Date: |
04/04/2005 |
Subject: |
FCS_CKM/COP dependency on FDP_ITC.1 |
CC Part #1 Reference: |
|
CC Part #2 Reference: |
v2.1, Chapter 5 – Class: FCS Cryptographic Support |
CC Part #3 Reference: |
|
CEM Reference: |
|
Issue
FCS_CKM.2/3/4
and FCS_COP.1 all have a dependency on FDP_ITC.1. However, they do not
have a dependency
on FDP_ITC.2. It seems that FCS_CKM.2/3/4 and FCS_COP.1 should also
include
FDP_ITC.2 in their dependency lists.
Interpretation
The dependency on FDP_ITC.1
is included for the cryptographic SFRs FCS_CKM.2/3/4 and FCS_COP.1 due
to the
need to have a cryptographic key supplied in order to perform the
operations
specified – the TOE must either generate the key (FCS_CKM.1) or import
the key
(FDP_ITC.1). At issue is the omittance of FTP_ITC.2 from the dependency
list.
The FDP_ITC family defines
mechanisms for importing user data from outside the TSF Scope of
Control into
the TOE. FDP_ITC.1 is used where there
are no security attributes associated with the imported data, while
FDP_ITC.2
is used where there are security attributes associated with the
imported data.
In regard
to the import of cryptographic keys, FDP_ITC.1 or FDP_ITC.2 could be
specified
depending on the implementation of the import mechanism.
Specific Changes
To address this
interpretation, the following changes are made to CC v2.1, Part 2:
Dependencies:
[FDP_ITC.1 Import of user data without security
attributes, or
FDP_ITC.2 Import of user data with security
attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
Dependencies:
[FDP_ITC.1 Import of user data without security
attributes, or
FDP_ITC.2 Import of user data with security
attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
Dependencies:
[FDP_ITC.1 Import of user data without security
attributes, or
FDP_ITC.2 Import of user data with security
attributes, or
FCS_CKM.1 Cryptographic key generation]
FMT_MSA.2 Secure security attributes
Dependencies:
[FDP_ITC.1 Import of user data without security
attributes, or
FDP_ITC.2 Import of user data with security
attributes, or
FCS_CKM.1 Cryptographic key generation]
FCS_CKM.4 Cryptographic key destruction
FMT_MSA.2 Secure security attributes
Rationale
This interpretation allows for key import either with
(FDP_ITC.2) or
without (FDP_ITC,1) security attributes, by modifying the FCS_CKM.2-4
and
FCS_COP.1 dependencies.