This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The current spec forbids the use of JWK for import of keys to PBKDF2. This is unnecessarily restrictive, since a JWK containing only "kty" and "k" elements is valid and equivalent to a raw key.
From the point of view of a "JOSE" JWK, I don't think this is a good idea. JOSE intentionally doesn't provide PBKDF2 as a valid kty; the key algorithm is only used with the CEK, and associated by alg, not kty. Additionally, rather than store the security parameters on the JWK, they're part of the JWE's header parameters. It's not "unnecessarily restrictive", it's "not defined because it's undefined for JWK". If you feel strongly about this, then I think you'll need to propose text to the WG for adoption. It certainly seems like it involves new registrations with JWA.
I think we should live with the existing text here. If necessary the script can extract the raw key from the JWK itself and import that.