FCS_COP assignment

Subject: FCS_COP assignment

From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Date: Mon, 25 Nov 2002 14:07:59 +0900

Content-Type: multipart/mixed; boundary="----=_NextPartTM-000-887a798e-200d-4b99-821f-81a55428ecc0"

I'm sorry I was not correct in the previous message that is saying:

-------------------------------------

"Some ST author's are putting 'list' in other functional components too (such as FDP_ACC/IFC)

insted of using the iteration.

So, I do not think this is a problem only for FCS_COP."

-------------------------------------

I was wrong. The issue is only for FCS_COP.

Isn't it better to add guidance in the CC part2 annex FCS_COP ?

Yokota

----- Original Message -----

From: YOKOTA HIROFUMI

To: cc-cmt@nist.gov

Sent: Sunday, November 24, 2002 12:34 PM

Subject: Re: FCS_COP assignment

I agree with Gary's answer, considering the actual usage we could see in the disclosed STs.

However, we can not see the conditions of the 'acceptance' in the current CC, can we?

Some ST author's are putting 'list' in other functional components too (such as FDP_ACC/IFC)

insted of using the iteration.

So, I do not think this is a problem only for FCS_COP.

Where and by what condition is the listing in a component equivalent to the iteration

sould be crarified.

Is it OK for me to submit RI to reflect the answer in the CC manuals ?

----- Original Message -----

From: Gary Stoneburner

To: Multiple recipients of list

Sent: Wednesday, November 20, 2002 11:29 PM

Subject: Re: FCS_COP assignment

In FCS_COP.1.1, the number of algorithms listed may be greater than 1. This would be the case when the TOE is to implement multiple instances of the cryptographic functions using different algorithms. This is the equivalent of iterating FCS_COP.1 for each algorithm. Since the only change from iteration to iteration would, in this case, be the algorithm - a list of algorithms in one instance of FCS_COP.1 makes sense.

The above is acceptable only where each algorithm is used in the TOE implements all of the functions listed. If a given algorithm is to implement only some of the functions, then actual iteration is required, repeating FCS_COP.1 for each algorithm and listing the functions to be performed using that algorithm.

Cheers,
Gary

At 08:37 AM 11/20/02, YOKOTA HIROFUMI wrote:

Question:

When we need to fill FCS_COP.1.1 with cryptographic algorithm,
I believe, we should remind that the assignment is
"cryptographic algorithm", not "list of cryptographic algorithm ".

However, many ST authors are likely to set there "list of cryptographic
algorithm "
(ex. RSA, SHA-1, MD5).

Some evaluated STs are written similarly.

When we evaluate customer's STs, should we guide them that
"list of cryptographic algorithm " would not pass the evaluation?

Or, is this not a problem?

Hirofumi Yokota

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20877-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
**************************************************************************