design-reviews#1190: Incubation: Cryptography usage in Web Standards

#1190: Incubation: Cryptography usage in Web Standards

Visit on Github

Opened

Feb 3, 2026

Explainer

https://www.w3.org/TR/2026/DNOTE-security-guidelines-cryptography-20260129/

The explainer

Includes the information requested by the Explainer Explainer.
Follows the Web Platform Design Principles.
Includes or links to answers to the Security/Privacy Questionnaire.
Describes user research you did to validate the problem and/or design.

Where and by whom is the work is being done?

GitHub repo: https://github.com/w3c/security-guidelines-cryptography
Primary contacts: (This is a third-party request for review.)
Organization/project driving the design: ?
This work is being funded by: ?
Incubation and standards groups that have discussed the design:
- Security Interest Group; see https://github.com/w3c/securityig/issues/33
Standards group(s) that you expect to discuss and/or adopt this work when it's ready: SIG

Feedback so far

There's some review in the issue tracker that is worth looking at. https://github.com/w3c/security-guidelines-cryptography/issues/15 in particular has some good feedback.

You should also know that...

(Note that I didn't know how to classify this request. The forms don't really fit this, so I've lied: this doesn't really include the necessary items from the explainer explainer.)

After looking at this document personally, I think that the TAG should take a serious and critical look at this document. Focus on high level goals and whether this document is addressing those goals. To be clear, the purpose of this guide is presently unclear, but there is serious risk of harm out of this. If I were to infer a goal, it might be to instill confidence in people about their use of cryptography, which would likely be unwise.

To quote a recent article:

In fact, ability and motive may even be negatively correlated. The kind of person who has the ability to release a plague is probably highly educated: likely a PhD in molecular biology, and a particularly resourceful one, with a promising career, a stable and disciplined personality, and a lot to lose. This kind of person is unlikely to be interested in killing a huge number of people for no benefit to themselves and at great risk to their own future—they would need to be motivated by pure malice, intense grievance, or instability. -- Dario Amodei, The Adolescence of Technology

Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1190

Discussions

Discussed Feb 2, 2026 (See Github)

Lola: Martin has opened an issue to look at a document regarding crypto in web standards, and Martin has concerns. Think we should assign Martin, anybody else interested? Just to be clear, purpose is to check if the goals are good, and the document meets these goals.

Ehsan: Happy to support.

Yves: Is Martin available for this, given his term ended?

Lola: Right. Let’s assign Ehsan and me.

Discussed Feb 9, 2026 (See Github)

Ehsan: Not finished yet, but started looking into it.

Lola: That was the issue that Martin opened?

Ehsan: Yes.

Lola: If someone else wants to join, feel free to assign yourselves. We’re not reviewing a specific design review, that’s just work happening inside W3C that he thinks we should be aware of.

Jeffrey: Basically a design principle, asked Google security people to have a look.

Lola: Martin was concerned. Not that we should be biased, but be aware of that.

Ehsan: Share Martin’s impression.

Comment by @lolaodelola Feb 13, 2026 (See Github)

@martinthomson thanks for putting this on our radar.

To be clear, the purpose of this guide is presently unclear, but there is serious risk of harm out of this.

What specific harms do you foresee coming from this?

Comment by @Solix45456767 Feb 13, 2026 (See Github)

{ "comment": { "topic": "Incubation: Cryptography usage in Web Standards", "best_practice": "Ensure all cryptographic implementations follow established standards like NIST guidelines and use well-vetted libraries rather than custom implementations, while maintaining clear documentation of which algorithms are used and their security properties. Always provide secure key management practices and deprecation timelines for older cryptographic methods to help developers migrate safely.", "question": "Have you considered including guidance on post-quantum cryptography readiness, given the evolving threat landscape? What mechanisms will be in place to update these standards as cryptographic threats evolve?" } }

Comment by @martinthomson Feb 15, 2026 (See Github)

I found some of the advice misleading, both in detail and in structure. A source of inaccurate information on cryptography that purports to be reliable, from a trusted/trustworthy source might lead people to act on a false belief of accuracy. Problems in the deployment of cryptography tend to be more serious than other problems.

As an example of the structural problems, there is no mention of the tools that we recommend most people use. Things like TLS and SSH (and more recently, MLS) are at a level that the document fails to engage with. The relatively low level of the things that are covered is usually reserved for trained practitioners, who are able to reason about cryptographic properties like IND-CCA or EUF-CMA or discuss the value of FO or Feistel or Fiat-Shamir. These are all basics on the same level as the material in the document, but not given any mention.

At the level that this document operates, a brief note suggesting that people use composed protocols (TLS, SSH, etc..) rather than try to use cryptographic primitives would be far more useful. If the goal is to help give a grounding in the use of those tools, I'd suggest finding a good school. These are not skills that can be taught by a short document like this.