search

commoncriteria / application

Protection Profile for Application Software
The Unlicense
9 stars 3 forks source link

Rework FPT_API_EXT.1.1 #34

Closed kgal closed 9 years ago

kgal commented 10 years ago

Contractors advised not to use selections this way.

It seems like maybe we should have a generic app EP, which says "Use built in crypto", and then crypto provider EP. The AppOnOs could be like an "'abstract base class..." which can't be instantiated (only subclasses [potentially] can). This is probably unworkable as it might exploded the number of PPs.

WeeknightMVP commented 10 years ago

Here's a CC addendum https://www.commoncriteriaportal.org/files/ccfiles/CCDB-2014-03-001-CCaddenda-Modular_PP.pdf that specifies PP-bases, PP-modules (what NIAP brazenly calls "extended packages" despite similar terminology already having been established for a concept NIAP semi-legitimately ignores -- "packages" of requirement components), and PP-configurations (compositions of PP-bases and PP-modules).

On Tue, Jun 24, 2014 at 12:27 PM, kgal notifications@github.com wrote:

Contractors advised not to use selections this way.

It seems like maybe we should have a generic app EP, which says "Use built in crypto", and then crypto provider EP. The AppOnOs could be like an "'abstract base class..." which can't be instantiated (only subclasses [potentially] can).

— Reply to this email directly or view it on GitHub https://github.com/commoncriteria/application/issues/34.

Matt Benke

jeffblank commented 10 years ago

Ah -- indeed I thought "modules" seemed a more reasonable term.
But a problem (though not the one identified by the FFRDCs providing CC formatting feedback) still stands: there is an inconsistency between the selections that could be chosen.

At present, the identifier refers only to using any cryptographic functionality for the platform could provide services ("FPT_API"), though the selection refers to an (in-development) FE PP.

Is that just about DAR? Data in transit is handed elsewhere: FTP_DIT_EXT.1.1. And DRBG services (for key generation) is handled by FCS_RBG_EXT.1.1 (whose selection allows 3 separate options).

Perhaps this will be a good prompt to chat tomorrow.

bourdett commented 9 years ago

FPT_API_EXT.1.1 was made objective, and doesn't currently have a selection. I'm thinking this is closed.