On Tue, Oct 7, 2025 at 2:48 AM Dagfinn Ilmari Mannsåker
<ilmari@ilmari.org> wrote:
> It doesn't mandate (MUST) a CSPRNG, but it strongly recommends (SHOULD)
> it (unless unavailable) in the best practices section
> (https://www.rfc-editor.org/rfc/rfc9562.html#name-unguessability):
Right -- and we absolutely should do that. But this is in the context
of FIPS compliance. If you haven't compiled with SSL, uuidv7() is
going to fall back to /dev/urandom anyway, which IIUC is not going to
be FIPS-compliant anyway for most people.
So it's not really clear to me that we should be worrying about FIPS
for UUIDs. The only thing that gives me pause is the fact that
libpq-without-OpenSSL is probably a vanishingly small proportion of
builds, so maybe there could be people treating our use of a CSPRNG as
a de facto guarantee.
--Jacob
