Archived
TD0025: Update to FCS_COP.1(2)
Publication Date
2014.11.26
Protection Profiles
PP_APP_v1.1
Other References
PP_APP_V1.1, requirement FCS_COP.1(2)
Issue Description
FCS_COP.1(2) as currently written requires SHA-1, which is required for FCS_TLSC_EXT.1. However, if there is no TLS requirement, implementations are still required to support SHA-1 when performing hashing. In the absence of TLS, SHA-1 is not desirable as the SHA-2 family provides higher security strengths. Resolution
FCS_COP.1(2) should be revised to move SHA-1 inside the selection as follows:
FCS_COP.1.1(2) The application shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [selection: The next update of the App PP will reflect the TD. Justification
FCS_COP.1(2) should be included in the ST for use cases that involve hashing outside the network protocol. For those use cases, we will not require SHA-1. However, SHA-1 is mandatory in order to be consistent with FCS_TLSC_EXT.1.1. The modification allows implementations that do not include TLS to meet the requirement without being required to support SHA-1. |