This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The RSA key import does not appear to mandate any validity tests on the key data. (for instance require that n = pq). I recommend adding a step that validates the key parameters, and throws a DataError if they are not legitimate. This would match up with EC key import, which minimally requires the public key to be a point on the curve, and throws a DataError if not.
Moved to https://github.com/w3c/webcrypto/issues/72