TD0838: PPK Configurability in FIA_PSK_EXT.1.1
Publication Date
2024.06.28
Protection Profiles
MOD_VPNGW_v1.3
Other References
MOD_VPNGW_V1.3-SD, FIA_PSK_EXT.1
Issue Description
Ambiguity in MOD_VPNGW_V1.3 makes it appear that PPK use is required, while RFC 8784 only requires that is it configurable whether it is required or not. Resolution
The Guidance Activity and Test for FIA_PSK_EXT.1 in MOD_VPNGW_V1.3-SD are updated as follows, with green-highlighted underlines indicating additions and red-highlighted strikethroughs indicating deletions:
Guidance The evaluator shall examine the operational guidance to determine that it provides guidance to administrators on how to configure all selected pre-shared key options if any configuration is required. The evaluator shall examine the operational guidance to determine that it provides guidance to administrators on how to configure the mandatory_or_not flag per RFC 8784. Tests The evaluator shall also perform the following tests for each protocol (or instantiation of a protocol, if performed by a different implementation on the TOE).
Justification
See Issue Description. |