You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FDP_CER_EXT.2.1 says, "establish a linkage from certificate requests from a supported TOE function to issued certificates" This sounds like it is specifying end-entity FIA_X509_EXT.3 functionality for matching a signed certificate to a generated request.
FDP_CER_EXT.2.2 says, "The TSF shall [selection: revoke, not issue ] certificates that cannot be associated with..." This sounds more like a CA function (which is consistent with FIA_XCM_EXT.2); however, it's not clear when "revoke" would be applicable.
It appears FDP_CER_EXT.2.1 should be removed and FDP_CER_EXT.2.2 should be updated so it only specifies "not issue."
The text was updated successfully, but these errors were encountered:
Both of these are intended to be CA functionality. FDP_CER_EXT.2.1 is the CA end of the request checking and is part of the accountability requirement for a CA to issue only authorized certificates. No change made. Believe can be closed.
FDP_CER_EXT.2.1 says, "establish a linkage from certificate requests from a supported TOE function to issued certificates" This sounds like it is specifying end-entity FIA_X509_EXT.3 functionality for matching a signed certificate to a generated request.
FDP_CER_EXT.2.2 says, "The TSF shall [selection: revoke, not issue ] certificates that cannot be associated with..." This sounds more like a CA function (which is consistent with FIA_XCM_EXT.2); however, it's not clear when "revoke" would be applicable.
It appears FDP_CER_EXT.2.1 should be removed and FDP_CER_EXT.2.2 should be updated so it only specifies "not issue."
The text was updated successfully, but these errors were encountered: