Re: I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel

Subject: Re: I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Tue, 21 Dec 2004 08:07:36 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal



  The following is a proposal for a NIAP Interpretation of, or formal
  guidance about, a Common Criteria document that has been approved by the
  NIB and is being submitted to the CCIMB for concurrence. It is being
  posted for informational purposes.




                 CCITSE/CEM  NIAP INTERPRETATION (PROPOSED)

     _________________________________________________________________

     I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel
     _________________________________________________________________

TYPE:                 NIAP Interpretation
NUMBER:               I-0479
STATUS:               Ready to Send to Management/CCIMB

TITLE:                FTP_ITC.1.3 Specifies The Functions Needing A Trusted
                      Channel
PREVIOUS POSTING:      [cc-cmt 01251]

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 13.1 FTP_ITC.1
                      CC v2.1 Part 2 Subclause M.1 FTP_ITC.1
RELATED TO:           <None>

ISSUE:

   In CC v2.1/v2.2, FTP_ITC.1.3 specifies the list of functions for which
   a trusted channel is required AND for which the TSF shall initiate
   communication. The problem is that, given that FTP_ITC.1.2 permits
   either the TSF or the remote IT to initiate the channel, FTP_ITC.1.3
   is contradictory if the remote trusted IT product was assigned in 1.2
   (that is, 1.3 seems to be incorrectly stated in requiring the TSF to
   initiate the channel).

STATEMENT

   The trusted channel should be able to be initiated by the remote IT
   trusted product, if such is specified in the assignment of
   FTP_ITC.1.2.

RECOMMENDED CRITERIA CHANGES

   FTP_ITC.1.3 is changed to:

     The TSF shall _[DEL:_ intiate communication via the _:DEL]_ _use a
     trusted channel_ for _the following functions_: [assignment: _list
     of functions for which a trusted channel is required_].

SUPPORT:

   The intents of the three elements of FTP_ITC.1 are, respectively:

    1. There must be a trusted channel.
    2. Either the TSF or the remote trusted IT product may initiate the
       communication.
    3. The trusted channel must be used for the functions listed in the
       assignment.

   The cited criteria changes remove the contradiction that would result
   if "the remote trusted IT product" was assigned in 1.2.

Prev by Date: I-0471: Objects In The TOE
Next by Date: I-0482: Properties Of Default Values For Attributes
Prev by thread: I-0479: FTP_ITC.1.3 Specifies The Functions Needing A Trusted Channel
Next by thread: Re: FMT_MSA.3: Restrictive/ Permissive Default Values

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov