The general convention when writing PP-Modules is to list any Base-PP SFRs that are affected by the Module. It's unclear whether certain SFRs in the Module are intended to supplement their Base-PP equivalents, or if they are defining separate functionality such that the Base-PP versions still need to be reference in the Module. Specifically:
Do we need to reference FIA_X509_EXT.1/Rev in the Module since we are requiring the use of protocols that rely on X.509, or is the intent of FIA_X509_EXT.1/AuthSvr to cover the X.509 validation requirements for the auth server-specific protocols?
Do we need to reference FTP_ITC.1 in the Module since the Module mandates the use of trusted channels for certain functions, or is the intent of FTP_ITC.1/NAS to cover all the trusted channels used by the auth server without affecting the Base-PP's FTP_ITC.1?
Currently the Module will reference FIA_X509_EXT.2 and FIA_X509_EXT.3 as both will be required for a TOE that conforms to the Module (because they are dependencies on protocol requirements that use certificates, which is triggered by FCS_EAP-TLS_EXT.1), but it was unclear whether either of these other two need to be referenced.
The general convention when writing PP-Modules is to list any Base-PP SFRs that are affected by the Module. It's unclear whether certain SFRs in the Module are intended to supplement their Base-PP equivalents, or if they are defining separate functionality such that the Base-PP versions still need to be reference in the Module. Specifically:
Currently the Module will reference FIA_X509_EXT.2 and FIA_X509_EXT.3 as both will be required for a TOE that conforms to the Module (because they are dependencies on protocol requirements that use certificates, which is triggered by FCS_EAP-TLS_EXT.1), but it was unclear whether either of these other two need to be referenced.