27448 2014-11-26 19:24:09 +0000 HmacImportParams having a non-required hash is inconsistent with other algorithms 2016-05-23 23:40:15 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified PC Linux RESOLVED MOVED P2 normal --- 1 ericroman sleevi public-webcrypto watsonm oldest_to_newest 115547 0 ericroman 2014-11-26 19:24:09 +0000 HmacImportParams has an optional "hash" attribute. This is inconsistent with how import works for other algorithms, whereby algorithm parameters need to be fully specified during import. In particular, HMAC import from JWK allows the "hash" attribute on the import algorithm to be unspecified, and it is filled in using the JWK's "alg" (if one was specified). By contrast when importing an RSA key the "hash" attribute is required, even though it could similarly be inferred from the JWK's "alg". Another example is the namedCurve attribute when importing EC keys. WebCrypto requires it to be specified even though it could similarly be inferred from the JWK's "crv" member. I believe HmacImportParams should make "hash" required to match other algorithms. This also means one less failure case for HMAC's "get key length" operation (since if length is unspecified then at least the hash is guaranteed to be present). 126497 1 watsonm 2016-05-23 23:40:15 +0000 Moved to https://github.com/w3c/webcrypto/issues/37