Archived
TD0657: IPSEC_EXT.1.6 GCM support for VPN GW
Publication Date
2022.06.29
Protection Profiles
MOD_VPNGW_v1.2
Other References
FCS_IPSEC_EXT.1.6
Issue Description
FCS_IPSEC_EXT.1.6 in MOD_VPNGW_V1.2 incorrectly labeled two AES-GCM algorithms as AES-CBC. Resolution
FCS_IPSEC_EXT.1.6 in MOD_VPNGW_V1.2 is modified as follows, with strikethrough denoting deletions and underline denoting additions: FCS_IPSEC_EXT.1.6 The TSF shall ensure the encrypted payload in the [selection: IKEv1, IKEv2] protocol uses the cryptographic algorithms [selection: AES-CBC-128, AES-CBC-192, AES-CBC-256 (specified in RFC 3602), AES-GCM-128,
Application Note: This element is Justification
RFC 5282 specifically calls out AES-GCM-192 as not recommended, so it should be removed from an option. |