Re: How to express the TSP in SFRs for a simple encryption box

Subject: Re: How to express the TSP in SFRs for a simple encryption box
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Thu, 02 Sep 2004 13:07:29 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal


The NIB reminds you of two points to remember in discussing this:

1.	Don't try to force things.

2.	The FCS components only state what algorithms must be used for what 
encryption activities; not for what purposes encryption must be used.

Thus, any solution that just has FPT_SEP, FPT_RVM, and stuff from FCS won't 
work, because you never state (unless you do it via refinement) exactly what 
the encryption functions are to be used for. FCS only requires that if they are 
used, they satisfy certain algorithms.

The "force fit" aspect comes in with FDP_UCT. This doesn't work because there 
is no flow control being done. There are no access decisions being made at all 
in this; therefore the notion of an "access control" or "information flow" 
policy is a force-fit.

Remember the adage: KISS (Keep It Simple...). What you express in your item 
"3)": "The E(Box) receives a message from the input port and encrypt the 
message, then send it out from the output port.", reworded into CC style ("The 
TSF shall...") would make a fine explicitly specified requirement.

Prev by Date: Re: FMT_MSA.3: Restrictive/ Permissive Default Values
Next by Date: I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel
Prev by thread: Re: How to express the TSP in SFRs for a simple encryption box
Next by thread: FMT_MSA.3: Restrictive/Permissive Default Values

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov