[pending close] OpenID4VCI nonce reuse and batch credential request
Issue #1842
closed
- Should the
c_nonce
used on the credential requestproof
be a one-time use value (as the nonce name seems to suggest) or can it be used more than once? I didn’t found any information or guidance about this on the VCI specification. - If the
c_nonce
is a one-time use value, then can't that create a problem for batch credential requests, which need to contain multiple proofs? There doesn’t seem to be a way for a client/wallet to get more than one nonce to use on a batch credential request.
Comments (7)
-
-
- changed component to Credential Issuance
-
Thanks for raising this topic.
The verifier MUST use a nonce value provided by AS or CI as long as the CI does not provide a fresh value. Section 6.2. states: “When received, the Wallet MUST use this nonce value for its subsequent credential requests until the Credential Issuer provides a fresh nonce.“. Section 7.3. states “When received, the Wallet MUST use this nonce value for its subsequent credential requests until the Credential Issuer provides a fresh nonce.”
We defined this behavior especially to prevent any issues with batch credential issuance.
-
pending close. I think the question has been answered.
-
- changed title to [pending close] OpenID4VCI nonce reuse and batch credential request
-
reporter OK to close by me. Should I do it, since I was the creator?
-
- changed status to closed
you can close yourself too :)
- Log in to comment
We discussed 2. and I believe the answer was that the same c_nonce can be used for all PoP in the same batch credential request if I remember correctly. However, having some guidance on nonce management would definitely be beneficial.