research origin of FMT_MOF_EXT - configure a certificate repository for encryption

[jeffblank]

Was this a DoD-specific requirement? Was this for S/MIME email?

[japit]

Initial background -- This was in the published PP as Function #7 under FMT_MOF.

4.3.3 Class: Security Management (FMT) 4.3.3.1 Management of Functions in TSF FMT_MOF.1.1(1) The TSF and [selection: TSF, TOE platform, no other mechanism] shall restrict the ability to perform the functions:

1. Specify that one or more emails should be signed with S/MIME
2. Specify that one or more emails should be encrypted with S/MIME [selection:
3. Enable/disable email notifications,
4. Configure certificates for S/MIME use,
5. Configure certificates for TLS use,
6. Enable/disable display of email contents in email notifications,
7. Configure a certificate repository for encryption,
8. Configure whether to establish a trusted channel or disallow establishment if the TSF cannot establish a connection to determine the validity of a certificate
9. No other management functions] to the user.

[mbdowne]

Closed as research was successful, and unclear what, if any, change was being recommended.