Re: Do we need trusted path/channel mandatory?
- Subject: Re: Do we need trusted path/channel mandatory?
- From: "NIAP Interpretations Board" <firstname.lastname@example.org>
- Date: Fri, 15 Nov 2002 12:35:08 -0800
- Content-description: Mail message body
- Content-transfer-encoding: 7BIT
- Content-type: text/plain; charset=US-ASCII
- Priority: normal
- Reply-to: email@example.com
It appears that this entire discussion started down the wrong path because of
sloppy wording in CC Part 2 para 514 (last bullet), which reads as if it is the
trusted path that provides user authentication. In fact, trusted path simply
provides a trustworthy means to access the mechanism that provides the user
That said, it is important to note that the mechanisms in the TOE do not
determine the requirements being claimed. Instead, it's the Objectives to be
fulfilled by the TOE that determine the requirements that need to be met by the
TOE. If the CC does not contain sufficient or correct requirements to address
these Objectives, then extended requirements need to be created.
As for dependencies, any arguements about why they are not applicable are
derived from the statements of Threats and Assumptions.
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org