Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FDP_CER_EXT.2 Use Case #14

Open
kenji-lightship opened this issue May 17, 2024 · 1 comment
Open

FDP_CER_EXT.2 Use Case #14

kenji-lightship opened this issue May 17, 2024 · 1 comment

Comments

@kenji-lightship
Copy link

FDP_CER_EXT.2.1 says, "establish a linkage from certificate requests from a supported TOE function to issued certificates" This sounds like it is specifying end-entity FIA_X509_EXT.3 functionality for matching a signed certificate to a generated request.

FDP_CER_EXT.2.2 says, "The TSF shall [selection: revoke, not issue ] certificates that cannot be associated with..." This sounds more like a CA function (which is consistent with FIA_XCM_EXT.2); however, it's not clear when "revoke" would be applicable.

It appears FDP_CER_EXT.2.1 should be removed and FDP_CER_EXT.2.2 should be updated so it only specifies "not issue."
@jfisherbah
Copy link
Contributor

Both of these are intended to be CA functionality. FDP_CER_EXT.2.1 is the CA end of the request checking and is part of the accountability requirement for a CA to issue only authorized certificates. No change made. Believe can be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jfisherbah @kenji-lightship