Archived
TD0211: FPT_TUD_EXT.1 - VVoIP Endpoints Optional
Publication Date
2017.06.13
Protection Profiles
EP_ESC_V1.0
Other References
FPT_TUD_EXT.1
Issue Description
The ESC EP currently requires a TOE to be able to query the version of software running on a VVoIP endpoint and to be able to initiate updates to those updates. This requirement makes some sense for NDcPP-based VVoIP endpoints, but for App PP-based endpoints that are running on mobile operating systems, it may be difficult or impossible to meet this requirement. VVoIP endpoints on mobile platforms are likely to receive updates through a separate server. An ESC may also have to work with VVoIP endpoints from a different company that won’t allow its endpoints to receive software updates from an ESC or SIP Server. Resolution
"FPT_TUD_EXT.1 / VVoIP Trusted Update (VVoIP Endpoints)" SFRs have been moved to "Annex A: Optional Requirements" within EP_ESC_V1.0. Application Note: The TOE may either validate the update prior to storing it for delivery to registered VVoIP endpoints or it may provide the means to validate the update to the VVoIP endpoint itself by preserving the manufacturer’s integrity/authenticity mechanism and including that information in the update. In other words, either the TSF itself validates the update or it facilitates the ability of the VVoIP endpoint to do this by providing all information necessary to validate the update to the client.
Justification
FPT_TUD_EXT.1 attempts to address the requirement from the perspective of a vendor-coupled ESC-to-VVoIP pair; where the ESC & VVoIP are from the same manufacturer, and the ESC has the responsibility for carrying out FPT_TUD_EXT.1.1, 1.2 and 1.3. However, the final paragraph of the related Application Note tries to explain that in some cases the ESC & VVoIP may not be vendor-coupled, but instead the VVoIP endpoint may be from a different manufacturer and thereby receive its upload from a third-party device. For those scenarios where the VVoIP endpoint gets its upload from a separate server, then the ESC is not responsible for assuring FPT_TUD_EXT.1. |