fixup! Spec: Define per-context contribution limits

patcg-individual-drafts · Jan 7, 2025 · f774bca · f774bca
1 parent ff6bee4
commit f774bca
Showing 1 changed file with 16 additions and 10 deletions.
diff --git a/spec.bs b/spec.bs
@@ -587,10 +587,12 @@ steps. They return a [=boolean=]:
     contributions=] is not null, return true.
 1. Return false.
 
-Note: If a context ID or non-default filtering ID max bytes was specified, a
-    report is sent, even if there are no contributions or there is insufficent
-    budget for the requested contributions. See [Protecting against leaks via
-    the number of reports](#protecting-against-leaks-via-the-number-of-reports).
+Note: Even when budget is insufficient for the requested contributions, a report
+    has to be sent when the caller provided a context ID, non-default filtering
+    ID max bytes, or non-null max contributions. See [Protecting against leaks
+    via the number of
+    reports](#protecting-against-leaks-via-the-number-of-reports).
+
 </div>
 
 <div algorithm>
@@ -1296,18 +1298,22 @@ However, the number of reports with the given metadata could expose some
 cross-site information. To protect against this, the API delays sending reports
 by a randomized amount of time to make it difficult to determine whether a
 report was sent or not from any particular event. In the case that a
-[=aggregatable report/context ID=] is supplied or a non-default [=aggregatable
-report/filtering ID max bytes=] is specified, the API makes the number of
-reports sent deterministic (sending 'null reports' if necessary -- each
-containing only a contribution with a value of 0 in the payload). Additional
-mitigations may also be possible in the future, e.g. adding noise to the report
-count.
+[=aggregatable report/context ID=] is supplied, a non-default [=aggregatable
+report/filtering ID max bytes=] is specified, or a [=aggregatable report/max
+contributions=] is specified, the API makes the number of reports sent
+deterministic (sending 'null reports' if necessary -- each containing only a
+contribution with a value of 0 in the payload). Additional mitigations may also
+be possible in the future, e.g. adding noise to the report count.
+
+Issue: Shouldn't the paragraph above refer to fields of [=pre-specified report
+ parameters=] instead of [=aggregatable report=]?
 
 ### Protecting against leaks via payload size ### {#protecting-against-leaks-via-payload-size}
 
 The length of the payload could additionally expose some cross-site information,
 namely how many contributions are included. To protect against this, the payload
 is padded to a fixed number of contributions.
+
 ### Temporary debugging mechanism ### {#temporary-debugging-mechanism}
 
 The {{PrivateAggregation/enableDebugMode()}} method allows for many of the