For example: encryption: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypt...
Note that ECDSA is missing.
But, for signing: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypt...
Here, ECDSA is an option.
Why the difference?
It means you cannot use your web browser crypto to interact with the majority of blockchains (like Ethereum).
Is there a good reason why support inside your browser for signing is available with ECDSA but not encryption?
Is this a patent or IP issue, or perhaps a political issue.
I always thought one reason for not using RSA was that you never know if there are backdoors the US government has installed, but this article makes it sound technically poor as well.
In fact, the ability to encrypt directly with RSA is probably a bug, not a feature. There are too many ways to do it catastrophically wrong, and it almost guarantees cryptosystems without forward secrecy.
(WebCrypto isn't great and I'd avoid it, but this isn't why).
Do you have a link to a discussion on why WebCrypto isn't great? More specifically, are you saying there is no real good way to do encryption with WebCrypto, or is it that it is too easy to do it wrong?
It can make some sense in extensions, or in situations where client-side cryptography is more an interoperability or offloading concern than an end-to-end security concern. But ultimately, it's misused more than it's used well.