FIDO server challenge - A necessity?

[cyberphone]

For authentication, a challenge-response protocol is necessary. For transaction signing it is not. In for example EMV the challenge is rather a nonce created in the payment terminal.

It is true that the FIDO challenge thwarts replay but replay is something the back-end probably should deal with anyway. That is, the back-end should within a certain window of time be idempotent. Outside of this window requests are considered as invalid. This permits secure resending, in case of a network error, temporary server overload, etc.

The payment handler could add a nonce/time-stamp.

[adrianhopebailie]

This was my original assertion (use the Payment Request ID which is a UUID, i.e. random).

After discussing further with some other folks it sounds like this could be correct and we'll keep exploring this line of thinking.