The NIT has issued a technical decision for Session ID Usage Conflict in FCS_DTLSS_EXT.1.7.

To clarify the cPP, the following changes shall be performed.

To Application Note 73 related to FCS_DTLSS_EXT.1.7 and Application Note 111 related to FCS_TLSS_EXT.1.4 the following paragraph shall be added:

In case session establishment (i.e. generating a new session ID) and session resumption are always using a separate context (e.g. a control channel that always requires a full TLS handshake, and a data channel that supports session resumption), then it is acceptable for the ST author to claim 'no session resumption or session tickets' for the context that only establishes and never resumes. If one or more claimed contexts allow session resumption, the ST author selects 'session resumption based on session IDs according to RFC 4346 (TLS1.1) or RFC 5246 (TLS1.2)’, or ‘session resumption based on session tickets according to RFC 5077' (or both), depending on which methods are supported.  

To the TSS requirements in ND SD v2.2 for FCS_DTLSS_EXT.1.7 and FCS_TLSS_EXT.1.4 the following paragraph shall be added:

If the TOE claims a (D)TLS server capable of session resumption (as a single context, or across multiple contexts), the evaluator verifies that the TSS describes how session resumption operates (i.e. what would trigger a full handshake, e.g. checking session status, checking Session ID, etc.). If multiple contexts are used the TSS describes how session resumption is coordinated across those contexts. In case session establishment and session resumption are always using a separate context, the TSS shall describe how the contexts interact with respect to session resumption (in particular regarding the session ID). It is acceptable for sessions established in one context to be resumable in another context.

Guidance documentation requirements shall be added to ND SD v2.2 for FCS_DTLSS_EXT.1.7 and FCS_TLSS_EXT.1.4 as follows:

FCS_DTLSS_EXT.1.7/FCS_TLSS_EXT.1.4

The evaluator shall verify that any configuration necessary to meet the requirement must be contained in the AGD guidance.

The following paragraph shall be added to the definition of Test 1 for FCS_DTLSS_EXT.1.7 and FCS_TLSS_EXT.1.4 in ND SD v2.2:

Remark: If multiple contexts are supported for session resumption, the session ID or session ticket may be obtained in one context for resumption in another context.  It is possible that one or more contexts may only permit the construction of sessions to be reused in other contexts but not actually permit resumption themselves.  For contexts which do not permit resumption, the evaluator is required to verify this behaviour subject to the description provided in the TSS. It is not mandated that the session establishment and session resumption share context. For example, it is acceptable for a control channel to establish and application channel to resume the session.

The following paragraph shall be added to the definition of Test 2 for FCS_DTLSS_EXT.1.7 and FCS_TLSS_EXT.1.4 in ND SD v2.2:

Remark: If multiple contexts are supported for session resumption, for each of the above test cases, the session ID may be obtained in one context for resumption in another context.  There is no requirement that the session ID be obtained and replayed within the same context subject to the description provided in the TSS.  All contexts that can reuse a session ID constructed in another context must be tested. It is not mandated that the session establishment and session resumption share context. For example, it is acceptable for a control channel to establish and application channel to resume the session.

The following paragraph shall be added to the definition of Test 3 for FCS_DTLSS_EXT.1.7 and FCS_TLSS_EXT.1.4 in ND SD v2.2:

Remark: If multiple contexts are supported for session resumption, for each of the above test cases, the session ticket may be obtained in one context for resumption in another context.  There is no requirement that the session ticket be obtained and replayed within the same context subject to the description provided in the TSS. All contexts that can reuse a session ticket constructed in another context must be tested. It is not mandated that the session establishment and session resumption share context. For example, it is acceptable for a control channel to establish and application channel to resume the session.

For further information, please see NIT Interpreation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI202018rev3.pdf

See issue description