs.

 
 
Site Map              Contact Us              Home