Explain why deviceAuth uses signatures instead of MAC

[jmandel]

ISO/IECFDIS18013-5 final draft says:

NOTE Two mechanisms exist for mdoc authentication, MAC and ECDSA/EdDSA. MAC provides better privacy to the mdoc holder because it does not require the mdoc to produce a potentially non- repudiable signature over mdoc reader-provided data. The mdoc can always deny the MAC value to a third party because the mdoc reader could have produced it by itself. However, it is possible that the possibility to calculate a MAC is not available in all security environments on the mdoc

In this mdoc request API, there is no explicit reader key conveyed to the mDL, but there is a P-256 public key conveyed (partially out of band) via RequesterIdentity for use with HPKE.

Why not use this (or another explicitly-passed EReaderKey) as an input to allow device authentication via MAC, instead of using a non-repudiable signature?