# Publicly verifiable timestamps for UCAN invocations with Drand **(Work in Progress)** Being able to verify that a UCAN invocation happened within a time window gives us some assurances. We need a way to publically verify that a UCAN was created on or after a specific time. By including a drand randomness round in a signed UCAN, we can prove that it was created on or after that randomness round was generated. There's a number of uses for this e.g. it allows us to transparently account for `store/add` invocations, publically proving that we were asked to store data within a given time frame. It's also reasonable to assume that the UCAN was probably _not_ generated _after_ the included randomness round. There is no incentive to do so if it is likely to be rejected on reciept. It could happen if a private key is compromised, but then the owner has bigger problems 😱. We want a simple way to prevent replay attacks, within a reasonable time window, but we do not necessarily want the UCAN to expire in the same window. ## Proposal 1. Issuers **must** include a drand randomness round in UCAN [`nnc`](https://github.com/ucan-wg/spec#323-nonce) field 1. Issuers **must** include the public key of the drand randomness chain in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field 1. Issuers **should** include the drand randomness _round number_ in the [`nb`](https://github.com/ucan-wg/spec#241-nb-non-normative-fields) field 1. Audiences **may** reject a received UCAN if the randomness of the current round does not match the randomness included in the UCAN.