Discuss
  • Message History
Brendan Eich (2013-07-31T16:58:48.000Z)
Brendan Eich wrote:
>>     Gathering entropy enough to make a UUID is work. A crypto module's
>>     RBG should be up to it. Browsers have those, but we haven't yet
>>     required any such thing in ECMA-262, and I expect some
>>     implementations will be crypto-module-free and cheese out on the
>>     quality (where they wouldn't ship unpatched memory safety bugs!).
>>     This is worth a discussion: do we require an RBG with the right
>>     quality in normative words in ES6?
>>
>>
>> A good point. We should indeed discuss the costs of adding this 
>> requirement.
>
> Ok. I think it's going to be a problem for "tiny" embeddings of 
> ECMA-262 implementations (Japanese smart TVs? Maybe these are 
> "legacy", the "compact profile", even). We need to cast a wide net. 

And the meta-hazard here is a race to the bottom. If systems interop and 
some generate worse UUIDs than others, a corollary of Gresham's Law will 
probably kick in.

/be
domenic at domenicdenicola.com (2013-08-02T20:48:57.752Z)
Brendan Eich wrote:

> Ok. I think it's going to be a problem for "tiny" embeddings of 
> ECMA-262 implementations (Japanese smart TVs? Maybe these are 
> "legacy", the "compact profile", even). We need to cast a wide net. 

And the meta-hazard here is a race to the bottom. If systems interop and 
some generate worse UUIDs than others, a corollary of Gresham's Law will 
probably kick in.
Edit