Archived
TD0291: NIT technical decision for DH14 and FCS_CKM.1
Publication Date
2018.02.03
Protection Profiles
CPP_FW_V1.0, CPP_FW_v2.0, CPP_FW_V2.0E, CPP_ND_V1.0, CPP_ND_V2.0, CPP_ND_V2.0E
Other References
FCS_CKM.1.1, ND SD V1.0, ND SD V2.0
Issue Description
The Network Interpretations Team (NIT) has issued a technical decision regarding DH14 and FCS_CKM.1. Resolution
Updated 3/7/2018 to include FWcPP 1.0 and FWcPP 2.0. To align with NIT interpretation #201723rev2 the following changes shall be implemented:
FCS_CKM.1.1 The TSF shall generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm: [selection: · RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3; · ECC schemes using “NIST curves” [selection: P-256, P-384, P-521] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4; · FFC schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.1 · FFC Schemes using Diffie-Hellman group 14 that meet the following: RFC 3526, Section 3
For the test activities for FCS_CKM.1.1 in the supporting document the following text shall be added: "Testing for FFC Schemes using Diffie-Hellman group 14 is done as part of testing in CKM.2.1." Note that for ND SD V1.0 RfI#201702b needs to be applied as well.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfi201723rev2.pdf.
Justification
See issue description. |