W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

[webauthn] "WebAuthn Authenticator model" seemingly prohibits random AAGUIDs (minor)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Sun, 07 May 2017 23:29:58 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-226904918-1494199796-sysbot+gh@w3.org>
agl has just created a new issue for https://github.com/w3c/webauthn:

== "WebAuthn Authenticator model" seemingly prohibits random AAGUIDs (minor) ==
(This is a pedantic nit:)

The [section](https://www.w3.org/TR/2017/WD-webauthn-20170505/#authenticator-model) describing the authenticator model specifies that the AAGUID is a 128-bit string, and that it must be chosen to be:

> different (with probability 1-2<sup>128</sup> or greater) from the AAGUIDs of all other types of authenticators

However, once there exist two AAGUIDs in the world then choosing a random, 128-bit number is not sufficient to meet this requirement. (Because a random number would have a 2/2<sup>128</sup> chance of colliding with one of the other AAGUIDs in the world.)

It seems that this section is trying to say that random AAGUIDs are ok, but may have inadvertently, technically, forbidden them.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/452 using your GitHub account
Received on Sunday, 7 May 2017 23:30:04 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC