What is the change request for the cPP? Please describe.
NIAP TD0636: NIT Technical Decision for Clarification of Public Key User Authentication for SSH is a technical decision against ND cPP v2.2e for clarification of public key user authentication for SSH. This technical decision adds the following Application Note to SFR FCS_SSHC_EXT.1.2 in the ND cPP:
Application Note *
The intent of this element is to specify user authentication mechanism(s) that the TOE supports when acting as an SSH client. The TOE is required to implement the capability to generate user based authentication keys in accordance with FCS_CKM.1. While no specific public key algorithms are mandatory to implement, the use of public key algorithms must be consistent with FCS_CKM.1, FCS_COP.1/Hash, and FCS_COP.1/SigGen.
If the TOE implements password-based authentication, the option ‘password-based’ must be selected. If the TOE can only authenticate itself with a public key, the option ‘no other method’ must be chosen.
and the following preappend to the Application Note to SFR FCS_SSHC_EXT.1.5 in the ND cPP:
The intent of this element is to specify peer (SSH server) authentication mechanism(s) that the TOE supports when acting as an SSH client. The TOE is required to implement the capability to verify the host’s public key as described in RFC 4251 Section 4.1.
Now the HCD iTC has taken the text of the FCS_SSHC_EXT SFR from the ND cPP v2.2e completely verbatim to form the FCS_SSHC_EXT SFR text in the latest version of the HCD cPP. Therefore, this required clarification should apply equally to the same SSHC SFRs in the HCD cPP as it does in the ND cPP given that the SFR text in both cPPs are the same. As a result, the Application Note for FCS_SSHC_EXT.1.2 should be added to FCS_SSHC_EXT.1.2 in Section A.2.3.1 in the HCD cPP and the preappend should be added to the Application Note for SFR FCS_SSHC_EXT.1.5 in Section A.2.3.1 in the HCD cPP.
Describe the solution you'd like
Implement the changes noted in NIAP TD036 to Section A.2.3.1 in the HCD cPP.
What is the change request for the cPP? Please describe. NIAP TD0636: NIT Technical Decision for Clarification of Public Key User Authentication for SSH is a technical decision against ND cPP v2.2e for clarification of public key user authentication for SSH. This technical decision adds the following Application Note to SFR FCS_SSHC_EXT.1.2 in the ND cPP:
Application Note * The intent of this element is to specify user authentication mechanism(s) that the TOE supports when acting as an SSH client. The TOE is required to implement the capability to generate user based authentication keys in accordance with FCS_CKM.1. While no specific public key algorithms are mandatory to implement, the use of public key algorithms must be consistent with FCS_CKM.1, FCS_COP.1/Hash, and FCS_COP.1/SigGen.
If the TOE implements password-based authentication, the option ‘password-based’ must be selected. If the TOE can only authenticate itself with a public key, the option ‘no other method’ must be chosen.
and the following preappend to the Application Note to SFR FCS_SSHC_EXT.1.5 in the ND cPP:
The intent of this element is to specify peer (SSH server) authentication mechanism(s) that the TOE supports when acting as an SSH client. The TOE is required to implement the capability to verify the host’s public key as described in RFC 4251 Section 4.1.
Now the HCD iTC has taken the text of the FCS_SSHC_EXT SFR from the ND cPP v2.2e completely verbatim to form the FCS_SSHC_EXT SFR text in the latest version of the HCD cPP. Therefore, this required clarification should apply equally to the same SSHC SFRs in the HCD cPP as it does in the ND cPP given that the SFR text in both cPPs are the same. As a result, the Application Note for FCS_SSHC_EXT.1.2 should be added to FCS_SSHC_EXT.1.2 in Section A.2.3.1 in the HCD cPP and the preappend should be added to the Application Note for SFR FCS_SSHC_EXT.1.5 in Section A.2.3.1 in the HCD cPP.
Describe the solution you'd like Implement the changes noted in NIAP TD036 to Section A.2.3.1 in the HCD cPP.
Describe alternatives you've considered None
Additional context None