commoncriteria / X509

The Unlicense
0 stars 0 forks source link

Verify Certificate Revocation Clarity #19

Open kenji-lightship opened 5 months ago

kenji-lightship commented 5 months ago

When the TOE is verifying certificates, Certificate Revocation requirements are spread out, making it difficult to keep consistent and understand all of the revocation claims. Currently there is revocation claims in FIA_X509_EXT.1.1, FIA_X509_EXT.1.3, FIA_X509_EXT.1.4, FIA_X509_EXT.1.5, and FIA_X509_EXT.2.2.

If my recommendation in #6 is followed, I suggest moving all revocation to FIA_X509_EXT.2.

jfisherbah commented 2 months ago

Revocation checking requirements are currently organized by basic validity, how status information is obtained, and by formatting. This is deliberate so no change made.