various sanding everywhere towards building the tookit

2024-11-20 12:34:24 +01:00
parent 1098e76cba
commit e980d6c0b9
13 changed files with 176 additions and 48 deletions
--- a/token/internal/nonce/nonce.go
+++ b/token/internal/nonce/nonce.go
@@ -2,8 +2,25 @@ package nonce

 import "crypto/rand"

-// Generate creates a 12-byte random nonce.
 // TODO: some crypto scheme require more, is that our case?
+//
+// The spec mention:
+// The REQUIRED nonce parameter nonce MAY be any value.
+// A randomly generated string is RECOMMENDED to provide a unique UCAN, though it MAY
+// also be a monotonically increasing count of the number of links in the hash chain.
+// This field helps prevent replay attacks and ensures a unique CID per delegation.
+// The iss, aud, and exp fields together will often ensure that UCANs are unique,
+// but adding the nonce ensures uniqueness.
+//
+// The recommended size of the nonce differs by key type. In many cases, a random
+// 12-byte nonce is sufficient. If uncertain, check the nonce in your DID's crypto suite.
+//
+// 12 bytes is 10^28, 16 bytes is 10^38. Both sounds like a lot of random to achieve
+// those goals, but maybe the crypto voodoo require more.
+//
+// The rust implementation use 16 bytes nonce.
+
+// Generate creates a 12-byte random nonce.
 func Generate() ([]byte, error) {
 	res := make([]byte, 12)
 	_, err := rand.Read(res)