Closed zsmi closed 10 years ago
FCS_HTTPS_EXT.1 is defined in the web browser protection profile: https://www.niap-ccevs.org/pp/pp_webbrowser_v1.0.pdf
improved wording
What happens if a vendor selects TLS in FTP_DIT_EXT.1.1 because they are doing HTTPS? Does FCS_TLS_EXT.1.3 still apply being that it's app note says "This requirement addresses only non-HTTPS TILS connections."? Do we specify where the additional HTTPS requirements are?
In the application note of FCS_TLS_EXT.1.3 it references (FCS_HTTPS_EXT.1) which is not contained within our PP. It also says "HTTPS protocol requires different behavior, though HTTPS is implemented over TLS. This element addresses non-HTTPS TLS connections." Vendors have said because of this that the selection in FTP_DIT_EXT.1.1 should include HTTPS.