Archived
TD0200: NIT Technical Decision for Password authentication for SSH clients
Publication Date
2017.05.01
Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0
Other References
ND SD v1.0, FCS_SSHC_EXT.1.2
Issue Description
The NIT has issued a Technical Decision for password authentication for SSH clients. Resolution
To align with NIT interpretation # 201612rev2, FCS_SSHC_EXT.1.2 shall therefore be modified as follows: FCS_SSHC_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, [selection: password-based, no other method]. The TSS section in the Supporting Document for FCS_SSHC_EXT.1.2 shall be replaced by the following: The evaluator shall check to ensure that the TSS contains a description of the public key algorithms that are acceptable for use for authentication and that this list conforms to FCS_SSHC_EXT.1.5. and ensure that if password-based authentication methods have been selected in the ST then these are also described. Test 1 in the Tests section in the Supporting Document for FCS_SSHC_EXT.1.2 remains unchanged. Test 2 in the Tests section in the Supporting Document for FCS_SSHC_EXT.1.2 shall be replaced by the following: Test 2: This test is only applicable if password-based authentication has been selected in FCS_SSHC_EXT.1.2 in the ST. Otherwise this test shall be omitted. Using the guidance documentation, the evaluator shall configure the TOE to perform password-based authentication to an SSH server, and demonstrate that a user can be successfully authenticated by the TOE to an SSH server using a password as an authenticator. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201612rev2.pdf Justification
See issue description. |