use expiration durations from the attestation certificate #1639
Description
Background
After #1629 we enforce a fixed timeout for attestation validity instead of storing the attestation on chain. As the contract only stores valid attestations, we assume the attestation only becomes invalid due to timeouts, as we currently don't have a mechanism to update the CRLs on chain.
Intel’s certificates and CRLs already include issueDate / nextUpdate fields that define their actual validity windows (≈30 days for PCK CRLs & TCB Info).
Per @barakeinav1’s analysis (see linked table), these TTLs are reliable and usable on-chain.
We should look into using these TTLs instead of hard coded values on the contract for expiration of attestations. I.e. how often a node should be enforced to submit attestations.
User Story
As a contract developer, I want to use the TTLs embedded in Intel certificates and CRLs so that attestation expiry is enforced accurately without relying on a hard coded timeouts.
Acceptance Criteria
The contract uses the timeout defined in the PCK CRL for expiry of attestations instead of an arbitrary value defined in the contract.
Resources & Additional Notes
No response