This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Presently, the API allows import or generation of AES keys using the "AES-CTR" or "AES-CBC" algorithms. However the AES mode is not really a property of the key. Consider removing the generateKey operation from AES-CTR and AES-CBC and defining a new algorithm, "AES", supporting generateKey, importKey and exportKey.
This is a design choice, not a defect. The re-use of an AES key in multiple modes of operation can be fatal to the underlying security guarantees. A key used to protect or unprotect data with a particular algorithm should not be reused for any other algorithms. See also the discussion of Key Tainting.