TD0353: Guidance for Certificate Profiles
Publication Date
2018.09.18
Protection Profiles
PP_CA_V2.1
Other References
FDP_CER_EXT.1.1
Issue Description
Test 4 for FDP_CER_EXT.1.1 as written violates AGD guidance. Resolution
Test 4 for FDP_CER_EXT.1.1 is modified as follows: Test 4: For each extendedKeyUsage value defined in section 4.2.1.12 of RFC 5280, the evaluator shall attempt to configure a certificate profile with each inconsistent keyUsage for that extendedKeyUsage field. If the CA rejects the attempt to create such a profile, then the test succeeds. If the creation of such a profile is allowed within the constraints of the AGD, the evaluator shall submit a certificate request using the profile, and show that the TSF does not issue the certificate. Justification
Test 4 should is rewritten to ensure AGD guidance is not violated |