The current version of the Module modifies FTP_DIT_EXT.1 to force the ST author to make selections for "TLS as defined in the TLS Package" and "DTLS as defined in the TLS Package".
The app note says that the TOE or its platform is allowed to implement TLS and DTLS. However, the SFRs in the TLS Package are written for the TSF only; there is no "TOE or platform" selection for them. So if the TOE does rely on platform-provided TLS/DTLS, the selection the ST author is required to make will describe behavior that the TOE does not implement.
Based on this, it is recommended that the modified FTP_DIT_EXT.1 be updated to allow TOE or platform implementation of TLS/DTLS, assuming the intent of the requirement as described by the app note is still correct.
The current version of the Module modifies FTP_DIT_EXT.1 to force the ST author to make selections for "TLS as defined in the TLS Package" and "DTLS as defined in the TLS Package".
The app note says that the TOE or its platform is allowed to implement TLS and DTLS. However, the SFRs in the TLS Package are written for the TSF only; there is no "TOE or platform" selection for them. So if the TOE does rely on platform-provided TLS/DTLS, the selection the ST author is required to make will describe behavior that the TOE does not implement.
Based on this, it is recommended that the modified FTP_DIT_EXT.1 be updated to allow TOE or platform implementation of TLS/DTLS, assuming the intent of the requirement as described by the app note is still correct.