>> Timestamps can be vulnerable to clock attacks, right? Why not just include a monotonically increasing request number along with the nonce in each request?
> That interferes with the ability to send multiple requests in-flight at the same time.
I.e. it was assumed there was a sequence number, and I refuted that it disallows concurrent requests.
>> Timestamps can be vulnerable to clock attacks, right? Why not just include a monotonically increasing request number along with the nonce in each request?
> That interferes with the ability to send multiple requests in-flight at the same time.
I.e. it was assumed there was a sequence number, and I refuted that it disallows concurrent requests.
In general, I agree a signed timestamp is fine.