Remove AES-CMAC, AES-CFB, CONCAT and DH per WG decision.
authorMark Watson <watsonm@netflix.com>
Thu, 12 Nov 2015 09:36:30 -0800
changeset 300 f514a4a6ffca
parent 299 d73602c274f0
child 301 1061790470f6
Remove AES-CMAC, AES-CFB, CONCAT and DH per WG decision.
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Sun Nov 30 23:10:07 2014 +0100
+++ b/spec/Overview-WebCryptoAPI.xml	Thu Nov 12 09:36:30 2015 -0800
@@ -3442,21 +3442,6 @@
               <td>&#10004;</td>
             </tr>
             <tr>
-              <td><a href="#aes-cmac">AES-CMAC</a></td>
-              <td />
-              <td />
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td />
-              <td>&#10004;</td>
-              <td />
-              <td />
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td />
-              <td />
-            </tr>
-            <tr>
               <td><a href="#aes-gcm">AES-GCM</a></td>
               <td>&#10004;</td>
               <td>&#10004;</td>
@@ -3472,21 +3457,6 @@
               <td>&#10004;</td>
             </tr>
             <tr>
-              <td><a href="#aes-cfb">AES-CFB</a></td>
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td />
-              <td />
-              <td />
-              <td>&#10004;</td>
-              <td />
-              <td />
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-            </tr>
-            <tr>
               <td><a href="#aes-kw">AES-KW</a></td>
               <td></td>
               <td></td>
@@ -3517,21 +3487,6 @@
               <td />
             </tr>
             <tr>
-              <td><a href="#dh">DH</a></td>
-              <td />
-              <td />
-              <td />
-              <td />
-              <td />
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td />
-              <td />
-            </tr>
-            <tr>
               <td><a href="#sha">SHA-1</a></td>
               <td />
               <td />
@@ -3592,21 +3547,6 @@
               <td />
             </tr>
             <tr>
-              <td><a href="#concatkdf">CONCAT</a></td>
-              <td />
-              <td />
-              <td />
-              <td />
-              <td />
-              <td />
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td>&#10004;</td>
-              <td />
-              <td />
-              <td />
-            </tr>
-            <tr>
               <td><a href="#hkdf-ctr">HKDF-CTR</a></td>
               <td />
               <td />
@@ -12595,515 +12535,6 @@
         </div>
       </div>
 
-      <div id="aes-cmac" class="section">
-        <h3>AES-CMAC</h3>
-        <div id="aes-cmac-description" class="section">
-          <h4>Description</h4>
-          <p class="norm">This section is non-normative.</p>
-          <p>
-            The <code>"AES-CMAC"</code> algorithm identifier is used to perform
-            message authentication using AES with a cipher-based MAC, as
-            described in [<a href="#SP800-38B">NIST SP800-38B</a>].
-          </p>
-        </div>
-        <div id="aes-cmac-registration" class="section">
-          <h4>Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"AES-CMAC"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>sign</td>
-                <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
-                <td>ArrayBuffer</td>
-              </tr>
-              <tr>
-                <td>verify</td>
-                <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
-                <td>boolean</td>
-              </tr>
-              <tr>
-                <td>generateKey</td>
-                <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>importKey</td>
-                <td>None</td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>exportKey</td>
-                <td>None</td>
-                <td>object</td>
-              </tr>
-              <tr>
-                <td>get key length</td>
-                <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
-                <td>Integer</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="aes-cmac-params" class="section">
-          <h4>AesCmacParams dictionary</h4>
-          <x:codeblock language="idl">
-dictionary <dfn id="dfn-AesCmacParams">AesCmacParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The length, in bits, of the MAC.</span>
-[EnforceRange] required unsigned short <dfn id="dfn-AesCmacParams-length">length</dfn>;
-};
-          </x:codeblock>
-        </div>
-        <div id="aes-cmac-operations" class="section">
-          <h4>Operations</h4>
-          <dl>
-            <dt>Sign</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
-                    member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If <var>length</var> is zero or greater than 128,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>mac</var> be the result of performing the MAC Generation
-                    operation described in Section 6.2 of
-                    [<a href="#SP800-38B">NIST SP800-38B</a>] using AES as the block
-                    cipher, <var>length</var> as the value of the MAC length parameter,
-                    <var>Tlen</var>, and <var>message</var> as the message, <var>M</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>mac</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Verify</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
-                    member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If <var>length</var> is zero or greater than 128,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>output</var> be the result of performing the MAC Verification
-                    operation described in Section 6.3 of
-                    [<a href="#SP800-38B">NIST SP 800-38B</a>] using AES as the block
-                    cipher, <var>length</var> as the value of the MAC length parameter,
-                    <var>Tlen</var>, <var>message</var> as the message, <var>M</var> and
-                    <var>signature</var> as the received MAC, <var>T'</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return true if <var>output</var> is VALID and false otherwise.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains any entry which is not
-                     <code>"sign"</code> or <code>"verify"</code>,
-                    then <a href="#concept-throw">throw</a> a
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var> is not equal to one of
-                    128, 192 or 256,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate an AES key of length
-                    equal to the <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the key generation step fails,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new
-                    <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
-                    generated AES key.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CMAC"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to equal the
-                    <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>key</var> to be <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>key</var> to be <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains an entry which is not
-                     <code>"sign"</code> or <code>"verify"</code>,
-                    then <a href="#concept-throw">throw</a> a
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the length in bits of <var>data</var> is not 128, 192 or 256
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary represented by <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"kty"</code> field of <var>jwk</var> is not
-                            to <code>"oct"</code>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If <var>jwk</var> does not meet the requirements of
-                            Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
-                            <code>"k"</code> field of <var>jwk</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If <var>data</var> has length 128 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A128CMAC"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 192 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A192CMAC"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 256 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A256CMAC"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>Otherwise:</dt>
-                            <dd>
-                              <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"enc"</code>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
-                            is invalid according to the requirements of
-                            <a href="#jwk">JSON Web Key</a> or
-                            does not contain all of the specified <var>usages</var> values,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"ext"</code> field of <var>jwk</var> is present and
-                            has the value false and <var>extractable</var> is true,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
-                    object representing an AES key with value <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CMAC"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to the length, in bits, of <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Export Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the underlying cryptographic key material represented by the [[<a
-                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                    cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the raw octets of the key represented by [[<a
-                            href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>kty</code> attribute of <var>jwk</var> to the
-                            string <code>"oct"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>k</code> attribute of <var>jwk</var> to be a string
-                            containing the raw octets of the key represented by [[<a
-                            href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>, encoded according to Section 6.4 of <a
-                            href="#jwa">JSON Web Algorithms</a>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 128:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A128CMAC"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 192:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A192CMAC"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 256:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A256CMAC"</code>.</dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
-                            <a href="#dfn-CryptoKey-usages">usages</a> attribute of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a
-                            href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
-                            of <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be the result of converting <var>jwk</var>
-                            to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <p>
-                        <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                      </p>
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Get key length</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
-                    <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
-                    <var>normalizedDerivedKeyAlgorithm</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
       <div id="aes-gcm" class="section">
         <h3>AES-GCM</h3>
         <div id="aes-gcm-description" class="section">
@@ -13735,524 +13166,6 @@
         </div>
       </div>
 
-      <div id="aes-cfb" class="section">
-        <h3>AES-CFB</h3>
-        <div id="aes-cfb-description" class="section">
-          <h4>Description</h4>
-          <p class="norm">This section is non-normative.</p>
-          <p>
-            The <code>"AES-CFB-8"</code> algorithm identifier is used to perform
-            encryption and decryption using AES in Cipher Feedback mode, specifically CFB-8,
-            as described in Section 6.3 of
-            [<a href="#SP800-38A">NIST SP800-38A</a>].
-          </p>
-        </div>
-        <div id="aes-cfb-registration" class="section">
-          <h4>Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"AES-CFB-8"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>encrypt</td>
-                <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
-                <td>ArrayBuffer</td>
-              </tr>
-              <tr>
-                <td>decrypt</td>
-                <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
-                <td>ArrayBuffer</td>
-              </tr>
-              <tr>
-                <td>generateKey</td>
-                <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>importKey</td>
-                <td>None</td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>exportKey</td>
-                <td>None</td>
-                <td>object</td>
-              </tr>
-              <tr>
-                <td>get key length</td>
-                <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
-                <td>Integer</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="aes-cfb-params" class="section">
-          <h4>AesCfbParams dictionary</h4>
-          <x:codeblock language="idl">
-dictionary <dfn id="dfn-AesCfbParams">AesCfbParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
-required BufferSource <dfn id="dfn-AesCfbParams-iv">iv</dfn>;
-};
-          </x:codeblock>
-        </div>
-        <div id="aes-cfb-operations" class="section">
-          <h4>Operations</h4>
-          <dl>
-            <dt>Encrypt</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
-                    <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a
-                    href="#concept-throw">throw</a> an <a
-                    href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>ciphertext</var> be the result of performing the CFB Encryption
-                    operation described in Section 6.3 of [<a
-                    href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a
-                    href="#concept-contents-of-arraybuffer">the contents of</a> the <a
-                    href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
-                    the <var>IV</var> input parameter, the value 8 as the input parameter
-                    <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents
-                    of<var>plaintext</var></a> as the input plaintext.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>ciphertext</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Decrypt</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
-                    <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a
-                    href="#concept-throw">throw</a> an <a
-                    href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>plaintext</var> be the result of performing the CFB Decryption
-                    operation described in Section 6.3 of [<a
-                    href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a
-                    href="#concept-contents-of-arraybuffer">the contents of</a> the <a
-                    href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
-                    the <var>IV</var> input parameter, the the value 8 as the input parameter
-                    <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents of
-                    <var>ciphertext</var></a> as the input ciphertext.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>plaintext</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains any entry which is not one of
-                    <code>"encrypt"</code>, <code>"decrypt"</code>, <code>"wrapKey"</code> or
-                    <code>"unwrapKey"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var> is not equal to one of 128, 192 or 256, then <a
-                    href="#concept-throw">throw</a> an <a
-                    href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate an AES key of length equal to the <a
-                    href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the key generation step fails,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new
-                    <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
-                    generated AES key.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CFB-8"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to equal the
-                    <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>key</var> to be <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>key</var> to be <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains an entry which is not
-                    one of <code>"encrypt"</code>, <code>"decrypt"</code>,
-                    <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the length in bits of <var>data</var> is not 128, 192 or 256
-                            
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary represented by <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"kty"</code> field of <var>jwk</var> is not
-                            <code>"oct"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If <var>jwk</var> does not meet the requirements of
-                            Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
-                            <code>"k"</code> field of <var>jwk</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If <var>data</var> has length 128 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A128CFB8"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 192 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A192CFB8"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 256 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A256CFB8"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>Otherwise:</dt>
-                            <dd>
-                              <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"enc"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
-                            is invalid according to the requirements of
-                            <a href="#jwk">JSON Web Key</a> or
-                            does not contain all of the specified <var>usages</var> values,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"ext"</code> field of <var>jwk</var> is present and
-                            has the value false and <var>extractable</var> is true,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
-                    object representing an AES key with value <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CFB-8"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to the length, in bits, of <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>key</var> to <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>key</var> to the <a href="#concept-normalized-usages">normalized
-                    value</a> of <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Export Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the underlying cryptographic key material represented by the [[<a
-                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                    cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the raw octets of the key represented by [[<a
-                            href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>kty</code> attribute of <var>jwk</var> to the
-                            string <code>"oct"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>k</code> attribute of <var>jwk</var> to be a string
-                            containing the raw octets of the key represented by [[<a
-                            href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>, encoded according to Section 6.4 of <a
-                            href="#jwa">JSON Web Algorithms</a>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 128:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A128CFB8"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 192:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A192CFB8"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 256:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A256CFB8"</code>.</dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
-                            <a href="#dfn-CryptoKey-usages">usages</a> attribute of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a
-                            href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
-                            of <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be the result of converting <var>jwk</var>
-                            to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <p>
-                        <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                      </p>
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Get key length</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
-                    <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, then <a
-                    href="#concept-throw">throw</a> an <a
-                    href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
-                    <var>normalizedDerivedKeyAlgorithm</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
-
       <div id="aes-kw" class="section">
         <h3>AES-KW</h3>
         <div id="aes-kw-description" class="section">
@@ -15547,889 +14460,7 @@
           </dl>
         </div>
       </div>
-      <div id="dh" class="section">
-        <h3>Diffie-Hellman</h3>
-        <div id="dh-description" class="section">
-          <h4>Description</h4>
-          <p class="norm">This section is non-normative.</p>
-          <p>
-            This describes using Diffie-Hellman for key generation and key agreement, as specified
-            by <a href="#PKCS3">PKCS #3</a>.
-          </p>
-        </div>
-        <div id="dh-registration" class="section">
-          <h4>Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"DH"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>generateKey</td>
-                <td><a href="#dfn-DhKeyGenParams">DhKeyGenParams</a></td>
-                <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
-              </tr>
-              <tr>
-                <td>deriveBits</td>
-                <td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
-                <td><a href="#dfn-octet-string">Octet string</a></td>
-              </tr>
-              <tr>
-                <td>importKey</td>
-                <td><a href="#dfn-DhImportKeyParams">DhImportKeyParams</a></td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>exportKey</td>
-                <td>None</td>
-                <td>object</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="dh-DhKeyGenParams" class="section">
-          <h4>DhKeyGenParams dictionary</h4>
-          <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhKeyGenParams">DhKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-generator">generator</dfn>;
-};
-          </x:codeblock>
-        </div>
-        <div id="dh-DhKeyAlgorithm" class="section">
-          <h4>DhKeyAlgorithm dictionary</h4>
-          <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhKeyAlgorithm">DhKeyAlgorithm</dfn> : <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-generator">generator</dfn>;
-};
-          </x:codeblock>
-        </div>
-        <div id="dh-DhKeyDeriveParams" class="section">
-          <h4>DhKeyDeriveParams dictionary</h4>
-          <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhKeyDeriveParams">DhKeyDeriveParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The peer's public value.</span>
-required <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-DhKeyDeriveParams-public">public</dfn>;
-};
-          </x:codeblock>
-        </div>
-        <div id="dh-DhImportKeyParams" class="section">
-          <h4>DhImportKeyParams dictionary</h4>
-          <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhImportKeyParams">DhImportKeyParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-generator">generator</dfn>;
-};
-          </x:codeblock>
-        </div>
-        <div id="dh-operations" class="section">
-          <h4>Operations</h4>
-          <dl>
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains a value which is not
-                    one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-                    then <a href="#concept-throw">throw</a> a
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate a Diffie-Hellman key pair, as defined in Section 7 of
-                    [<a href="#PKCS3">PKCS #3</a>], with prime, <var>p</var>, and base,
-                    <var>g</var>, as specified in the
-                    <a href="#dfn-DhKeyGenParams-prime">prime</a> and
-                    <a href="#dfn-DhKeyGenParams-generator">generator</a> properties of
-                    <var>normalizedAlgorithm</var>, respectively.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error, 
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>
-                    object.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Algorithm-name">name</a> member of
-                    <var>algorithm</var> to <code>"DH"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-DhKeyGenParams-prime">prime</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-DhKeyGenParams-generator">generator</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                    representing the public key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>publicKey</var> to <code>"public"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>publicKey</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>publicKey</var> to true.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>publicKey</var> to be the empty list.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                    representing the private key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>privateKey</var> to <code>"private"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>privateKey</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>privateKey</var> to <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>privateKey</var> to be <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
-                    dictionary.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
-                    of <var>result</var> to be <var>publicKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
-                    of <var>result</var> to be <var>privateKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return the result of converting <var>result</var> to an ECMAScript Object, as
-                    defined by [<a href="#WebIDL">WebIDL</a>].
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Derive Bits</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>key</var> is not <code>"private"</code>, then <a
-                    href="#concept-throw">throw</a> an <a
-                    href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>publicKey</var> be the
-                    <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the [[<a
-                    href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>publicKey</var> is not <code>"DH"</code>, then <a
-                    href="#concept-throw">throw</a> a <a
-                    href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>publicKey</var> is not <code>"public"</code>, then <a
-                    href="#concept-throw">throw</a> a <a
-                    href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a
-                    href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>publicKey</var> is not equal to the <a
-                    href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a
-                    href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the
-                    [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>publicKey</var> is not equal to the <a
-                    href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the [[<a
-                    href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Perform the Diffie-Hellman Phase II algorithm as specified in Section 8 of [<a
-                    href="#PKCS3">PKCS #3</a>] with <var>key</var> as the DH private value
-                    <var>x</var> and the Diffie-Hellman public value represented by the [[<a
-                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of the <a
-                    href="#dfn-DhKeyDeriveParams-public">public</a> member of
-                    <var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
-                  </p>
-                  <dl class="switch">
-                    <dt>If performing the operation results in an error:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> an
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>
-                      If the length of <var>secret</var> in bits is less than
-                      <var>length</var>:
-                    </dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> an
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
-                  </dl>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd>
-              <dl class="switch">
-                <dt>
-                  If <var>format</var> is <code>"raw"</code>:
-                </dt>
-                <dd>
-                  <div class="ednote">
-                    <p>
-                      Raw import of private values is presently not supported.
-                    </p>
-                  </div>
-                  <ol>
-                    <li>
-                      <p>
-                        If <var>usages</var> is not empty
-                        then <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If <var>extractable</var> is false,
-                        then <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>PV</var> be the integer which results from interpreting the
-                        octets of <var>keyData</var> as an unsigned big integer with most
-                        significant octet first.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                        representing a Diffie-Hellman public key with public value <var>PV</var>
-                        and with prime, <var>p</var> and base, <var>g</var> equal to the <a
-                        href="#dfn-DhImportKeyParams-prime">prime</a> and <a
-                        href="#dfn-DhImportKeyParams-generator">generator</a> properties of
-                        <var>normalizedAlgorithm</var> respectively.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                        <var>key</var> to <code>"public"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>algorithm</var> be a new <a
-                        href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-Algorithm-name">name</a> attribute of
-                        <var>algorithm</var> to <code>"DH"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                        <var>algorithm</var> to equal the <a
-                        href="#dfn-DhImportKeyParams-prime">prime</a> member of
-                        <var>normalizedAlgorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
-                        <var>algorithm</var> to equal the <a
-                        href="#dfn-DhImportKeyParams-generator">generator</a> member of
-                        <var>normalizedAlgorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                        slot of <var>key</var> to <var>algorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Return <var>key</var>.
-                      </p>
-                    </li>
-                  </ol>
-                </dd>
-                <dt>
-                  If <var>format</var> is <code>"spki"</code>:
-                </dt>
-                <dd>
-                  <ol>
-                    <li>
-                      <p>
-                        If <var>usages</var> is not empty
-                        then <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>spki</var> be the result of running the <a
-                        href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a> algorithm
-                        over <var>keyData</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If an error occurred while parsing, then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>algorithm</code> object identifier field of the
-                        <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
-                        equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9 of
-                        [<a href="#PKCS3">PKCS #3</a>], then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>parameters</code> field of the <code>algorithm</code>
-                        AlgorithmIdentifier field of <var>spki</var> is absent, then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>params</var> be the <code>parameters</code> field of the
-                        <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If <var>params</var> is not an instance of the <code>DHParameter</code>
-                        ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                        representing the Diffie-Hellman public key obtained by parsing the
-                        <code>subjectPublicKey</code> field of <var>spki</var> as an ASN.1
-                        INTEGER.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                        <var>key</var> to <code>"public"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>algorithm</var> be a new <a
-                        href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-Algorithm-name">name</a> member of
-                        <var>algorithm</var> to <code>"DH"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                        slot of <var>key</var> to <var>algorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Return <var>key</var>.
-                      </p>
-                    </li>
-                  </ol>
-                </dd>
-                <dt>
-                If <var>format</var> is <code>"pkcs8"</code>:
-                </dt>
-                <dd>
-                  <ol>
-                    <li>
-                      <p>
-                        If <var>usages</var> contains a value which is not one of
-                        <code>"deriveKey"</code> or <code>"deriveBits"</code>, then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>privateKeyInfo</var> be the result of running the
-                        <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
-                        algorithm over <var>keyData</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If an error occurred while parsing, then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>algorithm</code> object identifier field of the
-                        <code>algorithm</code> AlgorithmIdentifier field of
-                        <var>privateKeyInfo</var> is not equivalent to the
-                        <code>dhKeyAgreement</code> OID defined in Section 9 of [<a
-                        href="#PKCS3">PKCS #3</a>], then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>parameters</code> field of the
-                        <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
-                        <var>privateKeyInfo</var> is absent, then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>params</var> be the <code>parameters</code> field of the
-                        <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
-                        <var>privateKeyInfo</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If <var>params</var> is not an instance of the <code>DHParameter</code>
-                        ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a
-                        href="#concept-throw">throw</a> a <a
-                        href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                      representing the Diffie-Hellman private key obtained by parsing the
-                      <code>privateKey</code> field of <var>privateKeyInfo</var> as an ASN.1
-                      INTEGER.
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                        <var>key</var> to <code>"private"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>algorithm</var> be a new
-                        <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-Algorithm-name">name</a> member of
-                        <var>algorithm</var> to <code>"DH"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                        slot of <var>key</var> to <var>algorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Return <var>key</var>.
-                      </p>
-                    </li>
-                  </ol>
-                </dd>
-                <dt>Otherwise:</dt>
-                <dd>
-                  <a href="#concept-throw">throw</a> a
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </dd>
-              </dl>
-            </dd>
-            <dt>Export Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the underlying cryptographic key material represented by the [[<a
-                    href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                    cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>
-                      If <var>format</var> is <code>"raw"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <dl class="switch">
-                            <dt>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is <code>"public"</code>:
-                            </dt>
-                            <dd>
-                              Let <var>data</var> be the Public Value, <var>PV</var>, associated
-                              with <var>key</var> as specified in Section 7 of [<a
-                              href="#PKCS3">PKCS #3</a>].
-                            </dd>
-                            <dt>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is <code>"private"</code>:
-                            </dt>
-                            <dd>
-                              Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> that represents the private
-                              value <var>x</var> associated with <var>key</var> as a big integer,
-                              most significant octet first.
-                            </dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>
-                      If <var>format</var> is <code>"spki"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                            of <var>key</var> is not <code>"public"</code>, then <a
-                            href="#concept-throw">throw</a> an <a
-                            href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be an instance of the <code>subjectPublicKeyInfo</code>
-                            ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
-                            with the following properties:
-                          </p>
-                          <ul>
-                            <li>
-                              <p>
-                                Set the <var>algorithmIdentifier</var> field to an
-                                <code>AlgorithmIdentifier</code> ASN.1 structure with the
-                                following properties:
-                              </p>
-                              <ul>
-                                <li>
-                                  <p>
-                                    Set the <var>algorithm</var> field to the
-                                    <code>dhKeyAgreement</code> OID defined in Section 9 of <a
-                                    href="#PKCS3">PKCS #3</a>.
-                                  </p>
-                                </li>
-                                <li>
-                                  <p>
-                                    Set the <var>parameters</var> field to an instance of the
-                                    <code>DHParams</code> ASN.1 structure defined in Section 9 of
-                                    <a href="#PKCS3">PKCS #3</a> with the following properties:
-                                  </p>
-                                  <ul>
-                                    <li>
-                                      <p>
-                                        Set the <var>prime</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a
-                                        href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                                        the [[<a
-                                        href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                    <li>
-                                      <p>
-                                        Set the <var>base</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a
-                                        href="#dfn-DhKeyAlgorithm-generator">generator</a>
-                                        attribute of the [[<a
-                                        href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                  </ul>
-                                </li>
-                              </ul>
-                            </li>
-                            <li>
-                              <p>
-                                Set the <var>subjectPublicKey</var> to an ASN.1 INTEGER that
-                                corresponds to the Diffie-Hellman public value represented by [[<a
-                                href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                                <var>key</var>.
-                              </p>
-                            </li>
-                          </ul>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>
-                      If <var>format</var> is <code>"pkcs8"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                            of <var>key</var> is not <code>"private"</code>, then <a
-                            href="#concept-throw">throw</a> an <a
-                            href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be an instance of the <code>privateKeyInfo</code>
-                            ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
-                            with the following properties:
-                          </p>
-                          <ul>
-                            <li>
-                              <p>
-                                Set the <var>privateKeyAlgorithm</var> field to a
-                                <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 structure with
-                                the following properties:
-                              </p>
-                              <ul>
-                                <li>
-                                  <p>
-                                    Set the <var>algorithm</var> field to the
-                                    <code>dhKeyAgreement</code> OID defined in Section 9 of <a
-                                    href="#PKCS3">PKCS #3</a>.
-                                  </p>
-                                </li>
-                                <li>
-                                  <p>
-                                    Set the <var>parameters</var> field to an instance of the
-                                    <code>DHParams</code> ASN.1 structure defined in Section 9 of
-                                    <a href="#PKCS3">PKCS #3</a> with the following properties:
-                                  </p>
-                                  <ul>
-                                    <li>
-                                      <p>
-                                        Set the <var>prime</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a
-                                        href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                                        the [[<a
-                                        href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                    <li>
-                                      <p>
-                                        Set the <var>base</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a
-                                        href="#dfn-DhKeyAlgorithm-generator">generator</a>
-                                        attribute of the [[<a
-                                        href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                  </ul>
-                                </li>
-                              </ul>
-                            </li>
-                            <li>
-                              <p>
-                                Set the <var>privateKey</var> field to an ASN.1 INTEGER that
-                                corresponds to the Diffie-Hellman private value represented by
-                                [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot
-                                of <var>key</var>.
-                              </p>
-                            </li>
-                          </ul>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>                  
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
-      <div id="sha" class="section">
+    <div id="sha" class="section">
         <h3>SHA</h3>
         <div id="sha-description" class="section">
           <h4>Description</h4>
@@ -16538,228 +14569,7 @@
           </dl>
         </div>
       </div>
-      <div id="concatkdf" class="section">
-        <h3>Concat KDF</h3>
-        <div id="concatkdf-description" class="section">
-          <h4>Description</h4>
-          <p>
-            The <code>"CONCAT"</code> algorithm identifier is used to perform key derivation
-            using the key derivation algorithm defined in Section 5.8.1 of
-            [<a href="#SP800-56A">NIST SP800-56A</a>] using the SHA hash functions defined
-            in this specification.
-          </p>
-          <p>
-            <a href="#dfn-applicable-specification">Other specifications</a>
-            may specify the use of additional hash algorithms with Concat KDF. Such specifications
-            must define digest operations for the additional hash algorithms and 
-            <dfn id="dfn-concat-extended-import-steps">key import steps</dfn> for Concat KDF.
-          </p>
-        </div>
-        <div id="concatkdf-registration" class="section">
-          <h4>Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"CONCAT"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>deriveBits</td>
-                <td><a href="#dfn-ConcatParams">ConcatParams</a></td>
-                <td><a href="#dfn-octet-string">Octet string</a></td>
-              </tr>
-              <tr>
-                <td>Import key</td>
-                <td>None</td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>Get key length</td>
-                <td>None</td>
-                <td>Integer or null</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="concat-params" class="section">
-          <h4>ConcatParams dictionary</h4>
-          <x:codeblock language="idl">
-dictionary <dfn id="dfn-ConcatParams">ConcatParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The digest method to use to derive the keying material.</span>
-<a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-ConcatParams-hash">hash</dfn>;
-
-<span class="comment">// A bit string corresponding to the AlgorithmId field of the OtherInfo parameter.</span>
-<span class="comment">// The AlgorithmId indicates how the derived keying material will be parsed and for which</span>
-<span class="comment">// algorithm(s) the derived secret keying material will be used.</span>
-required BufferSource <dfn id="dfn-ConcatParams-algorithmId">algorithmId</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyUInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyUInfo">partyUInfo</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyVInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyVInfo">partyVInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPubInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-publicInfo">publicInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPrivInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-privateInfo">privateInfo</dfn>;
-};
-          </x:codeblock>
-        </div>
-        <div id="concat-operations" class="section">
-          <h4>Operations</h4>
-          <dl>
-            <dt>Derive Bits</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>secret</var> be the result of performing the Concatenation Key
-                    Derivation Function defined in Section 5.8.1 of
-                    [<a href="#SP800-56A">SP800-56A</a>] with <var>length</var> as
-                    <var>keydatalen</var>, the hash function identified by the
-                    <a href="#dfn-ConcatParams-hash">hash</a> member of
-                    <var>normalizedAlgorithm</var> as <var>H</var>, the
-                    <a href="#dfn-ConcatParams-algorithmId">algorithmId</a> member of
-                    <var>normalizedAlgorithm</var> as <var>AlgorithmID</var>, the
-                    <a href="#dfn-ConcatParams-partyUInfo">partyUInfo</a> member of
-                    <var>normalizedAlgorithm</var> as <var>PartyUInfo</var>, the
-                    <a href="#dfn-ConcatParams-partyVInfo">partyVInfo</a> member of
-                    <var>normalizedAlgorithm</var> as <var>PartyVInfo</var>, the
-                    <a href="#dfn-ConcatParams-publicInfo">publicInfo</a> member of
-                    <var>normalizedAlgorithm</var>, if present, as
-                    <var>SuppPubInfo</var> and the
-                    <a href="#dfn-ConcatParams-privateInfo">privateInfo</a> member of
-                    <var>normalizedAlgorithm</var>, if present, as
-                    <var>SuppPrivInfo</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the operation fails, 
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>secret</var>
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>Let <var>keyData</var> be the key data to be imported.</p>
-                </li>
-                <li>
-                  <p>
-                    Perform any <a href="#dfn-concat-extended-import-steps">key import steps</a>
-                    defined by <a href="#dfn-applicable-specification">other applicable
-                    specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
-                  </p>
-                  <dl class="switch">
-                    <dt>
-                      If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object
-                    </dt>
-                    <dd>
-                      <p>
-                        Return <var>result</var>.
-                      </p>
-                    </dd>
-                    <dt>
-                      If <var>result</var> is an error with a name that is not
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
-                    </dt>
-                    <dd>
-                      <p>
-                        <a href="#concept-throw">throw</a> <var>result</var>.
-                      </p>
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>
-                      If <var>format</var> is <code>"raw"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            If <var>usages</var> contains a value that is not 
-                            <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-                            
-                                then <a href="#concept-throw">throw</a> a
-                                <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                            representing the key data provided in <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                            <var>key</var> to <code>"secret"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>algorithm</var> be a new
-                            <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                            <var>algorithm</var> to <code>"CONCAT"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                            slot of <var>key</var> to <var>algorithm</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Return <var>key</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>
-                  </dl>
-                </li>
-              </ol>
-            </dd>
-            <dt>Get length</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Return null.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
+      
       <div id="hkdf-ctr" class="section">
         <h3>HKDF-CTR</h3>
         <div id="hkdf-ctr-description" class="section">
@@ -17610,11 +15420,6 @@
               NIST Special Publication 800-108: Recommendation for Key Derivation Using
               Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
             </dd>
-             <dt id="PKCS3">PKCS3</dt>
-             <dd>
-               <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2126">PKCS #3: Diffie-Hellman
-               Key-Agreement Standard</a></cite>, RSA Laboratories.
-             </dd>
              <dt id="RFC2119">RFC 2119</dt>
              <dd>
                <cite><a href='http://www.ietf.org/rfc/rfc2119'>Key words for use in RFCs to
@@ -18203,91 +16008,7 @@
 </x:codeblock>
                 </td>
               </tr>
-              <tr>
-                <td>
-<x:codeblock language="es">
-{ kty: "oct",
-  alg: "A128CMAC" }
-</x:codeblock>
-                </td>
-                <td>
-<x:codeblock language="es">
-{ name: "AES-CMAC",
-  length: 128 }
-</x:codeblock>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<x:codeblock language="es">
-{ kty: "oct",
-  alg: "A192CMAC" }
-</x:codeblock>
-                </td>
-                <td>
-<x:codeblock language="es">
-{ name: "AES-CMAC",
-  length: 192 }
-</x:codeblock>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<x:codeblock language="es">
-{ kty: "oct",
-  alg: "A256CMAC" }
-</x:codeblock>
-                </td>
-                <td>
-<x:codeblock language="es">
-{ name: "AES-CMAC",
-  length: 256 }
-</x:codeblock>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<x:codeblock language="es">
-{ kty: "oct",
-  alg: "A128CFB8" }
-</x:codeblock>
-                </td>
-                <td>
-<x:codeblock language="es">
-{ name: "AES-CFB-8",
-  length: 128 }
-</x:codeblock>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<x:codeblock language="es">
-{ kty: "oct",
-  alg: "A192CFB8" }
-</x:codeblock>
-                </td>
-                <td>
-<x:codeblock language="es">
-{ name: "AES-CFB-8",
-  length: 192 }
-</x:codeblock>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<x:codeblock language="es">
-{ kty: "oct",
-  alg: "A256CFB8" }
-</x:codeblock>
-                </td>
-                <td>
-<x:codeblock language="es">
-{ name: "AES-CFB-8",
-  length: 256 }
-</x:codeblock>
-                </td>
-              </tr>
-              <tr>
+            <tr>
                 <td>
 <x:codeblock language="es">
 { kty: "oct",
@@ -18437,12 +16158,6 @@
               <td><code>"DSA"</code></td>
               <td><a href="#RFC3279">RFC 3279</a></td>
             </tr>
-            <tr>
-              <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
-              <td>INTEGER</td>
-              <td><code>"DH"</code></td>
-              <td><a href="#PKCS3">PKCS #3</a></td>
-            </tr>
           </tbody>
         </table>
         <div class="ednote">
@@ -18535,20 +16250,8 @@
               <td><code>"DSA"</code></td>
               <td><a href="#RFC5958">RFC 5958</a></td>
             </tr>
-            <tr>
-              <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
-              <td>INTEGER</td>
-              <td><code>"DH"</code></td>
-              <td><a href="#PKCS3">PKCS #3</a></td>
-            </tr>
           </tbody>
         </table>
-        <div class="ednote">
-          <p>
-            There does not appear to be a normative reference for a DH key being encoded as an
-            INTEGER. Only RFC 5958 seems to mention this.
-          </p>
-        </div>
       </div>
     </div>
   </body>
--- a/spec/Overview.html	Sun Nov 30 23:10:07 2014 +0100
+++ b/spec/Overview.html	Thu Nov 12 09:36:30 2015 -0800
@@ -28,7 +28,7 @@
   <link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
 
   <body>
-    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>30 November 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
+    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>12 November 2015</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
     (see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document&amp;resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> &copy; view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>&reg;</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
 
     <div class="section">
@@ -44,7 +44,7 @@
         communications.
       </p>
   
-      <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 9 further editorial notes in the document.</p></div>
+      <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 7 further editorial notes in the document.</p></div>
     </div>
 
     <div class="section">
@@ -56,7 +56,7 @@
         report can be found in the <a href="http://www.w3.org/TR/">W3C technical
           reports index</a> at http://www.w3.org/TR/.
       </em></p><p>
-        This document is the 30 November 2014 <b>Editor’s Draft</b> of the
+        This document is the 12 November 2015 <b>Editor’s Draft</b> of the
         <cite>Web Cryptography API</cite> specification.
       
       Please send comments about this document to
@@ -134,7 +134,7 @@
 
     <div id="toc">
       <h2>Table of Contents</h2>
-      <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a><ul><li><a href="#extensibility">3.1. Extensibility</a></li></ul></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#concepts">5. Concepts</a><ul><li><a href="#concepts-underlying-implementation">5.1. Underlying Cryptographic Implementation</a></li><li><a href="#concepts-key-storage">5.2. Key Storage</a></li></ul></li><li><a href="#security-considerations">6. Security considerations</a><ul><li><a href="#security-implementers">6.1. Security considerations for implementers</a></li><li><a href="#security-developers">6.2. Security considerations for authors</a></li><li><a href="#security-users">6.3. Security considerations for users</a></li></ul></li><li><a href="#privacy">7. Privacy considerations</a></li><li><a href="#dependencies">8. Dependencies</a></li><li><a href="#terminology">9. Terminology</a></li><li><a href="#crypto-interface">10. Crypto interface</a><ul><li><a href="#Crypto-description">10.1. Description</a></li><li><a href="#Crypto-interface-methods">10.2. Methods and Parameters</a><ul><li><a href="#Crypto-method-getRandomValues">10.2.1. The getRandomValues method</a></li></ul></li><li><a href="#Crypto-interface-attributes">10.3. Attributes</a><ul><li><a href="#Crypto-attribute-subtle">10.3.1. The subtle attribute</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">11. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">11.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-dictionary">12. KeyAlgorithm dictionary</a><ul><li><a href="#key-algorithm-dictionary-description">12.1. Description</a></li><li><a href="#key-algorithm-dictionary-members">12.2. KeyAlgorithm dictionary members</a></li></ul></li><li><a href="#cryptokey-interface">13. CryptoKey interface</a><ul><li><a href="#cryptokey-interface-description">13.1. Description</a></li><li><a href="#cryptokey-interface-types">13.2. Key interface data types</a></li><li><a href="#cryptokey-interface-internal-slots">13.3. CryptoKey internal slots</a></li><li><a href="#cryptokey-interface-members">13.4. CryptoKey interface members</a></li><li><a href="#cryptokey-interface-clone">13.5. Structured clone algorithm</a></li></ul></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li><li><a href="#SubtleCrypto-Exceptions">14.4. Exceptions</a></li></ul></li><li><a href="#JsonWebKey-dictionary">15. JsonWebKey dictionary</a></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. CryptoKeyPair dictionary</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-section-overview">18.1. Overview</a></li><li><a href="#algorithm-concepts">18.2. Concepts</a><ul><li><a href="#algorithm-concepts-naming">18.2.1. Naming</a></li><li><a href="#algorithm-concepts-operations">18.2.2. Supported Operations</a></li><li><a href="#algorithm-concepts-normalization">18.2.3. Normalization</a></li></ul></li><li><a href="#algorithm-conventions">18.3. Specification Conventions</a></li><li><a href="#algorithm-normalization">18.4. Algorithm Normalization</a><ul><li><a href="#algorithm-normalization-description">18.4.1. Description</a></li><li><a href="#algorithm-normalization-internal">18.4.2. Internal State Objects</a></li><li><a href="#algorithm-normalization-define-an-algorithm">18.4.3. Defining an Algorithm</a></li><li><a href="#algorithm-normalization-normalize-an-algorithm">18.4.4. Normalizing an algorithm</a></li></ul></li><li><a href="#algorithm-recommendations">18.5. Recommendations</a><ul><li><a href="#algorithm-recommendations-authors">18.5.1. For Authors</a></li><li><a href="#algorithm-recommendations-implementers">18.5.2. For Implementers</a></li></ul></li></ul></li><li><a href="#algorithm-overview">19. Algorithm Overview</a></li><li><a href="#rsassa-pkcs1">20. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">20.4. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-dictionary">20.5. RsaKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-dictionary">20.6. RsaHashedKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedImportParams-dictionary">20.7. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.8. Operations</a></li></ul></li><li><a href="#rsa-pss">21. RSA-PSS</a><ul><li><a href="#rsa-pss-description">21.1. Description</a></li><li><a href="#rsa-pss-registration">21.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">21.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">21.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">22. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">22.1. Description</a></li><li><a href="#rsa-oaep-registration">22.2. Registration</a></li><li><a href="#rsa-oaep-params">22.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">22.4. Operations</a></li></ul></li><li><a href="#ecdsa">23. ECDSA</a><ul><li><a href="#ecdsa-description">23.1. Description</a></li><li><a href="#ecdsa-registration">23.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">23.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">23.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-dictionary">23.5. EcKeyAlgorithm dictionary</a></li><li><a href="#EcKeyImportParams-dictionary">23.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">23.7. Operations</a></li></ul></li><li><a href="#ecdh">24. ECDH</a><ul><li><a href="#ecdh-description">24.1. Description</a></li><li><a href="#ecdh-registration">24.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">24.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">24.4. Operations</a></li></ul></li><li><a href="#aes-ctr">25. AES-CTR</a><ul><li><a href="#aes-ctr-description">25.1. Description</a></li><li><a href="#aes-ctr-registration">25.2. Registration</a></li><li><a href="#aes-ctr-params">25.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-dictionary">25.4. </a></li><li><a href="#aes-keygen-params">25.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">25.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">25.7. Operations</a></li></ul></li><li><a href="#aes-cbc">26. AES-CBC</a><ul><li><a href="#aes-cbc-description">26.1. Description</a></li><li><a href="#aes-cbc-registration">26.2. Registration</a></li><li><a href="#aes-cbc-params">26.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">26.4. Operations</a></li></ul></li><li><a href="#aes-cmac">27. AES-CMAC</a><ul><li><a href="#aes-cmac-description">27.1. Description</a></li><li><a href="#aes-cmac-registration">27.2. Registration</a></li><li><a href="#aes-cmac-params">27.3. AesCmacParams dictionary</a></li><li><a href="#aes-cmac-operations">27.4. Operations</a></li></ul></li><li><a href="#aes-gcm">28. AES-GCM</a><ul><li><a href="#aes-gcm-description">28.1. Description</a></li><li><a href="#aes-gcm-registration">28.2. Registration</a></li><li><a href="#aes-gcm-params">28.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">28.4. Operations</a></li></ul></li><li><a href="#aes-cfb">29. AES-CFB</a><ul><li><a href="#aes-cfb-description">29.1. Description</a></li><li><a href="#aes-cfb-registration">29.2. Registration</a></li><li><a href="#aes-cfb-params">29.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">29.4. Operations</a></li></ul></li><li><a href="#aes-kw">30. AES-KW</a><ul><li><a href="#aes-kw-description">30.1. Description</a></li><li><a href="#aes-kw-registration">30.2. Registration</a></li><li><a href="#aes-kw-operations">30.3. Operations</a></li></ul></li><li><a href="#hmac">31. HMAC</a><ul><li><a href="#hmac-description">31.1. Description</a></li><li><a href="#hmac-registration">31.2. Registration</a></li><li><a href="#hmac-importparams">31.3. HmacImportParams dictionary</a></li><li><a href="#HmacKeyAlgorithm-dictionary">31.4. HmacKeyAlgorithm dictionary</a></li><li><a href="#hmac-keygen-params">31.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-operations">31.6. Operations</a></li></ul></li><li><a href="#dh">32. Diffie-Hellman</a><ul><li><a href="#dh-description">32.1. Description</a></li><li><a href="#dh-registration">32.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">32.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">32.4. DhKeyAlgorithm dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">32.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">32.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">32.7. Operations</a></li></ul></li><li><a href="#sha">33. SHA</a><ul><li><a href="#sha-description">33.1. Description</a></li><li><a href="#sha-registration">33.2. Registration</a></li><li><a href="#sha-operations">33.3. Operations</a></li></ul></li><li><a href="#concatkdf">34. Concat KDF</a><ul><li><a href="#concatkdf-description">34.1. Description</a></li><li><a href="#concatkdf-registration">34.2. Registration</a></li><li><a href="#concat-params">34.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">34.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">35. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">35.1. Description</a></li><li><a href="#hkdf-ctr-registration">35.2. Registration</a></li><li><a href="#hkdf-ctr-params">35.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">35.4. Operations</a></li></ul></li><li><a href="#pbkdf2">36. PBKDF2</a><ul><li><a href="#pbkdf2-description">36.1. Description</a></li><li><a href="#pbkdf2-registration">36.2. Registration</a></li><li><a href="#pbkdf2-params">36.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">36.4. Operations</a></li></ul></li><li><a href="#examples-section">37. JavaScript Example Code</a><ul><li><a href="#examples-signing">37.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">37.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">38. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">38.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">38.2. JSON Web Key Parameters Registration</a></li></ul></li><li><a href="#acknowledgements-section">39. Acknowledgements</a></li><li><a href="#references">40. References</a><ul><li><a href="#normative-references">40.1. Normative References</a></li><li><a href="#informative-references">40.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
+      <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a><ul><li><a href="#extensibility">3.1. Extensibility</a></li></ul></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#concepts">5. Concepts</a><ul><li><a href="#concepts-underlying-implementation">5.1. Underlying Cryptographic Implementation</a></li><li><a href="#concepts-key-storage">5.2. Key Storage</a></li></ul></li><li><a href="#security-considerations">6. Security considerations</a><ul><li><a href="#security-implementers">6.1. Security considerations for implementers</a></li><li><a href="#security-developers">6.2. Security considerations for authors</a></li><li><a href="#security-users">6.3. Security considerations for users</a></li></ul></li><li><a href="#privacy">7. Privacy considerations</a></li><li><a href="#dependencies">8. Dependencies</a></li><li><a href="#terminology">9. Terminology</a></li><li><a href="#crypto-interface">10. Crypto interface</a><ul><li><a href="#Crypto-description">10.1. Description</a></li><li><a href="#Crypto-interface-methods">10.2. Methods and Parameters</a><ul><li><a href="#Crypto-method-getRandomValues">10.2.1. The getRandomValues method</a></li></ul></li><li><a href="#Crypto-interface-attributes">10.3. Attributes</a><ul><li><a href="#Crypto-attribute-subtle">10.3.1. The subtle attribute</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">11. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">11.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-dictionary">12. KeyAlgorithm dictionary</a><ul><li><a href="#key-algorithm-dictionary-description">12.1. Description</a></li><li><a href="#key-algorithm-dictionary-members">12.2. KeyAlgorithm dictionary members</a></li></ul></li><li><a href="#cryptokey-interface">13. CryptoKey interface</a><ul><li><a href="#cryptokey-interface-description">13.1. Description</a></li><li><a href="#cryptokey-interface-types">13.2. Key interface data types</a></li><li><a href="#cryptokey-interface-internal-slots">13.3. CryptoKey internal slots</a></li><li><a href="#cryptokey-interface-members">13.4. CryptoKey interface members</a></li><li><a href="#cryptokey-interface-clone">13.5. Structured clone algorithm</a></li></ul></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li><li><a href="#SubtleCrypto-Exceptions">14.4. Exceptions</a></li></ul></li><li><a href="#JsonWebKey-dictionary">15. JsonWebKey dictionary</a></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. CryptoKeyPair dictionary</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-section-overview">18.1. Overview</a></li><li><a href="#algorithm-concepts">18.2. Concepts</a><ul><li><a href="#algorithm-concepts-naming">18.2.1. Naming</a></li><li><a href="#algorithm-concepts-operations">18.2.2. Supported Operations</a></li><li><a href="#algorithm-concepts-normalization">18.2.3. Normalization</a></li></ul></li><li><a href="#algorithm-conventions">18.3. Specification Conventions</a></li><li><a href="#algorithm-normalization">18.4. Algorithm Normalization</a><ul><li><a href="#algorithm-normalization-description">18.4.1. Description</a></li><li><a href="#algorithm-normalization-internal">18.4.2. Internal State Objects</a></li><li><a href="#algorithm-normalization-define-an-algorithm">18.4.3. Defining an Algorithm</a></li><li><a href="#algorithm-normalization-normalize-an-algorithm">18.4.4. Normalizing an algorithm</a></li></ul></li><li><a href="#algorithm-recommendations">18.5. Recommendations</a><ul><li><a href="#algorithm-recommendations-authors">18.5.1. For Authors</a></li><li><a href="#algorithm-recommendations-implementers">18.5.2. For Implementers</a></li></ul></li></ul></li><li><a href="#algorithm-overview">19. Algorithm Overview</a></li><li><a href="#rsassa-pkcs1">20. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">20.4. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-dictionary">20.5. RsaKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-dictionary">20.6. RsaHashedKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedImportParams-dictionary">20.7. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.8. Operations</a></li></ul></li><li><a href="#rsa-pss">21. RSA-PSS</a><ul><li><a href="#rsa-pss-description">21.1. Description</a></li><li><a href="#rsa-pss-registration">21.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">21.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">21.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">22. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">22.1. Description</a></li><li><a href="#rsa-oaep-registration">22.2. Registration</a></li><li><a href="#rsa-oaep-params">22.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">22.4. Operations</a></li></ul></li><li><a href="#ecdsa">23. ECDSA</a><ul><li><a href="#ecdsa-description">23.1. Description</a></li><li><a href="#ecdsa-registration">23.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">23.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">23.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-dictionary">23.5. EcKeyAlgorithm dictionary</a></li><li><a href="#EcKeyImportParams-dictionary">23.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">23.7. Operations</a></li></ul></li><li><a href="#ecdh">24. ECDH</a><ul><li><a href="#ecdh-description">24.1. Description</a></li><li><a href="#ecdh-registration">24.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">24.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">24.4. Operations</a></li></ul></li><li><a href="#aes-ctr">25. AES-CTR</a><ul><li><a href="#aes-ctr-description">25.1. Description</a></li><li><a href="#aes-ctr-registration">25.2. Registration</a></li><li><a href="#aes-ctr-params">25.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-dictionary">25.4. </a></li><li><a href="#aes-keygen-params">25.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">25.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">25.7. Operations</a></li></ul></li><li><a href="#aes-cbc">26. AES-CBC</a><ul><li><a href="#aes-cbc-description">26.1. Description</a></li><li><a href="#aes-cbc-registration">26.2. Registration</a></li><li><a href="#aes-cbc-params">26.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">26.4. Operations</a></li></ul></li><li><a href="#aes-gcm">27. AES-GCM</a><ul><li><a href="#aes-gcm-description">27.1. Description</a></li><li><a href="#aes-gcm-registration">27.2. Registration</a></li><li><a href="#aes-gcm-params">27.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">27.4. Operations</a></li></ul></li><li><a href="#aes-kw">28. AES-KW</a><ul><li><a href="#aes-kw-description">28.1. Description</a></li><li><a href="#aes-kw-registration">28.2. Registration</a></li><li><a href="#aes-kw-operations">28.3. Operations</a></li></ul></li><li><a href="#hmac">29. HMAC</a><ul><li><a href="#hmac-description">29.1. Description</a></li><li><a href="#hmac-registration">29.2. Registration</a></li><li><a href="#hmac-importparams">29.3. HmacImportParams dictionary</a></li><li><a href="#HmacKeyAlgorithm-dictionary">29.4. HmacKeyAlgorithm dictionary</a></li><li><a href="#hmac-keygen-params">29.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-operations">29.6. Operations</a></li></ul></li><li><a href="#sha">30. SHA</a><ul><li><a href="#sha-description">30.1. Description</a></li><li><a href="#sha-registration">30.2. Registration</a></li><li><a href="#sha-operations">30.3. Operations</a></li></ul></li><li><a href="#hkdf-ctr">31. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">31.1. Description</a></li><li><a href="#hkdf-ctr-registration">31.2. Registration</a></li><li><a href="#hkdf-ctr-params">31.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">31.4. Operations</a></li></ul></li><li><a href="#pbkdf2">32. PBKDF2</a><ul><li><a href="#pbkdf2-description">32.1. Description</a></li><li><a href="#pbkdf2-registration">32.2. Registration</a></li><li><a href="#pbkdf2-params">32.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">32.4. Operations</a></li></ul></li><li><a href="#examples-section">33. JavaScript Example Code</a><ul><li><a href="#examples-signing">33.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">33.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">34. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">34.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">34.2. JSON Web Key Parameters Registration</a></li></ul></li><li><a href="#acknowledgements-section">35. Acknowledgements</a></li><li><a href="#references">36. References</a><ul><li><a href="#normative-references">36.1. Normative References</a></li><li><a href="#informative-references">36.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
     </div>
 
     <div id="sections">
@@ -3389,21 +3389,6 @@
               <td>✔</td>
             </tr>
             <tr>
-              <td><a href="#aes-cmac">AES-CMAC</a></td>
-              <td></td>
-              <td></td>
-              <td>✔</td>
-              <td>✔</td>
-              <td></td>
-              <td>✔</td>
-              <td></td>
-              <td></td>
-              <td>✔</td>
-              <td>✔</td>
-              <td></td>
-              <td></td>
-            </tr>
-            <tr>
               <td><a href="#aes-gcm">AES-GCM</a></td>
               <td>✔</td>
               <td>✔</td>
@@ -3419,21 +3404,6 @@
               <td>✔</td>
             </tr>
             <tr>
-              <td><a href="#aes-cfb">AES-CFB</a></td>
-              <td>✔</td>
-              <td>✔</td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td>✔</td>
-              <td></td>
-              <td></td>
-              <td>✔</td>
-              <td>✔</td>
-              <td>✔</td>
-              <td>✔</td>
-            </tr>
-            <tr>
               <td><a href="#aes-kw">AES-KW</a></td>
               <td></td>
               <td></td>
@@ -3464,21 +3434,6 @@
               <td></td>
             </tr>
             <tr>
-              <td><a href="#dh">DH</a></td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td>✔</td>
-              <td>✔</td>
-              <td>✔</td>
-              <td>✔</td>
-              <td>✔</td>
-              <td></td>
-              <td></td>
-            </tr>
-            <tr>
               <td><a href="#sha">SHA-1</a></td>
               <td></td>
               <td></td>
@@ -3539,21 +3494,6 @@
               <td></td>
             </tr>
             <tr>
-              <td><a href="#concatkdf">CONCAT</a></td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td></td>
-              <td>✔</td>
-              <td>✔</td>
-              <td>✔</td>
-              <td></td>
-              <td></td>
-              <td></td>
-            </tr>
-            <tr>
               <td><a href="#hkdf-ctr">HKDF-CTR</a></td>
               <td></td>
               <td></td>
@@ -12159,523 +12099,19 @@
         </div>
       </div>
 
-      <div id="aes-cmac" class="section">
-        <h3>27. AES-CMAC</h3>
-        <div id="aes-cmac-description" class="section">
+      <div id="aes-gcm" class="section">
+        <h3>27. AES-GCM</h3>
+        <div id="aes-gcm-description" class="section">
           <h4>27.1. Description</h4>
           <p class="norm">This section is non-normative.</p>
           <p>
-            The <code>"AES-CMAC"</code> algorithm identifier is used to perform
-            message authentication using AES with a cipher-based MAC, as
-            described in [<a href="#SP800-38B">NIST SP800-38B</a>].
-          </p>
-        </div>
-        <div id="aes-cmac-registration" class="section">
-          <h4>27.2. Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"AES-CMAC"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>sign</td>
-                <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
-                <td>ArrayBuffer</td>
-              </tr>
-              <tr>
-                <td>verify</td>
-                <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
-                <td>boolean</td>
-              </tr>
-              <tr>
-                <td>generateKey</td>
-                <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>importKey</td>
-                <td>None</td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>exportKey</td>
-                <td>None</td>
-                <td>object</td>
-              </tr>
-              <tr>
-                <td>get key length</td>
-                <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
-                <td>Integer</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="aes-cmac-params" class="section">
-          <h4>27.3. AesCmacParams dictionary</h4>
-          <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-AesCmacParams">AesCmacParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The length, in bits, of the MAC.</span>
-[EnforceRange] required unsigned short <dfn id="dfn-AesCmacParams-length">length</dfn>;
-};
-          </code></pre></div></div>
-        </div>
-        <div id="aes-cmac-operations" class="section">
-          <h4>27.4. Operations</h4>
-          <dl>
-            <dt>Sign</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
-                    member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If <var>length</var> is zero or greater than 128,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>mac</var> be the result of performing the MAC Generation
-                    operation described in Section 6.2 of
-                    [<a href="#SP800-38B">NIST SP800-38B</a>] using AES as the block
-                    cipher, <var>length</var> as the value of the MAC length parameter,
-                    <var>Tlen</var>, and <var>message</var> as the message, <var>M</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>mac</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Verify</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
-                    member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If <var>length</var> is zero or greater than 128,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>output</var> be the result of performing the MAC Verification
-                    operation described in Section 6.3 of
-                    [<a href="#SP800-38B">NIST SP 800-38B</a>] using AES as the block
-                    cipher, <var>length</var> as the value of the MAC length parameter,
-                    <var>Tlen</var>, <var>message</var> as the message, <var>M</var> and
-                    <var>signature</var> as the received MAC, <var>T'</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return true if <var>output</var> is VALID and false otherwise.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains any entry which is not
-                     <code>"sign"</code> or <code>"verify"</code>,
-                    then <a href="#concept-throw">throw</a> a
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var> is not equal to one of
-                    128, 192 or 256,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate an AES key of length
-                    equal to the <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the key generation step fails,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new
-                    <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
-                    generated AES key.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CMAC"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to equal the
-                    <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>key</var> to be <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>key</var> to be <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains an entry which is not
-                     <code>"sign"</code> or <code>"verify"</code>,
-                    then <a href="#concept-throw">throw</a> a
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the length in bits of <var>data</var> is not 128, 192 or 256
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary represented by <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"kty"</code> field of <var>jwk</var> is not
-                            to <code>"oct"</code>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If <var>jwk</var> does not meet the requirements of
-                            Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
-                            <code>"k"</code> field of <var>jwk</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If <var>data</var> has length 128 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A128CMAC"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 192 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A192CMAC"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 256 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A256CMAC"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>Otherwise:</dt>
-                            <dd>
-                              <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                            </dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"enc"</code>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
-                            is invalid according to the requirements of
-                            <a href="#jwk">JSON Web Key</a> or
-                            does not contain all of the specified <var>usages</var> values,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"ext"</code> field of <var>jwk</var> is present and
-                            has the value false and <var>extractable</var> is true,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
-                    object representing an AES key with value <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CMAC"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to the length, in bits, of <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Export Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the underlying cryptographic key material represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                    cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>kty</code> attribute of <var>jwk</var> to the
-                            string <code>"oct"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>k</code> attribute of <var>jwk</var> to be a string
-                            containing the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>, encoded according to Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 128:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A128CMAC"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 192:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A192CMAC"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 256:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A256CMAC"</code>.</dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
-                            <a href="#dfn-CryptoKey-usages">usages</a> attribute of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
-                            of <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be the result of converting <var>jwk</var>
-                            to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <p>
-                        <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                      </p>
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Get key length</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
-                    <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
-                    <var>normalizedDerivedKeyAlgorithm</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
-      <div id="aes-gcm" class="section">
-        <h3>28. AES-GCM</h3>
-        <div id="aes-gcm-description" class="section">
-          <h4>28.1. Description</h4>
-          <p class="norm">This section is non-normative.</p>
-          <p>
             The <code>"AES-GCM"</code> algorithm identifier is used to perform
             authenticated encryption and decryption using AES in Galois/Counter Mode mode,
             as described in [<a href="#SP800-38D">NIST SP 800-38D</a>].
           </p>
         </div>
         <div id="aes-gcm-registration" class="section">
-           <h4>28.2. Registration</h4>
+           <h4>27.2. Registration</h4>
            <p>
              The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
              this algorithm is <code>"AES-GCM"</code>.
@@ -12723,7 +12159,7 @@
            </table>
          </div>
         <div id="aes-gcm-params" class="section">
-          <h4>28.3. AesGcmParams dictionary</h4>
+          <h4>27.3. AesGcmParams dictionary</h4>
           <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
 dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
 <span class="comment">// The initialization vector to use. May be up to 2^64-1 bytes long.</span>
@@ -12736,7 +12172,7 @@
           </code></pre></div></div>
         </div>
         <div id="aes-gcm-operations" class="section">
-          <h4>28.4. Operations</h4>
+          <h4>27.4. Operations</h4>
           <dl>
             <dt>Encrypt</dt>
             <dd>
@@ -13275,508 +12711,10 @@
         </div>
       </div>
 
-      <div id="aes-cfb" class="section">
-        <h3>29. AES-CFB</h3>
-        <div id="aes-cfb-description" class="section">
-          <h4>29.1. Description</h4>
-          <p class="norm">This section is non-normative.</p>
-          <p>
-            The <code>"AES-CFB-8"</code> algorithm identifier is used to perform
-            encryption and decryption using AES in Cipher Feedback mode, specifically CFB-8,
-            as described in Section 6.3 of
-            [<a href="#SP800-38A">NIST SP800-38A</a>].
-          </p>
-        </div>
-        <div id="aes-cfb-registration" class="section">
-          <h4>29.2. Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"AES-CFB-8"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>encrypt</td>
-                <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
-                <td>ArrayBuffer</td>
-              </tr>
-              <tr>
-                <td>decrypt</td>
-                <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
-                <td>ArrayBuffer</td>
-              </tr>
-              <tr>
-                <td>generateKey</td>
-                <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>importKey</td>
-                <td>None</td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>exportKey</td>
-                <td>None</td>
-                <td>object</td>
-              </tr>
-              <tr>
-                <td>get key length</td>
-                <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
-                <td>Integer</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="aes-cfb-params" class="section">
-          <h4>29.3. AesCfbParams dictionary</h4>
-          <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-AesCfbParams">AesCfbParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
-required BufferSource <dfn id="dfn-AesCfbParams-iv">iv</dfn>;
-};
-          </code></pre></div></div>
-        </div>
-        <div id="aes-cfb-operations" class="section">
-          <h4>29.4. Operations</h4>
-          <dl>
-            <dt>Encrypt</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
-                    <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>ciphertext</var> be the result of performing the CFB Encryption
-                    operation described in Section 6.3 of [<a href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
-                    the <var>IV</var> input parameter, the value 8 as the input parameter
-                    <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents
-                    of<var>plaintext</var></a> as the input plaintext.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>ciphertext</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Decrypt</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
-                    <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>plaintext</var> be the result of performing the CFB Decryption
-                    operation described in Section 6.3 of [<a href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
-                    the <var>IV</var> input parameter, the the value 8 as the input parameter
-                    <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents of
-                    <var>ciphertext</var></a> as the input ciphertext.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>plaintext</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains any entry which is not one of
-                    <code>"encrypt"</code>, <code>"decrypt"</code>, <code>"wrapKey"</code> or
-                    <code>"unwrapKey"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var> is not equal to one of 128, 192 or 256, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate an AES key of length equal to the <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the key generation step fails,
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new
-                    <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
-                    generated AES key.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CFB-8"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to equal the
-                    <a href="#dfn-AesKeyGenParams-length">length</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>key</var> to be <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>key</var> to be <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains an entry which is not
-                    one of <code>"encrypt"</code>, <code>"decrypt"</code>,
-                    <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the length in bits of <var>data</var> is not 128, 192 or 256
-                            
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary represented by <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"kty"</code> field of <var>jwk</var> is not
-                            <code>"oct"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If <var>jwk</var> does not meet the requirements of
-                            Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
-                            then <a href="#concept-throw">throw</a> a
-                            <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
-                            <code>"k"</code> field of <var>jwk</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If <var>data</var> has length 128 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A128CFB8"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 192 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A192CFB8"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>If <var>data</var> has length 256 bits:</dt>
-                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"A256CFB8"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                            <dt>Otherwise:</dt>
-                            <dd>
-                              <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
-                            not  <code>"enc"</code>,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
-                            is invalid according to the requirements of
-                            <a href="#jwk">JSON Web Key</a> or
-                            does not contain all of the specified <var>usages</var> values,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            If the <code>"ext"</code> field of <var>jwk</var> is present and
-                            has the value false and <var>extractable</var> is true,
-                              then <a href="#concept-throw">throw</a> a
-                              <a href="#dfn-DataError"><code>DataError</code></a>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
-                    object representing an AES key with value <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                    <var>algorithm</var> to <code>"AES-CFB-8"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                    <var>algorithm</var> to the length, in bits, of <var>data</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>key</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>key</var> to <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>key</var> to the <a href="#concept-normalized-usages">normalized
-                    value</a> of <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>key</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Export Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the underlying cryptographic key material represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                    cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>If <var>format</var> is <code>"raw"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>data</var> be the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
-                            dictionary.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>kty</code> attribute of <var>jwk</var> to the
-                            string <code>"oct"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>k</code> attribute of <var>jwk</var> to be a string
-                            containing the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                            <var>key</var>, encoded according to Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
-                          </p>
-                        </li>
-                        <li>
-                          <dl class="switch">
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 128:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A128CFB8"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 192:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A192CFB8"</code>.</dd>
-                            <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
-                            <var>key</var> is 256:</dt>
-                            <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
-                            the string <code>"A256CFB8"</code>.</dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
-                            <a href="#dfn-CryptoKey-usages">usages</a> attribute of
-                            <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
-                            of <var>key</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be the result of converting <var>jwk</var>
-                            to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <p>
-                        <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                      </p>
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Get key length</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
-                    <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
-                    <var>normalizedDerivedKeyAlgorithm</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
-
       <div id="aes-kw" class="section">
-        <h3>30. AES-KW</h3>
+        <h3>28. AES-KW</h3>
         <div id="aes-kw-description" class="section">
-          <h4>30.1. Description</h4>
+          <h4>28.1. Description</h4>
           <p class="norm">This section is non-normative.</p>
           <p>
             The <code>"AES-KW"</code> algorithm identifier is used to perform
@@ -13785,7 +12723,7 @@
           </p>
         </div>
         <div id="aes-kw-registration" class="section">
-          <h4>30.2. Registration</h4>
+          <h4>28.2. Registration</h4>
           <p>
             The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
             this algorithm is <code>"AES-KW"</code>.
@@ -13833,7 +12771,7 @@
           </table>
         </div>
         <div id="aes-kw-operations" class="section">
-          <h4>30.3. Operations</h4>
+          <h4>28.3. Operations</h4>
           <dl>
             <dt>Wrap Key</dt>
             <dd>
@@ -14241,9 +13179,9 @@
       </div>
 
       <div id="hmac" class="section">
-        <h3>31. HMAC</h3>
+        <h3>29. HMAC</h3>
         <div id="hmac-description" class="section">
-          <h4>31.1. Description</h4>
+          <h4>29.1. Description</h4>
           <p class="norm">This section is non-normative.</p>
           <p>
             The <code>HMAC</code> algorithm calculates and verifies hash-based message
@@ -14260,7 +13198,7 @@
 
         </div>
         <div id="hmac-registration" class="section">
-          <h4>31.2. Registration</h4>
+          <h4>29.2. Registration</h4>
           <p>
             The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
             this algorithm is <code>"HMAC"</code>.
@@ -14308,7 +13246,7 @@
           </table>
         </div>
         <div id="hmac-importparams" class="section">
-          <h4>31.3. HmacImportParams dictionary</h4>
+          <h4>29.3. HmacImportParams dictionary</h4>
           <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
 dictionary <dfn id="dfn-HmacImportParams">HmacImportParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
 <span class="comment">// The inner hash function to use.</span>
@@ -14319,7 +13257,7 @@
           </code></pre></div></div>
         </div>
         <div id="HmacKeyAlgorithm-dictionary" class="section">
-          <h4>31.4. HmacKeyAlgorithm dictionary</h4>
+          <h4>29.4. HmacKeyAlgorithm dictionary</h4>
           <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
 dictionary <dfn id="dfn-HmacKeyAlgorithm">HmacKeyAlgorithm</dfn> : <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> {
 <span class="comment">// The inner hash function to use.</span>
@@ -14330,7 +13268,7 @@
           </code></pre></div></div>
         </div>
         <div id="hmac-keygen-params" class="section">
-          <h4>31.5. HmacKeyGenParams dictionary</h4>
+          <h4>29.5. HmacKeyGenParams dictionary</h4>
           <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
 dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
 <span class="comment">// The inner hash function to use.</span>
@@ -14343,7 +13281,7 @@
           </code></pre></div></div>
         </div>
         <div id="hmac-operations" class="section">
-          <h4>31.6. Operations</h4>
+          <h4>29.6. Operations</h4>
           <dl>
             <dt>Sign</dt>
             <dd>
@@ -15045,843 +13983,17 @@
           </dl>
         </div>
       </div>
-      <div id="dh" class="section">
-        <h3>32. Diffie-Hellman</h3>
-        <div id="dh-description" class="section">
-          <h4>32.1. Description</h4>
-          <p class="norm">This section is non-normative.</p>
-          <p>
-            This describes using Diffie-Hellman for key generation and key agreement, as specified
-            by <a href="#PKCS3">PKCS #3</a>.
-          </p>
-        </div>
-        <div id="dh-registration" class="section">
-          <h4>32.2. Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"DH"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>generateKey</td>
-                <td><a href="#dfn-DhKeyGenParams">DhKeyGenParams</a></td>
-                <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
-              </tr>
-              <tr>
-                <td>deriveBits</td>
-                <td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
-                <td><a href="#dfn-octet-string">Octet string</a></td>
-              </tr>
-              <tr>
-                <td>importKey</td>
-                <td><a href="#dfn-DhImportKeyParams">DhImportKeyParams</a></td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>exportKey</td>
-                <td>None</td>
-                <td>object</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="dh-DhKeyGenParams" class="section">
-          <h4>32.3. DhKeyGenParams dictionary</h4>
-          <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhKeyGenParams">DhKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-generator">generator</dfn>;
-};
-          </code></pre></div></div>
-        </div>
-        <div id="dh-DhKeyAlgorithm" class="section">
-          <h4>32.4. DhKeyAlgorithm dictionary</h4>
-          <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhKeyAlgorithm">DhKeyAlgorithm</dfn> : <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-generator">generator</dfn>;
-};
-          </code></pre></div></div>
-        </div>
-        <div id="dh-DhKeyDeriveParams" class="section">
-          <h4>32.5. DhKeyDeriveParams dictionary</h4>
-          <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhKeyDeriveParams">DhKeyDeriveParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The peer's public value.</span>
-required <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-DhKeyDeriveParams-public">public</dfn>;
-};
-          </code></pre></div></div>
-        </div>
-        <div id="dh-DhImportKeyParams" class="section">
-          <h4>32.6. DhImportKeyParams dictionary</h4>
-          <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhImportKeyParams">DhImportKeyParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-generator">generator</dfn>;
-};
-          </code></pre></div></div>
-        </div>
-        <div id="dh-operations" class="section">
-          <h4>32.7. Operations</h4>
-          <dl>
-            <dt>Generate Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If <var>usages</var> contains a value which is not
-                    one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-                    then <a href="#concept-throw">throw</a> a
-                    <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Generate a Diffie-Hellman key pair, as defined in Section 7 of
-                    [<a href="#PKCS3">PKCS #3</a>], with prime, <var>p</var>, and base,
-                    <var>g</var>, as specified in the
-                    <a href="#dfn-DhKeyGenParams-prime">prime</a> and
-                    <a href="#dfn-DhKeyGenParams-generator">generator</a> properties of
-                    <var>normalizedAlgorithm</var>, respectively.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If performing the operation results in an error, 
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>algorithm</var> be a new
-                    <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>
-                    object.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-Algorithm-name">name</a> member of
-                    <var>algorithm</var> to <code>"DH"</code>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-DhKeyGenParams-prime">prime</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
-                    attribute of <var>algorithm</var> to equal the
-                    <a href="#dfn-DhKeyGenParams-generator">generator</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                    representing the public key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>publicKey</var> to <code>"public"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>publicKey</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>publicKey</var> to true.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>publicKey</var> to be the empty list.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                    representing the private key of the generated key pair.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>privateKey</var> to <code>"private"</code>
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                    slot of <var>privateKey</var> to <var>algorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
-                    slot of <var>privateKey</var> to <var>extractable</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
-                    <var>privateKey</var> to be <var>usages</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
-                    dictionary.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
-                    of <var>result</var> to be <var>publicKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
-                    of <var>result</var> to be <var>privateKey</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return the result of converting <var>result</var> to an ECMAScript Object, as
-                    defined by [<a href="#WebIDL">WebIDL</a>].
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Derive Bits</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>key</var> is not <code>"private"</code>, then <a href="#concept-throw">throw</a> an <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Let <var>publicKey</var> be the
-                    <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
-                    <var>normalizedAlgorithm</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>publicKey</var> is not <code>"DH"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                    <var>publicKey</var> is not <code>"public"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>publicKey</var> is not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the
-                    [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>publicKey</var> is not equal to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
-                    <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Perform the Diffie-Hellman Phase II algorithm as specified in Section 8 of [<a href="#PKCS3">PKCS #3</a>] with <var>key</var> as the DH private value
-                    <var>x</var> and the Diffie-Hellman public value represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of the <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
-                    <var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
-                  </p>
-                  <dl class="switch">
-                    <dt>If performing the operation results in an error:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> an
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>
-                      If the length of <var>secret</var> in bits is less than
-                      <var>length</var>:
-                    </dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> an
-                      <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
-                  </dl>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import Key</dt>
-            <dd>
-              <dl class="switch">
-                <dt>
-                  If <var>format</var> is <code>"raw"</code>:
-                </dt>
-                <dd>
-                  <div class="ednote"><div class="ednoteHeader">Editorial note</div>
-                    <p>
-                      Raw import of private values is presently not supported.
-                    </p>
-                  </div>
-                  <ol>
-                    <li>
-                      <p>
-                        If <var>usages</var> is not empty
-                        then <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If <var>extractable</var> is false,
-                        then <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>PV</var> be the integer which results from interpreting the
-                        octets of <var>keyData</var> as an unsigned big integer with most
-                        significant octet first.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                        representing a Diffie-Hellman public key with public value <var>PV</var>
-                        and with prime, <var>p</var> and base, <var>g</var> equal to the <a href="#dfn-DhImportKeyParams-prime">prime</a> and <a href="#dfn-DhImportKeyParams-generator">generator</a> properties of
-                        <var>normalizedAlgorithm</var> respectively.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                        <var>key</var> to <code>"public"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>algorithm</var> be a new <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-Algorithm-name">name</a> attribute of
-                        <var>algorithm</var> to <code>"DH"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                        <var>algorithm</var> to equal the <a href="#dfn-DhImportKeyParams-prime">prime</a> member of
-                        <var>normalizedAlgorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
-                        <var>algorithm</var> to equal the <a href="#dfn-DhImportKeyParams-generator">generator</a> member of
-                        <var>normalizedAlgorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                        slot of <var>key</var> to <var>algorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Return <var>key</var>.
-                      </p>
-                    </li>
-                  </ol>
-                </dd>
-                <dt>
-                  If <var>format</var> is <code>"spki"</code>:
-                </dt>
-                <dd>
-                  <ol>
-                    <li>
-                      <p>
-                        If <var>usages</var> is not empty
-                        then <a href="#concept-throw">throw</a> a
-                        <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>spki</var> be the result of running the <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a> algorithm
-                        over <var>keyData</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If an error occurred while parsing, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>algorithm</code> object identifier field of the
-                        <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
-                        equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9 of
-                        [<a href="#PKCS3">PKCS #3</a>], then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>parameters</code> field of the <code>algorithm</code>
-                        AlgorithmIdentifier field of <var>spki</var> is absent, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>params</var> be the <code>parameters</code> field of the
-                        <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If <var>params</var> is not an instance of the <code>DHParameter</code>
-                        ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                        representing the Diffie-Hellman public key obtained by parsing the
-                        <code>subjectPublicKey</code> field of <var>spki</var> as an ASN.1
-                        INTEGER.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                        <var>key</var> to <code>"public"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>algorithm</var> be a new <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-Algorithm-name">name</a> member of
-                        <var>algorithm</var> to <code>"DH"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                        slot of <var>key</var> to <var>algorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Return <var>key</var>.
-                      </p>
-                    </li>
-                  </ol>
-                </dd>
-                <dt>
-                If <var>format</var> is <code>"pkcs8"</code>:
-                </dt>
-                <dd>
-                  <ol>
-                    <li>
-                      <p>
-                        If <var>usages</var> contains a value which is not one of
-                        <code>"deriveKey"</code> or <code>"deriveBits"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>privateKeyInfo</var> be the result of running the
-                        <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
-                        algorithm over <var>keyData</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If an error occurred while parsing, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>algorithm</code> object identifier field of the
-                        <code>algorithm</code> AlgorithmIdentifier field of
-                        <var>privateKeyInfo</var> is not equivalent to the
-                        <code>dhKeyAgreement</code> OID defined in Section 9 of [<a href="#PKCS3">PKCS #3</a>], then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If the <code>parameters</code> field of the
-                        <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
-                        <var>privateKeyInfo</var> is absent, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>params</var> be the <code>parameters</code> field of the
-                        <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
-                        <var>privateKeyInfo</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        If <var>params</var> is not an instance of the <code>DHParameter</code>
-                        ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
-                      </p>
-                    </li>
-                    <li>
-                      Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                      representing the Diffie-Hellman private key obtained by parsing the
-                      <code>privateKey</code> field of <var>privateKeyInfo</var> as an ASN.1
-                      INTEGER.
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                        <var>key</var> to <code>"private"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Let <var>algorithm</var> be a new
-                        <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-Algorithm-name">name</a> member of
-                        <var>algorithm</var> to <code>"DH"</code>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
-                        <var>algorithm</var> to a new <code>BigInteger</code> equal to the
-                        <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
-                        <var>params</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                        slot of <var>key</var> to <var>algorithm</var>.
-                      </p>
-                    </li>
-                    <li>
-                      <p>
-                        Return <var>key</var>.
-                      </p>
-                    </li>
-                  </ol>
-                </dd>
-                <dt>Otherwise:</dt>
-                <dd>
-                  <a href="#concept-throw">throw</a> a
-                  <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                </dd>
-              </dl>
-            </dd>
-            <dt>Export Key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    If the underlying cryptographic key material represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
-                    cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>
-                      If <var>format</var> is <code>"raw"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <dl class="switch">
-                            <dt>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is <code>"public"</code>:
-                            </dt>
-                            <dd>
-                              Let <var>data</var> be the Public Value, <var>PV</var>, associated
-                              with <var>key</var> as specified in Section 7 of [<a href="#PKCS3">PKCS #3</a>].
-                            </dd>
-                            <dt>
-                              If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                              of <var>key</var> is <code>"private"</code>:
-                            </dt>
-                            <dd>
-                              Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> that represents the private
-                              value <var>x</var> associated with <var>key</var> as a big integer,
-                              most significant octet first.
-                            </dd>
-                          </dl>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>
-                      If <var>format</var> is <code>"spki"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                            of <var>key</var> is not <code>"public"</code>, then <a href="#concept-throw">throw</a> an <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be an instance of the <code>subjectPublicKeyInfo</code>
-                            ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
-                            with the following properties:
-                          </p>
-                          <ul>
-                            <li>
-                              <p>
-                                Set the <var>algorithmIdentifier</var> field to an
-                                <code>AlgorithmIdentifier</code> ASN.1 structure with the
-                                following properties:
-                              </p>
-                              <ul>
-                                <li>
-                                  <p>
-                                    Set the <var>algorithm</var> field to the
-                                    <code>dhKeyAgreement</code> OID defined in Section 9 of <a href="#PKCS3">PKCS #3</a>.
-                                  </p>
-                                </li>
-                                <li>
-                                  <p>
-                                    Set the <var>parameters</var> field to an instance of the
-                                    <code>DHParams</code> ASN.1 structure defined in Section 9 of
-                                    <a href="#PKCS3">PKCS #3</a> with the following properties:
-                                  </p>
-                                  <ul>
-                                    <li>
-                                      <p>
-                                        Set the <var>prime</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                                        the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                    <li>
-                                      <p>
-                                        Set the <var>base</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
-                                        attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                  </ul>
-                                </li>
-                              </ul>
-                            </li>
-                            <li>
-                              <p>
-                                Set the <var>subjectPublicKey</var> to an ASN.1 INTEGER that
-                                corresponds to the Diffie-Hellman public value represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
-                                <var>key</var>.
-                              </p>
-                            </li>
-                          </ul>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>
-                      If <var>format</var> is <code>"pkcs8"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
-                            of <var>key</var> is not <code>"private"</code>, then <a href="#concept-throw">throw</a> an <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>data</var> be an instance of the <code>privateKeyInfo</code>
-                            ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
-                            with the following properties:
-                          </p>
-                          <ul>
-                            <li>
-                              <p>
-                                Set the <var>privateKeyAlgorithm</var> field to a
-                                <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 structure with
-                                the following properties:
-                              </p>
-                              <ul>
-                                <li>
-                                  <p>
-                                    Set the <var>algorithm</var> field to the
-                                    <code>dhKeyAgreement</code> OID defined in Section 9 of <a href="#PKCS3">PKCS #3</a>.
-                                  </p>
-                                </li>
-                                <li>
-                                  <p>
-                                    Set the <var>parameters</var> field to an instance of the
-                                    <code>DHParams</code> ASN.1 structure defined in Section 9 of
-                                    <a href="#PKCS3">PKCS #3</a> with the following properties:
-                                  </p>
-                                  <ul>
-                                    <li>
-                                      <p>
-                                        Set the <var>prime</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
-                                        the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                    <li>
-                                      <p>
-                                        Set the <var>base</var> field to an ASN.1 INTEGER that is
-                                        equivalent to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
-                                        attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
-                                        internal slot of <var>key</var>.
-                                      </p>
-                                    </li>
-                                  </ul>
-                                </li>
-                              </ul>
-                            </li>
-                            <li>
-                              <p>
-                                Set the <var>privateKey</var> field to an ASN.1 INTEGER that
-                                corresponds to the Diffie-Hellman private value represented by
-                                [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot
-                                of <var>key</var>.
-                              </p>
-                            </li>
-                          </ul>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>result</var> be a new <code>ArrayBuffer</code> containing
-                            <var>data</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>                  
-                  </dl>
-                </li>
-                <li>
-                  <p>
-                    Return <var>result</var>.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
-      <div id="sha" class="section">
-        <h3>33. SHA</h3>
+    <div id="sha" class="section">
+        <h3>30. SHA</h3>
         <div id="sha-description" class="section">
-          <h4>33.1. Description</h4>
+          <h4>30.1. Description</h4>
           <p>
             This describes the SHA-1 and SHA-2 families, as specified by
             [<a href="#FIPS180-4">FIPS PUB 180-4</a>].
           </p>
         </div>
         <div id="sha-registration" class="section">
-          <h4>33.2. Registration</h4>
+          <h4>30.2. Registration</h4>
           <p>
             The following algorithms are added as <a href="#recognized-algorithm-name">
             recognized algorithm names</a>:
@@ -15914,7 +14026,7 @@
           </table>
         </div>
         <div id="sha-operations" class="section">
-          <h4>33.3. Operations</h4>
+          <h4>30.3. Operations</h4>
           <dl>
             <dt>Digest</dt>
             <dd>
@@ -15978,232 +14090,11 @@
           </dl>
         </div>
       </div>
-      <div id="concatkdf" class="section">
-        <h3>34. Concat KDF</h3>
-        <div id="concatkdf-description" class="section">
-          <h4>34.1. Description</h4>
-          <p>
-            The <code>"CONCAT"</code> algorithm identifier is used to perform key derivation
-            using the key derivation algorithm defined in Section 5.8.1 of
-            [<a href="#SP800-56A">NIST SP800-56A</a>] using the SHA hash functions defined
-            in this specification.
-          </p>
-          <p>
-            <a href="#dfn-applicable-specification">Other specifications</a>
-            may specify the use of additional hash algorithms with Concat KDF. Such specifications
-            must define digest operations for the additional hash algorithms and 
-            <dfn id="dfn-concat-extended-import-steps">key import steps</dfn> for Concat KDF.
-          </p>
-        </div>
-        <div id="concatkdf-registration" class="section">
-          <h4>34.2. Registration</h4>
-          <p>
-            The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
-            this algorithm is <code>"CONCAT"</code>.
-          </p>
-          <table>
-            <thead>
-              <tr>
-                <th><a href="#supported-operations">Operation</a></th>
-                <th><a href="#algorithm-specific-params">Parameters</a></th>
-                <th><a href="#algorithm-result">Result</a></th>
-              </tr>
-            </thead>
-            <tbody>
-              <tr>
-                <td>deriveBits</td>
-                <td><a href="#dfn-ConcatParams">ConcatParams</a></td>
-                <td><a href="#dfn-octet-string">Octet string</a></td>
-              </tr>
-              <tr>
-                <td>Import key</td>
-                <td>None</td>
-                <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
-              </tr>
-              <tr>
-                <td>Get key length</td>
-                <td>None</td>
-                <td>Integer or null</td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-        <div id="concat-params" class="section">
-          <h4>34.3. ConcatParams dictionary</h4>
-          <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-ConcatParams">ConcatParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The digest method to use to derive the keying material.</span>
-<a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-ConcatParams-hash">hash</dfn>;
-
-<span class="comment">// A bit string corresponding to the AlgorithmId field of the OtherInfo parameter.</span>
-<span class="comment">// The AlgorithmId indicates how the derived keying material will be parsed and for which</span>
-<span class="comment">// algorithm(s) the derived secret keying material will be used.</span>
-required BufferSource <dfn id="dfn-ConcatParams-algorithmId">algorithmId</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyUInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyUInfo">partyUInfo</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyVInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyVInfo">partyVInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPubInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-publicInfo">publicInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPrivInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-privateInfo">privateInfo</dfn>;
-};
-          </code></pre></div></div>
-        </div>
-        <div id="concat-operations" class="section">
-          <h4>34.4. Operations</h4>
-          <dl>
-            <dt>Derive Bits</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Let <var>secret</var> be the result of performing the Concatenation Key
-                    Derivation Function defined in Section 5.8.1 of
-                    [<a href="#SP800-56A">SP800-56A</a>] with <var>length</var> as
-                    <var>keydatalen</var>, the hash function identified by the
-                    <a href="#dfn-ConcatParams-hash">hash</a> member of
-                    <var>normalizedAlgorithm</var> as <var>H</var>, the
-                    <a href="#dfn-ConcatParams-algorithmId">algorithmId</a> member of
-                    <var>normalizedAlgorithm</var> as <var>AlgorithmID</var>, the
-                    <a href="#dfn-ConcatParams-partyUInfo">partyUInfo</a> member of
-                    <var>normalizedAlgorithm</var> as <var>PartyUInfo</var>, the
-                    <a href="#dfn-ConcatParams-partyVInfo">partyVInfo</a> member of
-                    <var>normalizedAlgorithm</var> as <var>PartyVInfo</var>, the
-                    <a href="#dfn-ConcatParams-publicInfo">publicInfo</a> member of
-                    <var>normalizedAlgorithm</var>, if present, as
-                    <var>SuppPubInfo</var> and the
-                    <a href="#dfn-ConcatParams-privateInfo">privateInfo</a> member of
-                    <var>normalizedAlgorithm</var>, if present, as
-                    <var>SuppPrivInfo</var>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    If the operation fails, 
-                    then <a href="#concept-throw">throw</a> an
-                    <a href="#dfn-OperationError"><code>OperationError</code></a>.
-                  </p>
-                </li>
-                <li>
-                  <p>
-                    Return <var>secret</var>
-                  </p>
-                </li>
-              </ol>
-            </dd>
-            <dt>Import key</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>Let <var>keyData</var> be the key data to be imported.</p>
-                </li>
-                <li>
-                  <p>
-                    Perform any <a href="#dfn-concat-extended-import-steps">key import steps</a>
-                    defined by <a href="#dfn-applicable-specification">other applicable
-                    specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
-                  </p>
-                  <dl class="switch">
-                    <dt>
-                      If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
-                      object
-                    </dt>
-                    <dd>
-                      <p>
-                        Return <var>result</var>.
-                      </p>
-                    </dd>
-                    <dt>
-                      If <var>result</var> is an error with a name that is not
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
-                    </dt>
-                    <dd>
-                      <p>
-                        <a href="#concept-throw">throw</a> <var>result</var>.
-                      </p>
-                    </dd>
-                  </dl>
-                </li>
-                <li>
-                  <dl class="switch">
-                    <dt>
-                      If <var>format</var> is <code>"raw"</code>:
-                    </dt>
-                    <dd>
-                      <ol>
-                        <li>
-                          <p>
-                            If <var>usages</var> contains a value that is not 
-                            <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-                            
-                                then <a href="#concept-throw">throw</a> a
-                                <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
-                            representing the key data provided in <var>keyData</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
-                            <var>key</var> to <code>"secret"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Let <var>algorithm</var> be a new
-                            <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
-                            <var>algorithm</var> to <code>"CONCAT"</code>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
-                            slot of <var>key</var> to <var>algorithm</var>.
-                          </p>
-                        </li>
-                        <li>
-                          <p>
-                            Return <var>key</var>.
-                          </p>
-                        </li>
-                      </ol>
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      <a href="#concept-throw">throw</a> a
-                      <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
-                    </dd>
-                  </dl>
-                </li>
-              </ol>
-            </dd>
-            <dt>Get length</dt>
-            <dd>
-              <ol>
-                <li>
-                  <p>
-                    Return null.
-                  </p>
-                </li>
-              </ol>
-            </dd>
-          </dl>
-        </div>
-      </div>
+      
       <div id="hkdf-ctr" class="section">
-        <h3>35. HKDF-CTR</h3>
+        <h3>31. HKDF-CTR</h3>
         <div id="hkdf-ctr-description" class="section">
-          <h4>35.1. Description</h4>
+          <h4>31.1. Description</h4>
           <p class="norm">This section is non-normative.</p>
           <p>
             The <code>"HKDF-CTR"</code> algorithm identifier is used to
@@ -16220,7 +14111,7 @@
           </p>
         </div>
         <div id="hkdf-ctr-registration" class="section">
-          <h4>35.2. Registration</h4>
+          <h4>31.2. Registration</h4>
           <p>
             The <a href="#recognized-algorithm-name">recognized algorithm name</a>
             for this algorithm is <code>"HKDF-CTR"</code>.
@@ -16253,7 +14144,7 @@
           </table>
         </div>
         <div id="hkdf-ctr-params" class="section">
-          <h4>35.3. HkdfCtrParams dictionary</h4>
+          <h4>31.3. HkdfCtrParams dictionary</h4>
           <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
 dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
 <span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#alg-sha-256">SHA-256</a>)</span>
@@ -16266,7 +14157,7 @@
           </code></pre></div></div>
         </div>
         <div id="hkdf2-ctr-operations" class="section">
-          <h4>35.4. Operations</h4>
+          <h4>31.4. Operations</h4>
           <dl>
             <dt>Derive Bits</dt>
             <dd>
@@ -16453,9 +14344,9 @@
       </div>
 
       <div id="pbkdf2" class="section">
-        <h3>36. PBKDF2</h3>
+        <h3>32. PBKDF2</h3>
         <div id="pbkdf2-description" class="section">
-          <h4>36.1. Description</h4>
+          <h4>32.1. Description</h4>
           <p class="norm">This section is non-normative.</p>
           <p>
             The <code>"PBKDF2"</code> algorithm identifier is used to
@@ -16472,7 +14363,7 @@
           </p>
         </div>
         <div id="pbkdf2-registration" class="section">
-          <h4>36.2. Registration</h4>
+          <h4>32.2. Registration</h4>
           <p>
             The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
             this algorithm is <code>"PBKDF2"</code>.
@@ -16510,7 +14401,7 @@
           </table>
         </div>
         <div id="pbkdf2-params" class="section">
-          <h4>36.3. Pbkdf2Params dictionary</h4>
+          <h4>32.3. Pbkdf2Params dictionary</h4>
           <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
 dictionary <dfn id="dfn-Pbkdf2Params">Pbkdf2Params</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
 required BufferSource <dfn id="dfn-Pbkdf2Params-salt">salt</dfn>;
@@ -16520,7 +14411,7 @@
           </code></pre></div></div>
         </div>
         <div id="pbkdf2-operations" class="section">
-          <h4>36.4. Operations</h4>
+          <h4>32.4. Operations</h4>
           <dl>
             <dt>Derive bits</dt>
             <dd>
@@ -16711,9 +14602,9 @@
 
 
       <div id="examples-section" class="section">
-        <h2>37. JavaScript Example Code</h2>
+        <h2>33. JavaScript Example Code</h2>
         <div id="examples-signing" class="section">
-          <h3>37.1. Generate a signing key pair, sign some data</h3>
+          <h3>33.1. Generate a signing key pair, sign some data</h3>
         
         <div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
 <span class="comment">// Algorithm Object</span>
@@ -16747,7 +14638,7 @@
         </code></pre></div></div>
         </div>
         <div id="examples-symmetric-encryption" class="section">
-          <h3>37.2. Symmetric Encryption</h3>
+          <h3>33.2. Symmetric Encryption</h3>
         <div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
 var clearDataArrayBufferView = convertPlainTextToArrayBufferView("Plain Text Data");
 <span class="comment">// TODO: create example utility function that converts text -&gt; ArrayBufferView</span>
@@ -16775,9 +14666,9 @@
       </div>
     </div>
     <div id="iana-section" class="section">
-    <h2>38. IANA Considerations</h2>
+    <h2>34. IANA Considerations</h2>
         <div id="iana-section-jws-jwa" class="section">
-          <h3>38.1. JSON Web Signature and Encryption Algorithms Registration</h3>
+          <h3>34.1. JSON Web Signature and Encryption Algorithms Registration</h3>
           <p>
             This section registers the following algorithm identifiers in the IANA JSON Web
             Signature and Encryption Algorithms Registry for use with JSON Web Key. Note that the
@@ -16915,7 +14806,7 @@
           </ul>
         </div>
         <div id="iana-section-jwk" class="section">
-          <h3>38.2. JSON Web Key Parameters Registration</h3>
+          <h3>34.2. JSON Web Key Parameters Registration</h3>
           <ul>
             <li>Parameter Name: "ext"</li>
             <li>Parameter Description: Extractable</li>
@@ -16927,7 +14818,7 @@
         </div>
       </div>
       <div id="acknowledgements-section" class="section">
-        <h2>39. Acknowledgements</h2>
+        <h2>35. Acknowledgements</h2>
         <p>
           The editors would like to thank Adam Barth, Alex Russell, Ali Asad, Arun Ranganathan,
           Brian Smith, Brian Warner, Channy Yun, Eric Roman, Glenn Adams, Jim Schaad, Kai Engert,
@@ -16950,9 +14841,9 @@
         </p>
       </div>
       <div id="references" class="section">
-         <h2>40. References</h2>
+         <h2>36. References</h2>
          <div id="normative-references" class="section">
-           <h3>40.1. Normative References</h3>
+           <h3>36.1. Normative References</h3>
            <dl>
              <dt id="DOM4">DOM4</dt>
              <dd>
@@ -17038,11 +14929,6 @@
               NIST Special Publication 800-108: Recommendation for Key Derivation Using
               Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
             </dd>
-             <dt id="PKCS3">PKCS3</dt>
-             <dd>
-               <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2126">PKCS #3: Diffie-Hellman
-               Key-Agreement Standard</a></cite>, RSA Laboratories.
-             </dd>
              <dt id="RFC2119">RFC 2119</dt>
              <dd>
                <cite><a href="http://www.ietf.org/rfc/rfc2119">Key words for use in RFCs to
@@ -17118,7 +15004,7 @@
             </dl>
         </div>
         <div id="informative-references" class="section">
-          <h3>40.2. Informative References</h3>
+          <h3>36.2. Informative References</h3>
           <dl>
             <dt id="CDSA">CDSA</dt>
             <dd>
@@ -17631,91 +15517,7 @@
 </code></pre></div></div>
                 </td>
               </tr>
-              <tr>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
-  alg: "A128CMAC" }
-</code></pre></div></div>
-                </td>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CMAC",
-  length: 128 }
-</code></pre></div></div>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
-  alg: "A192CMAC" }
-</code></pre></div></div>
-                </td>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CMAC",
-  length: 192 }
-</code></pre></div></div>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
-  alg: "A256CMAC" }
-</code></pre></div></div>
-                </td>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CMAC",
-  length: 256 }
-</code></pre></div></div>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
-  alg: "A128CFB8" }
-</code></pre></div></div>
-                </td>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CFB-8",
-  length: 128 }
-</code></pre></div></div>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
-  alg: "A192CFB8" }
-</code></pre></div></div>
-                </td>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CFB-8",
-  length: 192 }
-</code></pre></div></div>
-                </td>
-              </tr>
-              <tr>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
-  alg: "A256CFB8" }
-</code></pre></div></div>
-                </td>
-                <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CFB-8",
-  length: 256 }
-</code></pre></div></div>
-                </td>
-              </tr>
-              <tr>
+            <tr>
                 <td>
 <div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
 { kty: "oct",
@@ -17865,12 +15667,6 @@
               <td><code>"DSA"</code></td>
               <td><a href="#RFC3279">RFC 3279</a></td>
             </tr>
-            <tr>
-              <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
-              <td>INTEGER</td>
-              <td><code>"DH"</code></td>
-              <td><a href="#PKCS3">PKCS #3</a></td>
-            </tr>
           </tbody>
         </table>
         <div class="ednote"><div class="ednoteHeader">Editorial note</div>
@@ -17963,20 +15759,8 @@
               <td><code>"DSA"</code></td>
               <td><a href="#RFC5958">RFC 5958</a></td>
             </tr>
-            <tr>
-              <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
-              <td>INTEGER</td>
-              <td><code>"DH"</code></td>
-              <td><a href="#PKCS3">PKCS #3</a></td>
-            </tr>
           </tbody>
         </table>
-        <div class="ednote"><div class="ednoteHeader">Editorial note</div>
-          <p>
-            There does not appear to be a normative reference for a DH key being encoded as an
-            INTEGER. Only RFC 5958 seems to mention this.
-          </p>
-        </div>
       </div>
     </div>
   </body>