Conflicting use for cert updatedOn and expireOn
Cert has both updatedOn and expireOn fields which use conflict: if they are updated on cert renewal, expireOn is simply updatedOn plus cert duration, so there would be no reason to have both.
The genesis and indexing behaviors are not coherent:
- genesis considers cert removal as changing updatedOn
- indexer considers cert removal to not change updatedOn, only expireOn
expireOn usually should not be changed by cert expiration since the duration is known before, it only does for cert that are removed before expiration (like certs to unconfirmed or unvalidated identities).
We should:
- list the client-side needs
- redefine the use of the fields
- document what they precisely represent
- remove potential unnecessary fields