Re-compute certificate chain on dev-preview leads to an epoch gap #2173
Description
Why
The re-computation of the certificate chain on the dev-preview networks fails and lead to an epoch gap from epoch 757 to epoch 778 (as detected by the certificate chain verifier). The problem occurs with the previous and the new version of the re-computation tool and multiple re-computations don't fix it.
Analysis
The problem was due to the fact that two versions of the certificates existed for the CardanoImmutableFilesFull signed entity type: some with a certificate with a hash computed before the breaking change and some with a certificate has computed after the breaking change in the certificate structure (this can happen if the re-computation of the certificate chain is not done immediately after introducing a breaking change in the certificate structure). This broke the expected order of the certificate chain and lead the verifier of the certificate chain to consider the chain corrupted.
An acceptable fix for the dev-preview network was to delete all the certificates produced for the CardanoImmutableFilesFull signed entity type before the introduction of the breaking change of the certificate structure.
Next steps
- Enhance the robustness and the devX of the re-computation tool
What
Investigate and fix the certificate chain re-computation.
How
- Investigate the problem
- Fix the problem