This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
ECDH's deriveBits() tests that: * baseKey.algorithm.name == "ECDH" * publicKey.type == "public" * publicKey.algorithm.namedCurve == baseKey.algorithm.namedCurve However it does not test that: * publicKey.algorithm.name == baseKey.algorithm.name Not sure if this is intentional, but that would mean passing some other public EC key (say for ECDSA) is allowed by the spec. Whereas the rest of WebCrypto is fairly particular about restricting key usage cross-algorithm.
I agree that this check should be added
The bug has been transferred to github https://github.com/w3c/webcrypto/issues/25 with the directive to implement the suggested change by Eric and backed by Jim.
Moved to https://github.com/w3c/webcrypto/issues/33