Re: PD 0108: FTP_ITC.1.3 Specifies The Functions For Which A Trusted Channel Is Provided

[Tom Benkart <teb@coact.com>]

Several comments:

1. In the STATEMENT section, it is not clear in what way "it is acceptable 
to replace" the text of the CC SFR.  How about "It is acceptable to use an 
explicitly stated SFR that replaces"?

2. Under SUPPORT, #3, some text from the original OR is still included 
(namely:...).

3. In might be helpful to include in the PD a statement that the TSF is not 
required to enforce usage of the trusted channel by the remote trusted IT 
product.

Tom

At 01:36 PM 7/19/2004, you wrote:

>The ODRB is in the process of issuing the following PD. Please give this PD a
>few days to propagate to the CCEVS website.
>
>ISSUE:
>
>In CC v2.1/v2.2, the FTP_ITC.1.3 SFR specifies the list of functions for 
>which
>a trusted channel is required AND for which the TSF shall initiate
>communication. A problem arises, however, when one must specify the functions
>for which either the TSF or a Remote Trusted IT Product must use a trusted
>channel, as FTP_ITC.1.3 only refers to the local TOE, and specifically refers
>to initiation, not use.
>
>One solution is to modify the text of FTP_ITC.1.3 to indicate the 
>functions for
>which either the local TSF or remote trusted IT product must use a trusted
>channel. However, such a change expands the scope of the SFR. How is this 
>issue
>to be resolved?
>
>STATEMENT:
>
>It is acceptable to replace the CC v2.1/v2.2 version of FTP_ITC.1.3 with the
>following text:
>
>    The TSF shall use a trusted channel for the following functions:
>    [assignment: list of functions for which a trusted channel is
>    required].
>
>When this modified version of FTP_ITC.1.3 is used, there should also be an
>accompanying note that explains that the rationale for this explicit
>requirement is that it corrects an error identified by CCEVS in the 
>requirement
>and an interpretation is being created by NIAP to correct the offending
>wording.
>
>SUPPORT:
>
>The intents of the three elements of FTP_ITC.1 are, respectively:
>
>1.      There must be a trusted channel.
>
>2.      Either the TSF or the remote trusted IT product may initiate the
>communication.
>
>3.      The trusted channel must be used for the functions listed in the 
>assignment
>(namely: password-based authentication functions, replication operations,
>remote management of directory service data).
>
>The problem is, given that FTP_ITC.1.2 permits either the TSF or the remote
>trusted IT product to initiate communications over the channel, 
>FTP_ITC.1.3 is
>contradictory if "the remote trusted IT product" was assigned in 
>1.2.  That is,
>FTP_ITC.1.3 seems to be incorrectly stated in requiring the TSF to initiate
>communications over the channel.  It is clear that FTP_ITC.1.3 should read 
>"The
>trusted channel shall be used for [assignment: list of functions for which a
>trusted channel is required]". This PD corrects the problem.
>
>It seems that this issue has not arisen previously probably because all STs
>that have claimed FTP_ITC.1 so far have completed the assignment in the 
>second
>element with "TSF" thus avoiding the creation of the problem in the third.