Add documentation about certificate revocation

Michael de Hoog · Michael de Hoog · commit d08e7cea3c5d · 2025-01-10T16:09:11.000-10:00
diff --git a/README.md b/README.md
@@ -7,6 +7,9 @@ Note it costs around 63m gas to validate an attestation with no prior verified c
 You can break this up into smaller transactions by verifying each cert in the chain separately.
 You can call `CertManager.verifyCert` for each cert in the attestation `cabundle`.
 
+This library does not currently support certificate revocation, which is disabled in AWS's attestation verification documentation
+[here](https://github.com/aws/aws-nitro-enclaves-nsm-api/blob/4b851f3006c6fa98f23dcffb2cba03b39de9b8af/docs/attestation_process.md#32-syntactical-validation).
+
 ## Usage
 
 1. Deploy the `CertManager` separately.
diff --git a/src/CertManager.sol b/src/CertManager.sol
@@ -10,6 +10,9 @@ import {ICertManager} from "./ICertManager.sol";
 
 // adapted from https://github.com/marlinprotocol/NitroProver/blob/f1d368d1f172ad3a55cd2aaaa98ad6a6e7dcde9d/src/CertManager.sol
 
+// Manages a mapping of verified certificates and their metadata.
+// The root of trust is the AWS Nitro root cert.
+// Certificate revocation is not currently supported.
 contract CertManager is ICertManager {
     using Asn1Decode for bytes;
     using LibAsn1Ptr for Asn1Ptr;
