search

ND-iTC / Documents

ND iTC Document repository (NDcPP, ND SD, and all related files)
MIT License
9 stars 1 forks source link

[cPP Comment 24] FCS_DTLSC_EXT.2; A.7.1.1 #299

Closed kr15tyk closed 1 year ago

kr15tyk commented 1 year ago

Location: FCS_DTLSC_EXT.2; A.7.1.1 Comment 24: Elements 2 and 3 of this SFR apply regardless of whether mutual authentication is supported Suggested Change: Add these elements to FCS_DTLSC_EXT.1 and omit them from FCS_DTLSC_EXT.2

kenji-lightship commented 1 year ago

I tend to agree with the proposed change, but we'd need to do a consistency check.

My guess (inferred from App Notes) as to why Elements 2 and 3 are in DTLSC_EXT.2 because DTLSC_EXT.1.1 was initially thought to be primarily for syslog (e.g., one way sending logs protected to a syslog server). NDcPPv2.2e App Note 63 says, "FCS_DTLSC_EXT.1 should only be used if the TOE transmits application-layer data to an external entity using a trusted channel provided by DTLS without receiving application data that needs to be protected." I believe there are other similar statements in 2.2e.

This always seemed like an odd restriction and NDcPPv3.0 no longer has a corresponding App Note, so I think the Elements should be moved.