Archived
TD0187: NIT Technical Decision for Clarifying FIA_X509_EXT.1 test 1
Publication Date
2017.04.10
Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0
Other References
NDcPP V1.0, FWcPP V1.0, ND SD v1.0, FIA_X509_EXT.1.1
Issue Description
The Network Interpretations Team (NIT) has issued a technical decision clarifying FIA_X509_EXT.1.1 test 1. Resolution
To align with NIT interpretation # 201629, description for FIA_X509_EXT.1.1, Test 1 is replaced with the following: a) Test 1a: The evaluator shall load a valid chain of certificates (terminating in a trusted CA certificate) as needed to validate the certificate to be used in the function, and shall use this chain to demonstrate that the function succeeds. Test 1b: The evaluator shall then delete one of the certificates in the chain (i.e. the root CA certificate or other intermediate certificate, but not the end-entity certificate), and show that the function fails. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI29.pdf Justification
See issue description. |