kr15tyk
commented
1 year ago Comment 18: Recommend adding the following paragraph to sections A.7.1.1 and B.3.1.1: The support for secure renegotiation is optional when claiming DTLS 1.2, and may only be claimed for DTLS 1.2 but not DTLS 1.3. If a TOE implements DTLS with secure renegotiation the corresponding optional SFRs should be added to the ST from chap. A.7.1.1 (i.e. FCS_DTLSC_EXT.3 and/or FCS_DTLSS_EXT.3) in addition to the corresponding SFRs from chap.B.3.1.1.
Recommend adding the following paragraph to sections A.7.1.2 and B.3.1.5: The support for secure renegotiation is optional when claiming TLS 1.2, and may only be claimed for TLS 1.2 but not TLS 1.3. If a TOE implements TLS with secure renegotiation the corresponding optional SFRs should be added to the ST from chap. A.7.1.2 (i.e. FCS_TLSC_EXT.3 and/or FCS_TLSS_EXT.3) in addition to the corresponding SFRs from chap.B.3.1.5.
Comment 21: Still needs to be addressed
kenji-lightship
plughy2
Comment 18: Location: NDcPP, A.7.1.1 Comment: New FCS_(D)TLS{C/S} requirements for renegotiation need to be explained in introduction. Current intro only discusses mutual authentication, and the implication would be that renegotiation requirements only apply if mutual authentication is also provided Suggested Change: Add a section in the intro discussing renegotiation requirements for TLS 1.2 (and TLS 1.3 – not allowed).
Comment 21: Location: FCS_(D)TLSS_EXT.3; A.7.1.2, C.2.2.2 Comment: The parenthetical remark and description is unclear, especially when the TOE supports both TLS 1.2 and TLS 1.3. Suggested Change: Remove restriction for only DTLS 1.2 and add a ‘renegotiation’ requirement (based on selection) that a TLS 1.3 server must reject a client hello when a valid/active connection already exists. Could this then be a selection-based requirement?