Discuss explicitly the attack prevented by enforcing unique report IDs, which is to stop honest Client reports from being replayed. This would also be necessary to satisfy VDAF's requirement of nonce uniqueness, but it's not yet clear VDAF will impose that exact requirement (see 1).
There's no functional change here, but hopefully being explicit can short-circuit future discussion of why we have this expensive requirement.
Discuss explicitly the attack prevented by enforcing unique report IDs, which is to stop honest Client reports from being replayed. This would also be necessary to satisfy VDAF's requirement of nonce uniqueness, but it's not yet clear VDAF will impose that exact requirement (see 1).
There's no functional change here, but hopefully being explicit can short-circuit future discussion of why we have this expensive requirement.
See #558 for motivating discussion.