Evidence verification without verifier-provided nonce #11
Description
It should be possible to successfully verify evidence that does not contain a verifier provided nonce. This seems to possible with the code base, because the verifier code does not check the nonce. But this should be made a permanent documented feature or option.
Example scenario where this is needed: the challenge included in attestation evidence may be channel bindings for a secure channel where the attester and the relying party are the endpoints. In this case, verifying freshness is the task of the relying party instead of the verifier.