IETF Logo Mail Archive

Re: UUID version 6 proposal, initial feedback

George Michaelson <ggm@algebras.org> Wed, 26 February 2020 22:38 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3F9B3A0979 for <ietf@ietfa.amsl.com>; Wed, 26 Feb 2020 14:38:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nEGoK8hNGLby for <ietf@ietfa.amsl.com>; Wed, 26 Feb 2020 14:38:28 -0800 (PST)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 725583A0977 for <ietf@ietf.org>; Wed, 26 Feb 2020 14:38:28 -0800 (PST)
Received: by mail-il1-x133.google.com with SMTP id i7so619029ilr.7 for <ietf@ietf.org>; Wed, 26 Feb 2020 14:38:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jxwVPH2jE/A9py9drLsNqRQff7Fgjpkur9SnlTnCX0c=; b=in0LJT3jbu6KvaUv7++tSNrsg3HJhfpnJnTFhN2OXw/90MRPy8vQWwqb7TG+bHviM2 MoeBWbUoUE2CHYrkDZYK3a8KLhf7kTO8XpQ9gFAAnIJpxrJQzdqGA+G03nptew4fzuWd JkFuVt9nngmyyAvgHPW8XbL4B+VW4imp4iOnqMnKvtoLeayk5/ArFl+PVKVzjkyQg4td Tvitm607segZSfQ/XmStzpuceVH2om0UJ50rVTcpexIgaF57I/xXzt/ChRYtqVjZq1/1 XONT7hSKhH9mUQkBN/WHu3cMKL7w+okV2k9ZXtNe7Jp34uwL7oHNfQMxKnTi8a4TAH+3 Ra/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jxwVPH2jE/A9py9drLsNqRQff7Fgjpkur9SnlTnCX0c=; b=EnD/jfi9mIp2xniEuDUY1ao3SiWrUPFmcsTbF8RG+m3etZgFQJl/q4rlx9j9tOyX9J c+ffIPFnRccSPnUbneXhyfxkyALe1G1BAfeALedXcxrkLUYG5d7ELikZ7rjZ6Fyg+1tt PCOPzqsQ8kq6wGQTM3Pwe2iywd3se1icXkAsB30c+QrK3FtDoINgtd9ALPEb0tS30BAI z6KHCmsvDlxzwkUTh3izWALK7pEfG8PlYDqdEPukX1BCB5Y9pYH/CvQNFqsFQxgLBU0b jThkZalj8rSoyF6YYp5N3tXr00BCPm9jhcrWG3O2wQHwGJE5DPIDnBSzvHwWM2JFMwwp vALw==
X-Gm-Message-State: APjAAAWnupnxlTNoHmfj6t0oVKSrehwtv1tfhkLkB/RHtifzcsnlPwhF 8p+C0TkoDdo7HFbFGC8dyYyY+mVFFyC09KlYi7Ct6iboOJc=
X-Google-Smtp-Source: APXvYqy1iEIpbJgvWDxezjM0SmG8YO2b57M1BDZpyib1+0N9Te3RT5uTXC8Coi0PHooIt3KlPyrl2MqNQSFVt+VzNOo=
X-Received: by 2002:a92:5d88:: with SMTP id e8mr1285665ilg.106.1582756707276; Wed, 26 Feb 2020 14:38:27 -0800 (PST)
MIME-Version: 1.0
References: <D0894516-3F20-4545-BD7D-BE4FA96FAF75@gmail.com> <CABkgnnXSxqqinyK4QiwVv-VuzAraHFUGCrm0K0e9dJX_F80bWg@mail.gmail.com> <D3517A2C-1FCC-42D2-9AB6-248680BE89E1@gmail.com> <c5ba6f5d-7c61-bfdf-63e6-be7d640ee50c@gmail.com> <6E165220-7D1F-4AD8-B4F3-DDCB8F1DA6E2@akamai.com> <b4b73e11-7e21-03ae-0ebf-badcc2bf9d7e@gmail.com> <20200201060733.GD454818@mit.edu> <75dff0d7-3e2b-8f2a-c8b1-46d27004cce3@gmail.com> <20200201212859.GB528198@mit.edu> <62568ffb-8e95-f331-7790-3ff0f496de87@gmail.com> <MN2PR11MB4366243F3EFEDB637AADFA35B5030@MN2PR11MB4366.namprd11.prod.outlook.com> <52696bfe-d541-8a0e-a158-6e191bb18e54@benramsey.com> <9AA6520F-3009-488C-B7CA-54BE75D9EEB9@island-resort.com>
In-Reply-To: <9AA6520F-3009-488C-B7CA-54BE75D9EEB9@island-resort.com>
From: George Michaelson <ggm@algebras.org>
Date: Thu, 27 Feb 2020 08:38:15 +1000
Message-ID: <CAKr6gn07vtQoMuOBExe8Qd32BeutUQ=Sc0i_0gc984naL7wLqA@mail.gmail.com>
Subject: Re: UUID version 6 proposal, initial feedback
To: Laurence Lundblade <lgl@island-resort.com>
Cc: Ben Ramsey <ben@benramsey.com>, IETF discussion list <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/kNZf29DEs8qo2WKByHdjc0VT-GA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 22:38:32 -0000

For every example (in some things) there is a counter example. As a
thought experiment I have tried to think what is the counter-example
for a DB aligned UUID. The only one I have in hypothesis is something
around the information leakage that two UUID reside in the same
logical data frame.

So I think there is a likelihood more real/tangible reasons NOT to do
this exist, alongside the proven ones to deliberately do this. (e.g.
sharding, Bloom filters over discrete sets, parallelism...)

Therefore, I hope any work in UUID is additive, not subtractive or
solely re-definitional to *one* form, because well.. for every UUID
structural example, there probably is a counter-example.

-G

On Thu, Feb 27, 2020 at 5:09 AM Laurence Lundblade
<lgl@island-resort.com> wrote:
>
> The UUID format seems somewhat anachronistic going back to a time when good HW RNGs were uncommon. That’s not true today. HW was introduced between 2010 and 2015 for good RNGs, particularly this  The better choice today seems just a sequence of cryptographic quality random bytes.  This is already being done for a nonce field in some protocols. They are not UUID format.
>
> Except, as discussed, true RNG IDs don’t work well with databases.
>
> One option is to say the databases should be fixed to work with true RNG IDs. In some case this is what will have to happen.
>
> Another is to design an ID that is database friendly, which is what this draft is about. Protocols can use that if they like and they can meet the generation requirements. Generation requirements seem to require a clock or stored coordinate state.
>
> For a new ID, it might be worth breaking free from the UUID format to design a better database-friendly ID. The UUID format doesn’t seem particularly necessary nowadays. It might good to allow for more bits too (UUIDs are fixed at slightly less than 128).
>
> LL
>
>
>
> On Feb 24, 2020, at 8:09 PM, Ben Ramsey <ben@benramsey.com> wrote:
>
> On 2/4/20 11:36 UTC, Rob Wilton (rwilton) wrote:
>
> What you describe does sound to me like it could be a new form of
> UUID (if limited to a 128 bit format), and it could potentially also
> be useful.  E.g. a 128 bit UUID that has good database locality
> properties and minimizes the leakage of private information sounds
> useful if it can be reasonably specified and implemented.
>
> I also note that RFC 4122 is 15 years old, and as Martin previously
> indicated there are security and privacy considerations that have
> evolved over time, hence updating RFC 4122 to make readers aware of
> those considerations also seems like it could potentially be useful.
>
> Writing this up as a draft sounds like a good next step to see if
> there is enough wider interest.
>
>
>
> FYI, Brad has submitted his first draft for review. You can see it here:
> https://datatracker.ietf.org/doc/draft-peabody-dispatch-new-uuid-format/
>
> I've been following this for a while, and as the author of a popular
> userland UUID library for PHP <https://github.com/ramsey/uuid>, I'd like
> to throw my support behind this proposal and describe a few of the pain
> points that have led application developers down the path of modifying
> the existing UUID structure to better suite their needs.
>
> As a standard, the UUID format is ubiquitous and portable. Despite some
> of its shortcomings, and the desire (as some have raised on this list)
> to create a new standard other than UUID, it's a desirable format, for
> many reasons.
>
> There is one primary shortcoming that results in a frequent need to
> modify the format, and this is the shortcoming that Brad's version 6
> UUID attempts to overcome. When developers begin storing UUIDs in
> relational databases, they inevitably arrive at one or all of these
> articles (which I'm surprised haven't yet been mentioned in this thread):
>
> * http://www.informit.com/articles/printerfriendly/25862
> * https://blog.codinghorror.com/primary-keys-ids-versus-guids/
> * https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/
>
> As a result, in my PHP library, I have implemented alternate _codecs_ to
> encode/decode UUIDs in more optimal ways for database fields, especially
> for use as primary keys. Two of these codecs are:
>
> * Timestamp-first COMB
> * Ordered Time UUID
>
> The timestamp-first COMB is a version 4 UUID combined with a Unix
> timestamp as the first 48 bits, resulting in a monotonically-increasing
> UUID. For all intents and purposes, the resulting value always looks
> like a version 4 UUID (the version and variant bits remain in the same
> places as defined by RFC 4122).
>
> The ordered time UUID is similar but retains the semantics of the
> version 1 UUID. That is, the UUID can be deconstructed to produce a node
> value, clock sequence value, and timestamp with nanosecond fidelity. The
> difference is that the timestamp is rearranged so that the UUID is
> monotonically increasing.
>
> The problem with this approach, though, is that the first 2 bytes are
> the same as the time_hi_and_version field, which means the UUID version
> now occupies the first 4 bits of the UUID. Unless you know how the bits
> of this UUID were rearranged, there's no way to reliably tell that it
> was originally a version 1 UUID.
>
> Therein lies the problem. The use-case is for a version 1 UUID, from
> which an application can retrieve nanosecond timestamp and node values,
> while being monotonically increasing so that it does not scatter the
> records in my database engine. But, by rearranging the bits to achieve
> this, I'm placing a dependency on my application to know how to
> deconstruct the bits when retrieving from the database. It's not very
> portable, error-prone, and can lead to developer confusion.
>
> Brad's version 6 UUID solves this problem.
>
> There are two primary issues I have with the current draft (I have many
> other comments, but I want to start with these two, and I'm also unsure
> how IETF discussion on drafts proceeds, so I'm eager to learn from others):
>
> 1. The draft doesn't appear to go into detail about the arrangement of
> the bits and how the timestamp should be split to accommodate the
> version field, while the earlier version (posted here:
> <http://gh.peabody.io/uuidv6/>) does go into this detail.
>
> 2. IMO, I think the alternate text formats do not belong in this
> document. I think this document should focus on the version 6 UUID, and
> the alternate text formats can be defined in a separate document. The
> ULID spec seems like a good specification to draw inspiration from,
> since it's compatible with any 128-bit number and already has a number
> of implementations. <https://github.com/ulid/spec>
>
> Cheers,
> Ben
>
> P.S. Yes, I am aware of privacy concerns with the use of the node field
> in version 1 UUIDs. I'm happy to discuss potential use-cases of the node
> field that can be used to track where a UUID was minted without
> revealing potentially private information, but I don't think the
> mechanism for creating the node field should be part of this draft.
>
>
>
>

v2.23.0 | Report a Bug | By Email