diff --git a/delegation/delegation.go b/delegation/delegation.go
index e0bbefa..fad627a 100644
--- a/delegation/delegation.go
+++ b/delegation/delegation.go
@@ -12,7 +12,6 @@ import (
 	"github.com/ucan-wg/go-ucan/capability/command"
 	"github.com/ucan-wg/go-ucan/capability/policy"
 	"github.com/ucan-wg/go-ucan/did"
-	"github.com/ucan-wg/go-ucan/internal/envelope"
 	"github.com/ucan-wg/go-ucan/pkg/meta"
 )
 
@@ -54,6 +53,7 @@ func New(privKey crypto.PrivKey, aud did.DID, cmd command.Command, pol policy.Po
 		policy:   pol,
 		meta:     meta.NewMeta(),
 		nonce:    nil,
+		cid:      cid.Undef,
 	}
 
 	for _, opt := range opts {
@@ -73,18 +73,6 @@ func New(privKey crypto.PrivKey, aud did.DID, cmd command.Command, pol policy.Po
 		return nil, err
 	}
 
-	cbor, err := tkn.ToDagCbor(privKey)
-	if err != nil {
-		return nil, err
-	}
-
-	id, err := envelope.CIDFromBytes(cbor)
-	if err != nil {
-		return nil, err
-	}
-
-	tkn.cid = id
-
 	return tkn, nil
 }
 
@@ -150,6 +138,7 @@ func (t *Token) Expiration() *time.Time {
 
 // CID returns the content identifier of the Token model when enclosed
 // in an Envelope and encoded to DAG-CBOR.
+// Returns cid.Undef if the token has not been serialized or deserialized yet.
 func (t *Token) CID() cid.Cid {
 	return t.cid
 }
@@ -299,6 +288,7 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
 }
 
 // generateNonce creates a 12-byte random nonce.
+// TODO: some crypto scheme require more, is that our case?
 func generateNonce() ([]byte, error) {
 	res := make([]byte, 12)
 	_, err := rand.Read(res)
diff --git a/internal/envelope/cid.go b/internal/envelope/cid.go
index 2f8c7cf..f127459 100644
--- a/internal/envelope/cid.go
+++ b/internal/envelope/cid.go
@@ -21,6 +21,7 @@ func CIDToBase58BTC(id cid.Cid) string {
 }
 
 // CID returns the UCAN content identifier a Tokener.
+// TODO: remove?
 func CID(privKey crypto.PrivKey, token Tokener) (cid.Cid, error) {
 	data, err := ToDagCbor(privKey, token)
 	if err != nil {
@@ -53,11 +54,11 @@ type CIDReader struct {
 // NewCIDReader initializes a hash.Hash to calculate the CID's hash and
 // and returns a wrapped io.Reader.
 func NewCIDReader(r io.Reader) *CIDReader {
-	hash := sha256.New()
-	hash.Reset()
+	h := sha256.New()
+	h.Reset()
 
 	return &CIDReader{
-		hash: hash,
+		hash: h,
 		r:    r,
 	}
 }
@@ -95,11 +96,11 @@ type CIDWriter struct {
 }
 
 func NewCIDWriter(w io.Writer) *CIDWriter {
-	hash := sha256.New()
-	hash.Reset()
+	h := sha256.New()
+	h.Reset()
 
 	return &CIDWriter{
-		hash: hash,
+		hash: h,
 		w:    w,
 	}
 }
diff --git a/internal/envelope/cid_test.go b/internal/envelope/cid_test.go
index 449477d..290ddd4 100644
--- a/internal/envelope/cid_test.go
+++ b/internal/envelope/cid_test.go
@@ -9,8 +9,9 @@ import (
 	"github.com/multiformats/go-multihash"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/ucan-wg/go-ucan/internal/envelope"
 	"gotest.tools/v3/golden"
+
+	"github.com/ucan-wg/go-ucan/internal/envelope"
 )
 
 func TestCid(t *testing.T) {
diff --git a/internal/envelope/ipld.go b/internal/envelope/ipld.go
index 8514174..553bb30 100644
--- a/internal/envelope/ipld.go
+++ b/internal/envelope/ipld.go
@@ -39,6 +39,7 @@ import (
 	"github.com/ipld/go-ipld-prime/node/bindnode"
 	"github.com/ipld/go-ipld-prime/schema"
 	"github.com/libp2p/go-libp2p/core/crypto"
+
 	"github.com/ucan-wg/go-ucan/did"
 	"github.com/ucan-wg/go-ucan/internal/varsig"
 )
@@ -164,19 +165,17 @@ func fromIPLD[T Tokener](node datamodel.Node) (T, error) {
 		return undef, err
 	}
 
-	// This needs to be done before converting this node to it's schema
+	// This needs to be done before converting this node to its schema
 	// representation (afterwards, the field might be renamed os it's safer
 	// to use the wire name).
 	issuerNode, err := tokenPayloadNode.LookupByString("iss")
 	if err != nil {
 		return undef, err
 	}
-	// ^^^
 
 	// Replaces the datamodel.Node in tokenPayloadNode with a
 	// schema.TypedNode so that we can cast it to a *token.Token after
 	// unwrapping it.
-	// vvv
 	nb := undef.Prototype().Representation().NewBuilder()
 
 	err = nb.AssignNode(tokenPayloadNode)
@@ -185,7 +184,6 @@ func fromIPLD[T Tokener](node datamodel.Node) (T, error) {
 	}
 
 	tokenPayloadNode = nb.Build()
-	// ^^^
 
 	tokenPayload := bindnode.Unwrap(tokenPayloadNode)
 	if tokenPayload == nil {
@@ -199,7 +197,6 @@ func fromIPLD[T Tokener](node datamodel.Node) (T, error) {
 
 	// Check that the issuer's DID contains a public key with a type that
 	// matches the VarsigHeader and then verify the SigPayload.
-	// vvv
 	issuer, err := issuerNode.AsString()
 	if err != nil {
 		return undef, err
@@ -238,7 +235,6 @@ func fromIPLD[T Tokener](node datamodel.Node) (T, error) {
 	if err != nil || !ok {
 		return undef, errors.New("failed to verify the token's signature")
 	}
-	// ^^^
 
 	return tkn, nil
 }