[webauthn] AAGUID must be a "version 4 UUID" ? from =JeffH via GitHub on 2016-07-26 (public-webauthn@w3.org from July 2016)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 26 Jul 2016 16:40:19 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-167654846-1469551217-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for 
https://github.com/w3c/webauthn:

== AAGUID must be a "version 4 UUID" ? ==
the current language in the webauthn spec strongly implies but does 
not unambiguously state that an AAGUID MUST be a "version 4 UUID" .  
Also, does it actually matter which "version" of UUID (as specified in
 RFC4122) it is?   

The present language is..
> The claimedAAGUID element contains the claimed Authenticator 
Attestation GUID (a version 4 GUID, see [RFC4122]).

Perhaps it should rather be..
> The claimedAAGUID element, which MUST be a UUID as specified in 
[RFC4122], contains the claimed Authenticator Attestation GUID. 

RFC4122 notes that if one has privacy concerns regarding the data that
 is used to construct UUIDs, then one should consider using version 3 
or version 4 UUIDs.  So perhaps we should further enhance the language
 to be..
> The claimedAAGUID element, which MUST be a UUID as specified in 
[RFC4122] (a version 4 UUID is RECOMMENDED), contains the claimed 
Authenticator Attestation GUID. 

see also #148 


Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/149 using your GitHub account

Received on Tuesday, 26 July 2016 16:40:26 UTC