CfC to publish Cryptography usage in Web Standards as a First Public Interest Group Note < 2025-11-05

[verocri]

This is a Call for Consensus (CfC) to publish Cryptography usage in Web Standards as a First Public Interest Group Note and enabling autopublish.

This specification provides a concise, practical and standards-aligned reference for standardized cryptographic algorithms and their recommended usage in different contexts. It offers guidelines on when and how to use specific algorithms, parameter choices, and common pitfalls to avoid, in order to promote a consistent, standards-based, and secure use of cryptography across web technologies.

To ensure everyone has an opportunity to weigh in, this issue will serve as a record of the group's decision, one way or another.
I've pre-populated this issue with reactions to make it trivial to collect a signal from folks out there in the world:

• React with👍 if you agree with the publication.
• React with 😕 if you disagree, but it's fine if we decide to proceed.
• React with 👎 if you strongly disagree with the publication.

If you register discontent with the publication, please add a comment as well so we know what we can address to remove the concern (and if you really disapprove, Formal Objections are accepted through the usual venues).

You can find the most recent editor's draft at https://w3c.github.io/security-guidelines-cryptography/.

Thanks!

Please respond by 2025-11-05, at which point this CfC will be closed.