Archived
TD0161: FTP_ITC.1(2) - Test 2 Not Required
Publication Date
2017.03.21
Protection Profiles
PP_VOIP_V1.3
Other References
FTP_ITC.1(2); PP_VOIP_V1.3
Issue Description
Requiring Test 2 of FTP_ITC.1(2) within VoIP PP v1.3 is no longer common industry practice, and the requirement was dropped from VVoIP EP v1.0. Resolution
Test 2 for FTP_ITC.1(2) does not need to be performed. FTP_ITC.1(2) Assurance Activity: Test 2: The following test is repeated for each supported certificate signing algorithm supported. The evaluator shall verify that the TSF will only use a certificate that contains the Client Authentication purpose in the extendedKeyUsage field and verify that a connection is established. The evaluator will then verify that the TSF rejects an otherwise valid client certificate that lacks the Client Authentication purpose in the extendedKeyUsage field and a connection is not established Ideally, the two certficates should be identical except for the extendedKeyUsage field.
Justification
FCS_TLS_EXT and FIA_X509_EXT requirements within VoIP PP v1.3 securely establishes a communication channel. |