In step 2 of the export key operations of ML-KEM and ML-DSA, the specification uses the name member of normalizedAlgorithm to determine the security category of the key (i.e. ML-KEM-512, ML-KEM-768, ML-KEM-1024 for ML-KEM; ML-DSA-44, ML-DSA-65, ML-DSA-87 for ML-DSA).

However, the exportKey(format, key) method (https://w3c.github.io/webcrypto/#dfn-SubtleCrypto-method-exportKey) does not take an AlgorithmIdentifier as input and thus does not perform algorithm normalization. Therefore, there does not appear to be a normalizedAlgorithm available during the export key operation for ML-KEM and ML-DSA.

I would appreciate clarification on this point, in case I am missing something. My understanding is that the security category could instead be determined from the name attribute of the [[algorithm]] internal slot of the key.

Edit: typos at security category name