openid.nonce added

[Karl Koscher]

Brad Fitzpatrick wrote:

>Nonce support has been added to the protocol.  Optional for consumers to
>send.  Required for identity servers to echo back and sign.
>  
>
Erm, is this really necessary? Can't a consumer just include something 
like that in their return URL, that in turn is part of the message 
hashed by the identity server? It seems like an extra implementation 
detail that doesn't really get you anything that you couldn't get 
otherwise, but perhaps I'm missing something?

- Karl