Provide the location of the issue
B.4.1.1, FIA_X509_EXT.1 X.509 Certificate Validation
What is the enhancement request for the cPP? Please describe.
FIA_X509_EXT.1.1/Rev specifies validating extendedKeyUsage field for OCSP responses. What about validating signed CRL? This is already a requirement as the result of FIA_X509_EXT.1 Test 4.
Describe the solution you'd like
Suggest including:
The TSF shall validate the KeyUsage field according to the following rules:
• The cRLSign bit is asserted when the subject public key is used for verifying signatures on certificate revocation lists
Provide the location of the issue B.4.1.1, FIA_X509_EXT.1 X.509 Certificate Validation
What is the enhancement request for the cPP? Please describe. FIA_X509_EXT.1.1/Rev specifies validating extendedKeyUsage field for OCSP responses. What about validating signed CRL? This is already a requirement as the result of FIA_X509_EXT.1 Test 4.
Describe the solution you'd like Suggest including:
The TSF shall validate the KeyUsage field according to the following rules: • The cRLSign bit is asserted when the subject public key is used for verifying signatures on certificate revocation lists