Closed kr15tyk closed 1 year ago
Comment 18: Recommend adding the following paragraph to sections A.7.1.1 and B.3.1.1: The support for secure renegotiation is optional when claiming DTLS 1.2, and may only be claimed for DTLS 1.2 but not DTLS 1.3. If a TOE implements DTLS with secure renegotiation the corresponding optional SFRs should be added to the ST from chap. A.7.1.1 (i.e. FCS_DTLSC_EXT.3 and/or FCS_DTLSS_EXT.3) in addition to the corresponding SFRs from chap.B.3.1.1.
Recommend adding the following paragraph to sections A.7.1.2 and B.3.1.5: The support for secure renegotiation is optional when claiming TLS 1.2, and may only be claimed for TLS 1.2 but not TLS 1.3. If a TOE implements TLS with secure renegotiation the corresponding optional SFRs should be added to the ST from chap. A.7.1.2 (i.e. FCS_TLSC_EXT.3 and/or FCS_TLSS_EXT.3) in addition to the corresponding SFRs from chap.B.3.1.5.
Comment 21: Still needs to be addressed
Comment 18: I have to do a deeper dive before having a firm position, but this proposed change sounds reasonable after an initial read.
Comment 21: Renegotiation isn't an area of TLS where I have a lot of knowledge about, so I can't say for sure how it fits into our use case. This sounds like an update should be made. There should be a clear claim/statement about whether the server supports renegotiation or not. While not a hard change technically, it looks like it will be tedious adding it into the FCS_(D)TLSS_EXT.1 requirements.
@kenji-lightship Is your comment in regards to comment 18 and 21?
Updated my initial comment to apply to both.
Client and server SFRs and associated assurance activaties need to be defined to support secure renegotiation for TLS 1 2.
Comment 18: Location: NDcPP, A.7.1.1 Comment: New FCS_(D)TLS{C/S} requirements for renegotiation need to be explained in introduction. Current intro only discusses mutual authentication, and the implication would be that renegotiation requirements only apply if mutual authentication is also provided Suggested Change: Add a section in the intro discussing renegotiation requirements for TLS 1.2 (and TLS 1.3 – not allowed).
Comment 21: Location: FCS_(D)TLSS_EXT.3; A.7.1.2, C.2.2.2 Comment: The parenthetical remark and description is unclear, especially when the TOE supports both TLS 1.2 and TLS 1.3. Suggested Change: Remove restriction for only DTLS 1.2 and add a ‘renegotiation’ requirement (based on selection) that a TLS 1.3 server must reject a client hello when a valid/active connection already exists. Could this then be a selection-based requirement?