No at-least-once guarantee of delivery of ESR_REPLY_{A,i} message

[huitseeker]

Users can no longer submit ESR once they have been notified they are at risk (§ 7 server processing step 6).

Yet there is no user acknowlegement of the reception of an ESRREPLY{A, i} set to "1" (i.e. confirming an at-risk status), see §7 "Server Processing", "If the ESRREQUEST{A,i} is valid".

Should the end-user not be able to receive this message (because of a network failure, a compromised device, or an interception of this message), they would receive no information for this ESR, and all further ESRs from them would fail silently.

[huitseeker]

Brain fart: there is indeed an ACK message, specified on the very next page. :facepalm:

The specification is unclear on how the server should condition marking UN_A on reception of this ACK, but nonetheless, closing to avoid confusion.