v0.2 protocol · Mode B · live demonstration
Click Mint Mode B bundle. The demo issuer generates an ephemeral Ed25519 keypair, embeds the public key in the passport's cnf.jwk.x claim, and signs a canonical RFC 9421 request with the matching private key. Click Verify (1st time): the verifier consults a global Cloudflare Durable Object, marks the (jti, signature) pair as seen, returns allow. Click Verify (2nd time): the DO sees the same pair, returns deny · replay_detected. Real protocol, no animation.
demo bundle
(not minted)
verify #1 response
(not run)
verify #2 response
(not run)
