NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0004:  FCS_TLS_EXT Man-in-the-Middle Tests

Publication Date
2014.05.28

Protection Profiles
PP_MD_v1.1, PP_ND_V1.1

Other References
PP_ND_V1.1, FCS_TLS_EXT.1.1, NDPP Errata #2; PP_MD_V1.1, FCS_TLS_EXT.1, FCS_TLS_EXT.2

Issue Description

The man-in-the-middle testing in FCS_TLS_EXT requires tools that can sniff the TCP traffic and modify the packets on the fly.  Currently, no tools have been identified that will allow these test to be performed practically, reliably, and repeatedly.

Resolution

Remove the FCS_TLS_EXT man-in-the-middle tests for the NDPP (FCS_TLS_EXT.1.1, Test 2) and the MDFPP (FCS_TLS_EXT.1, Test 5, FCS_TLS_EXT.2, Test 5)

Justification

New TLS requirements and assurance activities are being drafted to address 112-bit security strengths and those changes would likely involve splitting client requirements from server requirements.

CCEVS expects to develop tests similar to these that address the required elements of the TLS RFCs and will consider the providing tools or additional guidance to the labs regarding how these tests are performed as we draft them. Once incorporated in the PPs, the man-in-the-middle testing will be mandatory.

 
 
Site Map              Contact Us              Home