[w3ctag/design-reviews] Cryptographically secure random UUIDs (#623)

Ya ya yawm TAG!

I'm requesting a TAG review of [feature name].

We propose adding the randomUUID() method to the crypto interface. This method provides an API for generating RFC 4122 identifiers. Initially, the only version of UUID supported will be the version 4 "Algorithm for Creating a UUID from Truly Random or Pseudo-Random Numbers".

  - Explainer¹: https://github.com/WICG/uuid/blob/gh-pages/explainer.md

  - Specification URL: https://wicg.github.io/uuid/

  - Tests: https://chromium-review.googlesource.com/c/chromium/src/+/2804758

  - Security and Privacy self-review²: https://docs.google.com/document/d/1M6E82C2Dgf9X7m4XTIRCiv5ktSIaOMR9-yhZtv9LQsE/edit?usp=sharing

  - GitHub repo (if you prefer feedback filed there): https://github.com/WICG/uuid

  - Primary contacts (and their relationship to the specification):
      - [Ben Coe](http://github.com/bcoe): Google.
      - [Christoph Tavan](https://github.com/ctavan): Google
      - [Robert Kieffer](https://github.com/broofa): Community contributor.
  - Organization(s)/project(s) driving the specification: Although several Googlers are working on this, we are doing so outside of our day jobs, so this work is largely being funded by our own individual spare time and interest.
  - Key pieces of existing multi-stakeholder review or discussion of this specification: [original tc39 issue tracker](https://github.com/tc39/proposal-uuid/issues), [WICG issue tracker](https://github.com/WICG/uuid).
  - External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5689159362543616


Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://w3ctag.github.io/design-principles/)
  - Relevant time constraints or deadlines: n/a.
  - The group where the work on this specification is currently being done: WICG
  - The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue): W3C.
  - Major unresolved issues with or opposition to this specification: 
  - This work is being funded by: Although several Googlers are working on this, we are doing so outside of our day jobs, so this work is largely being funded by our own individual spare time and interest.

You should also know that...

This specification was originally worked on in TC39, but it was determined that the need for a CSRNG made WICG a more appropriate venue, given that WebCryptography is part of the web platform. 

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**

------------------------------------------------------------------------------------
CAREFULLY READ AND DELETE CONTENT BELOW THIS LINE BEFORE SUBMITTING

Please preview the issue and check that the links work before submitting.

In particular, if anything links to a URL which requires authentication (e.g. Google document), please make sure anyone with the link can access the document. We would prefer fully public documents though, since we work in the open.

¹ We require an explainer to give the relevant context for the spec review, even if the spec has some background information. For background, see our [explanation of how to write a good explainer](https://w3ctag.github.io/explainers). We recommend the explainer to be in [Markdown](https://github.github.com/gfm/).

² A Security and Privacy questionnaire helps us understand potential security and privacy issues and mitigations for your design, and can save us asking redundant questions. See https://www.w3.org/TR/security-privacy-questionnaire/.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/623