Archived
TD0091: Modification of High-Security Use Case in MDF PP v2.0
Publication Date
2016.06.08
Protection Profiles
PP_MD_v2.0
Other References
PP_MD_v2.0, FCS_TLSC_EXT.2.6
Issue Description
The FCS_TLSC_EXT.2.6 requirement essentially limits the mobile devices to using TLS 1.2. Because TLS 1.2 does not support SHA-1, and because SHA-1 is used broadly throughout the Internet, the requirement makes it ineffective to browse the web. Resolution
FCS_TLSC_EXT.2.6 is no longer required to meet Use Case #2 (“Enterprise-owned device for specialized, high-security use”), as detailed in section G.2 of the Protection Profile for Mobile Devices v2.0. Justification
See issue description. |