ajcousi
commented
9 years ago I've already pulled through a couple of items from the VPN PP into the OS PP - we can probably remove them from the VPN PP now?
FDP_IFC_EXT.1 Information flow control
FDP_IFC_EXT.1.1 The TSF shall [selection: provide an interface to VPN applications to enable all IP traffic (other than IP traffic required to establish the VPN connection) to flow through the IPsec VPN client., enable all IP traffic (other than IP traffic required to establish the VPN connection) to flow through the IPsec VPN client. ]
Is now in the OS PP - is there something else you had in mind?
The VPN Client PP suffers from requirements levied upon the "TOE Platform" (which is often provided by the OS vendor, which is not the vendor of the VPN client).
We need to review the VPN Client and see which of these should be in the OS PP. Ideally it will only be insertion into the network stack such that the system can be configured to route all traffic through the VPN. But we need to do the background reading on the VPN client PP. Mary can likely help us a lot with this.