Rewrite mention of replay attacks in nonce section

cfrg · Nov 2, 2024 · 4b2eedc · 4b2eedc
1 parent f8974ce
commit 4b2eedc
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/draft-irtf-cfrg-vdaf.md b/draft-irtf-cfrg-vdaf.md
@@ -5701,11 +5701,12 @@ required in order to leverage security analysis for the privacy definition of
 report. Uniqueness of the nonce is not sufficient because the verification key
 is controlled by the attacker.
 
-Other security considerations may require the nonce to be non-repeating in a
-given context. For example, to achieve differential privacy it is necessary to
-avoid "over exposing" a report by including it too many times in a single batch
-or across multiple batches. It is RECOMMENDED that the nonce generated by the
-Client be used by the Aggregators for replay protection.
+Applications will need to protect against replay attacks to prevent disallowed
+re-use of reports (see {{agg-param-security}}). Furthermore, in applications
+that aim to achieve differential privacy, it is necessary to limit how much
+each party contributes to a single batch or multiple batches. It is RECOMMENDED
+that the nonce generated by the Client be used by the Aggregators for replay
+protection.
 
 ## The Public Share