Markdown Version | Session Recording

Session Date/Time: 16 Feb 2023 19:00

UUIDREV

Summary

The UUIDREV Working Group met to review the significant changes implemented in the pull request for Draft 02 of the UUID specification. Discussions covered various technical clarifications, the integration of modern cryptographic hash functions for UUIDv8, and major structural improvements. A key decision was made to remove all example code appendices from the document to mitigate maintenance burdens and errata risks, favoring test vectors instead. The group also outlined next steps towards initiating a comprehensive Working Group Last Call.

Key Discussion Points

• Draft 02 Pull Request Review:
  • Nil and Max UUID Variants: The document was updated to explicitly acknowledge Nil and Max UUID variants within the general variant space, clarifying their existence in the specification's tables.
  • Non-descript Node IDs: Text was reordered and clarified to emphasize the use of non-descript node IDs and to de-prioritize centralized registries, aligning with the working group's recommendations.
  • Security Considerations and Randomness: Concerns regarding random number generation (e.g., running out of random, proper initialization) were addressed by citing comprehensive external RFCs and guidance documents. This reference will be changed from normative to informative.
  • UUIDv8 Name-Based Generation with SHA-2/3/Shake: The draft was updated to include best practices for using SHA-256, SHA-3, and Shake algorithms for UUIDv8 name-based generation. This involves combining a dedicated hash space UUID, a namespace, and a name as inputs.
    • Discussion arose about whether to include an IANA registry for hash algorithm identifiers. A sense of those present indicated this would be overkill, as the existing namespace UUIDs are not IANA-registered, and introspection of the hash type from the UUID itself is not a design goal.
    • The limitations of the 128-bit UUID space for encoding hash type information were noted, with UUID-long being a potential future avenue for such explicit encoding.
  • Multiplexed Fields Expansion: A major structural change involved splitting multiplexed fields (e.g., time_high_version into time_high and version) for improved clarity and correctness. This necessitated updates across definitions, test vectors, and references throughout the document.
  • Text Cleanup and Generator States: Extensive rephrasing of sections copied from RFC 4122 was undertaken to improve readability and consistency. Guidance for UUID generator states, particularly the meaning of "unavailable," was clarified.
  • Timestamp Rollover: The document was updated to explicitly state that timestamp rollover is not a near-term concern, with Gregorian and Unix timestamp validity dates extending far into the future (approximately 5623 and 10889, respectively).
  • Shake Algorithms Output: A requirement was added stating that Shake algorithms used for UUID generation must output 128 bits (or more, followed by truncation). An action item was identified to verify the behavior of Shake algorithms when requesting different output lengths.
• Code Appendices Discussion (Agenda Bash): The working group discussed the necessity of including example C code appendices for UUID generation. Concerns were raised about the maintenance burden, the high potential for errata (especially given the recent multiplexed field changes requiring extensive updates), and the general IETF practice of not including full code in RFCs.

Decisions and Action Items

• Decision: The reference to guidance on random number generation in the security considerations section will be changed from normative to informative.
• Decision: No IANA registry will be established for hash algorithm identifiers related to UUIDv8 name-based generation within this document.
• Decision: All example C code appendices will be removed from the document. If corrected implementations are desired, they should be hosted externally, such as in the UUIDREV Working Group's GitHub repository.
• Action Item: Kaiser will test the behavior of Shake algorithms to confirm if output changes based on the requested length (e.g., 128 vs. 130 bits) and adjust the document's "or larger" text if necessary.
• Action Item: Kaiser will implement the decided changes (reference type, Shake algorithm text, removal of appendices), merge the pull request, and publish Draft 02.

Next Steps

• Publish Draft 02 promptly.
• Initiate a working group thread to solicit and compile a comprehensive list of external standards bodies (e.g., ISO, ITU Study Group 17 Security, IEEE) and other relevant organizations or individuals who should be notified during the Working Group Last Call. Liaison statements may be required for formal notifications.
• Target the commencement of a 3-4 week Working Group Last Call by the end of March.