The recent update to "ACVP TLS Key Derivation Function JSON Specification" adds 'keyBlockLength' to the registration for 'kdf-components/tls/1.0 (TLS 1.0 and TLS 1.2 (non-rfc7627)).
In this request, the tlsVersion field is defined as an array that can contain the values 'v1.0/1.1' or 'v1.2'. The field 'keyBlockLength' is not an array however, and therefore cannot specify different values for v1.0/1.1 and v1.2 in a single algorithm entry.
The obvious solution is for the client to submit them in separate algorithm entries, but the way the json is defined opens up the possibility for errors. At a minimum, the spec should point out that multiple algorithm entries must be used if different keyblocklength values are desired for v1.0 and v1.2.
If the client wants the same keyblocklength for both v1.0 and v1.2, then a single algrorithm entry could still be used.
environment Demo
The recent update to "ACVP TLS Key Derivation Function JSON Specification" adds 'keyBlockLength' to the registration for 'kdf-components/tls/1.0 (TLS 1.0 and TLS 1.2 (non-rfc7627)).
In this request, the tlsVersion field is defined as an array that can contain the values 'v1.0/1.1' or 'v1.2'. The field 'keyBlockLength' is not an array however, and therefore cannot specify different values for v1.0/1.1 and v1.2 in a single algorithm entry.
The obvious solution is for the client to submit them in separate algorithm entries, but the way the json is defined opens up the possibility for errors. At a minimum, the spec should point out that multiple algorithm entries must be used if different keyblocklength values are desired for v1.0 and v1.2.
If the client wants the same keyblocklength for both v1.0 and v1.2, then a single algrorithm entry could still be used.