Check for spoofing of certs #5
Description
FIA_X509_EXT.2.3 was originally intended to help prevent/check for certificate spoofing. Because there was nothing tying a certificate to a specific device/unique device ID, this requirement could not be enforced, and additionally was not written correctly and so had been interpreted as checking to ensure no duplicate certificates were ever issued. This req has been changed to stand as that interpretation.
We now need to add a requirement to tie the certificate to the unique device id, and make it an objective req with the goal of moving it to mandatory next time. We will also need to add back in a requirement to check that no certificate re-use is happening (also objective 1st go around). All of this to be done next revision after 4.0 released.