Archived
TD0399: NIT Technical Decision for Manual installation of CRL (FIA_X509_EXT.2)
Publication Date
2019.02.24
Protection Profiles
CPP_ND_V2.0E, CPP_ND_V2.1
Other References
FIA_X509_EXT.2, ND SD V2.0E, ND SD V2.1
Issue Description
The NIT has issued a technical decision for Manual installation of CRL (FIA_X509_EXT.2).
Resolution
Updated 3/18/2019 to also apply to NDcPP V2.1 and ND SD V2.1
The NIT believes that the current wording is appropriate and that the reference to an IT entity correctly expresses the intention to exclude reliance solely on manual update of CRLs. No change to the text is therefore proposed. The cPP does not prohibit the support for locally stored CRLs that are manually loaded into the TOE. But for a TOE to be compliant with this cPP the TOE needs to support certificate validity checking from a dynamically updated source like downloading a CRL from a CRL server or performing a lookup using OCSP. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201820rev3.pdf Justification
The NIT believes that the current wording is appropriate and that the reference to an IT entity correctly expresses the intention to exclude reliance solely on manual update of CRLs. No change to the text is therefore proposed.
|