[webauthn] "WebAuthn Authenticator model" seemingly prohibits random AAGUIDs (minor) from Adam Langley via GitHub on 2017-05-07 (public-webauthn@w3.org from May 2017)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Sun, 07 May 2017 23:29:58 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-226904918-1494199796-sysbot+gh@w3.org>

agl has just created a new issue for https://github.com/w3c/webauthn:

== "WebAuthn Authenticator model" seemingly prohibits random AAGUIDs (minor) ==
(This is a pedantic nit:)

The [section](https://www.w3.org/TR/2017/WD-webauthn-20170505/#authenticator-model) describing the authenticator model specifies that the AAGUID is a 128-bit string, and that it must be chosen to be:

> different (with probability 1-2<sup>128</sup> or greater) from the AAGUIDs of all other types of authenticators

However, once there exist two AAGUIDs in the world then choosing a random, 128-bit number is not sufficient to meet this requirement. (Because a random number would have a 2/2<sup>128</sup> chance of colliding with one of the other AAGUIDs in the world.)

It seems that this section is trying to say that random AAGUIDs are ok, but may have inadvertently, technically, forbidden them.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/452 using your GitHub account

Received on Sunday, 7 May 2017 23:30:04 UTC