This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
RSA-OAEP encryption/decryption operations require a hash function and a mask generation function. These must be specified, or functions must be selected by the user of the API. The Hash and Mask Generation Function could be parameters of the key (provided to generateKey, importKey and unwrapKey) or they could be parameters of the operations (encrypt, decrypt). There are may be security reasons to prefer one or the other approach, I don't know.
Sorry - someone mis-informed me that this was not in the spec, but I see that it is.