There is confusion (at least to me) on what the meaning of the ECDSA "alg" parameter is.

  * The WebCrypto spec contains both strings "ES512" and "ES521" when searching its text.

ES512 is mentioned in the (non-normative) section "Mapping between JSON Web Key / JSON Web Algorithm" as meaning P-521 with SHA-512. This definition is consistent with the JWA spec's definition.

The use of ES512 is nowhere in the WebCrypto spec though, so for all intents and purposes this is a dangling reference. (issue #1).

Next up, when looking at the JWA's description of ES* algorithms:

 * ES256 -- ECDSA using P-256 and SHA-256
 * ES384 -- ECDSA using P-384 and SHA-384
 * ES512 -- ECDSA using P-521 and SHA-512

This is in contrast to WebCryto's definitions:

 * ES256 -- ECDSA with P-256 (and any hash algorithm)
 * ES384 -- ECDSA with P-384 (and any hash algorithm)
 * ES521 -- ECDSA with P-521 (and any hash algorithm)

The problem here is ES256 and ES384 are spelled the same, but have different meanings. ES521 is unambiguous as it appears only in WebCrypto.

WebCrypto's understanding of the algorithm means it does not enforce the hash algorithm restriction implied by JWA. Which I guess is meh. But what I think is more inconsistent is that ES512 is not supported, even though it could be interpreted similarly to mean P-521 (with any hash algorithm), even.

This is causing a compatibility problem as Chromium's implementation recognizes ES512 (the one given by JWA) and not ES521 (the one invented by WebCrypto spec).

Credit to Jim Schaad for observing Chromium doesn't accept ES521.

I can easily change Chromium to match the current WebCrypto spec, but the different meaning of these names doesn't seem right. Is this the desired intent, or should we be using different algorithm names for ES256 and ES384 ?

Also see the Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=598339