bcoe
commented
5 years ago sorry for the spam @mwatson, meant to loop @mwatson2 into this thread.
Closed bcoe closed 5 years ago
bcoe
commented
5 years ago sorry for the spam @mwatson, meant to loop @mwatson2 into this thread.
bcoe
commented
5 years ago @littledan @ljharb any opinions on this topic, I was wondering if there's prior art with regards to adopting a recommendation from W3C.
ljharb
commented
5 years ago Not that I know of, but I'd expect to see the spec for it upstreamed, ie not have 262 just point to HTML.
littledan
commented
5 years ago Yes, I am all for this, but let's work closely with the WebCrypto people here. Do we want this to be the same function, or a similar function?
Coming out of conversations in #25, and #31, I would like to advocate that the best option I've heard so far for facilitating the need for a mockable, secure source of randomness, to act as a foundation for UUID algorithms, would be the introduction of an API identical to
crypto.getRandomValues().I'm looping in a couple fo the folks who have worked on the Web Cryptography API, to see if they have any additional advice 😄 ....
~@mwatson~ (@mwatson2), @plehegar, to give you some context, we're working on a proposal to add cryptographically secure UUIDs to ECMAScript, and the idea has been floated that we use an API resembling
crypto.getRandomValues()for the foundation of the algorithm.see: #25, #31, #32