jfisherbah
commented
3 weeks ago Revocation checking requirements are currently organized by basic validity, how status information is obtained, and by formatting. This is deliberate so no change made.
Open kenji-lightship opened 4 months ago
jfisherbah
commented
3 weeks ago Revocation checking requirements are currently organized by basic validity, how status information is obtained, and by formatting. This is deliberate so no change made.
When the TOE is verifying certificates, Certificate Revocation requirements are spread out, making it difficult to keep consistent and understand all of the revocation claims. Currently there is revocation claims in FIA_X509_EXT.1.1, FIA_X509_EXT.1.3, FIA_X509_EXT.1.4, FIA_X509_EXT.1.5, and FIA_X509_EXT.2.2.
If my recommendation in #6 is followed, I suggest moving all revocation to FIA_X509_EXT.2.