Replay-nonce lifetime

Just a short question here: how many seconds can I expect the lifetime of the replay-nonce to be? I’d like to preserve the replay-nonce from the response header instead of retrieving it via newNonce before the next request.

Regards!

2 Likes

The validity lifetime of a given nonce may vary a lot depending on the load of the boulder server.

It is safe and the recommended strategy to use the nonce from the header of the previous call, no need to call for newNonce unless the server reports badnonce error. If you do that way, you also nice for the other clients.
Why is that? If you call before each POST a GET for newNonce, the server generates twice the quantity of the nonce which will really got used. So your client add to filling up the nonce cache of the boulder server (array of 2^16 size). As a consequence in case of full nonce cache the boulder server has to strike out the earliest unused nonce, practically reducing the average lifetime of a nonce.

3 Likes

Thank you for your in-depth explaination.

3 Likes