2) The design is for content-hub to share a secret with Mir, and each construct their own instance of CookieFactory from that secret. Content-hub does not need to register itself with Mir. The copy/paste doc has some cookie flow examples.
3) The Mir calls which accept a MirCookie¹ will disconnect any client that submits an invalid cookie. Content-hub should probably do the same. Would it be better to (a) document that any attestation failure should be fatal to the client, and (b) rename “bool attest_timestamp(MirCookie const& cookie)” to “assert_timestamp()” and have it throw an exception on failure?
1) The copy/paste doc is at https:/ /docs.google. com/document/ d/16qCQ8vYJmS7d a1yfzBuKWnlUCrw _IXXsTIhWruPN0n k
2) The design is for content-hub to share a secret with Mir, and each construct their own instance of CookieFactory from that secret. Content-hub does not need to register itself with Mir. The copy/paste doc has some cookie flow examples.
3) The Mir calls which accept a MirCookie¹ will disconnect any client that submits an invalid cookie. Content-hub should probably do the same. Would it be better to (a) document that any attestation failure should be fatal to the client, and (b) rename “bool attest_ timestamp( MirCookie const& cookie)” to “assert_ timestamp( )” and have it throw an exception on failure?
¹: Here's an example: https:/ /code.launchpad .net/~mir- team/mir/ cookie- raise-surface/ +merge/ 274728