Add documentation about certificate revocation

base-org · Jan 11, 2025 · d08e7ce · d08e7ce
1 parent 7879d9b
commit d08e7ce
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -7,6 +7,9 @@ Note it costs around 63m gas to validate an attestation with no prior verified c
 You can break this up into smaller transactions by verifying each cert in the chain separately.
 You can call `CertManager.verifyCert` for each cert in the attestation `cabundle`.
 
+This library does not currently support certificate revocation, which is disabled in AWS's attestation verification documentation
+[here](https://github.com/aws/aws-nitro-enclaves-nsm-api/blob/4b851f3006c6fa98f23dcffb2cba03b39de9b8af/docs/attestation_process.md#32-syntactical-validation).
+
 ## Usage
 
 1. Deploy the `CertManager` separately.

diff --git a/src/CertManager.sol b/src/CertManager.sol
@@ -10,6 +10,9 @@ import {ICertManager} from "./ICertManager.sol";
 
 // adapted from https://github.com/marlinprotocol/NitroProver/blob/f1d368d1f172ad3a55cd2aaaa98ad6a6e7dcde9d/src/CertManager.sol
 
+// Manages a mapping of verified certificates and their metadata.
+// The root of trust is the AWS Nitro root cert.
+// Certificate revocation is not currently supported.
 contract CertManager is ICertManager {
     using Asn1Decode for bytes;
     using LibAsn1Ptr for Asn1Ptr;