I think we could refine the language around nonces.
In 8.1 it states that
**The nonce must be present in the subsequent [Credential Request] from the [holder].**
Which reads to me like the holder should just be including this same nonce in the credential request they create.
Wheras what they actually must do, as I understand it, is use that nonce in the construction of the ZKP proving that they have knowledge of the link secret they are committing to and providing to the issuer for them to blindly sign.
The nonce that is part of the Credential Request is an entirely different nonce, generated by the holder and provided to the issuer so that they include it in there ZKP of signature correctness.
I think we could refine the language around nonces.
In 8.1 it states that
**The nonce must be present in the subsequent [Credential Request] from the [holder].**Which reads to me like the holder should just be including this same nonce in the credential request they create.
Wheras what they actually must do, as I understand it, is use that nonce in the construction of the ZKP proving that they have knowledge of the link secret they are committing to and providing to the issuer for them to blindly sign.
The nonce that is part of the Credential Request is an entirely different nonce, generated by the holder and provided to the issuer so that they include it in there ZKP of signature correctness.