This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
HmacImportParams has an optional "hash" attribute. This is inconsistent with how import works for other algorithms, whereby algorithm parameters need to be fully specified during import. In particular, HMAC import from JWK allows the "hash" attribute on the import algorithm to be unspecified, and it is filled in using the JWK's "alg" (if one was specified). By contrast when importing an RSA key the "hash" attribute is required, even though it could similarly be inferred from the JWK's "alg". Another example is the namedCurve attribute when importing EC keys. WebCrypto requires it to be specified even though it could similarly be inferred from the JWK's "crv" member. I believe HmacImportParams should make "hash" required to match other algorithms. This also means one less failure case for HMAC's "get key length" operation (since if length is unspecified then at least the hash is guaranteed to be present).
Moved to https://github.com/w3c/webcrypto/issues/37