Code review comment for lp:~mir-team/mir/attestable-timestamps-server

1, 2) Yeah, that bit of the design is unspecified. I was assuming that we'd either go for:
 a) A parent process of unity8 and content-hub generates a secret and fd-passes it to both, or
 b) Unity8 and content-hub share a file readable only by them, or
 c) content-hub is started by unity8 and gets the secret fd-passed to it.

I'm not sufficiently familiar with the global design to know which one is most appropriate.

3) Unity8 only allows one connection per client. Actually, that's a lie; Unity8 effectively allows any client to connect to it, but in *theory* Unity8 only allows one connection per client. In theory, unity8 only allows applications started by upstart-app-launch and only allows one connection per launch, but in practice it allows anything that has --desktop-file-hint=valid.desktop on its commandline, or any binary whose name starts with maliit-server or which contains qt5/libexec/QtWebProcess.

So reconnection *should* be expensive, but currently isn't.

assert_timestamp() is in the server's address space; the secret required to assert a timestamp isn't available in the client address space.