Archived
TD0165: NIT Technical Decision for Sending the ServerKeyExchange message when using RSA
Publication Date
2017.03.24
Protection Profiles
CPP_ND_V1.0
Other References
FCS_TLSC_EXT.1.1, FCS_TLSC_EXT.2.1, ND SD V1.0
Issue Description
The Network Interpretations Team (NIT) has issued a technical decision regarding sending the ServerKeyExchange message when using RSA. Resolution
To align with NIT interpretation # 201665, the following changes are made to ND SD V1.0. Test 5d for FCS_TLSC_EXT.1.1 and FCS_TLSC_EXT.2.1 shall be modified as follows: "Modify the signature block in the Server’s Key Exchange handshake message, and verify that the client rejects the connection after receiving the Server Key Exchange message. This test does not apply to cipher suites using RSA key exchange. If a TOE only supports RSA key exchange in conjunction with TLS then this test shall be omitted." For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201665. Justification
See issue description. |