iTC Meeting Minutes 2023 09 28 - DSC-iTC/cPP GitHub Wiki
Call started at 12:04pm EDT
The call started with a review of the three new pull requests. The one open pull request was merged.
The call then looked at the recently commented issues.
The first one discussed was #154. The key point at the moment is whether or not something like Bob’s comment about needing an FCS_CKM_EXT.2 or similar will have to be done. The other SFRs raised in this issue by Brian seem to have been resolved (or will be in the case of FCS_CKM_EXT.3).
The next issue was about the key storage requirements. The comments were reviewed. Stephan noted that he thought we needed to be careful about keys, because keys may be used for other purposes (examples being rollback or replay prevention, but there are others), that may not be stored needing integrity. Brian said that he thought these should not be classified as keys (at least not encryption keys) as they are not really the keys we are looking at here. Brian thought they should be considered out of scope (and the vendor should be intelligent enough to not mix them in). The proposed linkage of SFRs was agreed to, with the only question being how to handle the last FCS_STG_EXT.3.1 integrity check in terms of FCS_CKM_EXT.3.
The last topic for Issues was Brian noting that he had uploaded a version of the atsec comments on CC:2022 with his own comments. He requested review of these, but especially of the EA recommendations.
At the last minute of the call, a brief discussion was had on the side channel issue.
The call ended at 1:02pm EDT.