Code review comment for lp:~mir-team/mir/public-cookie-api

[Just comment]

It (still) seems odd that CookieAuthority deals with both MirCookies and with pairs of timestamp and MAC. Surely a /cookie/ authority should deal with Cookies? Would it not make more sense as:

auto make_cookie(Timestamp t) -> unique_ptr<MirCookie>

auto authenticated_timestamp(MirCookie const& c) -> Timestamp

Having clients aware of the MAC seems like a leaky abstraction