Implied TLS 1.3-only test case

[mclearn]

Provide the location of the issue In FCS_TLSC_EXT.1.5 test 2ii

What is the correction request for the cPP? Please describe. The test case asks for the following validation: "The evaluator shall ensure the test server sends Certificate and Certificate Verify messages that are consistent with the SignatureScheme being tested."

The "Certificate Verify" message only occurs within TLS 1.3 within the server side of the communication. For DHE/ECDHE ciphersuites in TLS 1.2, the Server Key Exchange encodes the the consistent signature algorithm. In the PP for FCS_TLSC_EXT.1.5, table 8 indicates that TLS 1.2 may present the signature_algorithms extension. Therefore, there is an implication that test 2ii can only be conducted for TLS 1.3 connections.

Describe the solution you'd like Change the wording: "The evaluator shall establish a TLS connection using each of the SignatureSchemes specified by the requirement and observes the session is successfully completed. The evaluator shall ensure the test server sends Certificate messages that are consistent with the SignatureScheme being tested. For TLS 1.2 and if the ciphersuite is DHE or ECDHE, the evaluator shall ensure that the server sends Server Key Exchange messages consistent with the SignatureScheme being tested. For TLS 1.3, the evaluator shall ensure that the server sends Certificate Verify messages consistent with the SignatureScheme being tested."

Please ensure that issue #266 is being considered as well.

These changes would have to be made for FCS_DTLSC_EXT.1.5 as well.

Describe alternatives you've considered N/A. The PP and SD appear to indicate that both TLS 1.2 and 1.3 should be capable of meeting FCS_TLSC_EXT.1.5 test 2ii.

Additional context Add any other context or screenshots about the change request here.

[kr15tyk]

TLSWG agreed to Greg's suggested change on today's call. Updated wording for FCS_(D)TLSC_EXT.1.5 test 2ii has been added to issue #266.