But see, now you are specializing the use of MAC token even more - now it's
becoming a service mainly for user-agents on home desktops? This is further for
the original goal of making MAC as flexible is possible. In this case you
should change the spec name to
MAC_TOKEN_FOR_BROWSER_COOKIE_REPLA
I can't speak for Mozilla, but I can tell you that many folks don't
have synchronized clocks, for a wide variety of reasons. I guess I
don't really understand why you view age as problematic. You
reference "fragility of using time-since-credentials-issued" but you
don't say what exactly is fragil
I don't think you read my first message on the topic (or I wrote too much).
Age is fragile because if the clock changes between issue_date and the time of
submission, it will fail. We know many people don't have synchronized clocks,
but using age only solves this problem if two assumptions hold
