Archived
TD0011: Clarification on FCS_SSH_EXT.1.4
Publication Date
2014.08.27
Protection Profiles
PP_ND_V1.1
Other References
PP_ND_V1.1, PP_ND_V1.1_Err2, requirement FCS_SSH_EXT.1.4
Issue Description
The SFR requires that the SSH transport implementation use specific encryption algorithms. Can the restriction to those algorithms be reliant upon configuration of the SSH client? Resolution
No. The restrictions must be implemented by the TOE. Justification
The SFR clearly states that “The TSF shall ensure”. Hence, although a compatible client configuration is necessary for negotiations to succeed, the restrictions must be enforced by the TOE. |