ajlaing
commented
3 years ago See comment for #15
Open jfisherbah opened 3 years ago
ajlaing
commented
3 years ago See comment for #15
jfisherbah
commented
2 years ago The PSK requirements all appear to make sense now with respect to being mandatory, optional, etc. but there are no longer any PSK ciphersuites for TLS, unclear if those need to be added back in in some form.
FCS_RADSEC_EXT.1.3 lists PSK cipher suites as selectable, with an app note to include at least one of them if support for PSKs is selected in FCS_RADSEC_EXT.1.2. We already have FCS_RADSEC_EXT.2 as a selection-based requirement for when the TOE supports PSKs. Rather than have a selection that could be null in a mandatory SFR, our recommendation would be to add a new element to FCS_RADSEC_EXT.2 and put the selection for PSK-based cipher suites in there. That way a TOE that does not support PSK won't have to worry about filling that selection out with a null value. Is this acceptable?