Code review comment for lp:~mir-team/mir/attestable-timestamps-server

1) The copy/paste doc is at https://docs.google.com/document/d/16qCQ8vYJmS7da1yfzBuKWnlUCrw_IXXsTIhWruPN0nk

2) The design is for content-hub to share a secret with Mir, and each construct their own instance of CookieFactory from that secret. Content-hub does not need to register itself with Mir. The copy/paste doc has some cookie flow examples.

3) The Mir calls which accept a MirCookie¹ will disconnect any client that submits an invalid cookie. Content-hub should probably do the same. Would it be better to (a) document that any attestation failure should be fatal to the client, and (b) rename “bool attest_timestamp(MirCookie const& cookie)” to “assert_timestamp()” and have it throw an exception on failure?

¹: Here's an example: https://code.launchpad.net/~mir-team/mir/cookie-raise-surface/+merge/274728