Revocation delay

[knguyenBC]

Description of problem

The reissuance of both the Person credential and the LSBC member credential does NOT revoke the older credential immediately.

• The wallet displays the credential as non-revoked
• can be used in proof request and information will send successfully.
• The proof will fail however, with VC-AuthN displaying a proof not accepted error
• and the mobile verifier will display a "proof declined" screen on the verifier side.

Oddly enough, for the Person credential, the revocation message sent over the connection will be sent.

Expected behavior

Credentials should revoke immediately after issuance of the new ones

Steps to reproduce

• obtain a person credential on device A
• Get another one on device B
• Check both are still non-revoked
• Attempt to use the Person credential from device A

Screenshots and/or log output

Environment

• [x] Occurs on Android
• [x] Occurs on iOS

Build #: 1792

Android Device Model: Pixel 8

iOS Device Model: iPhone SE

Workaround

none

Severity

• [x] High
• [ ] Medium
• [ ] Low

[WadeBarnes]

There is a long standing issue with the LSBC agent's wallet that started a few years back with an out of sync issue. Revocation entries were created, but they could not be written to the ledger, so the wallet and the ledger got out of sync. Ian created a fix that allowed us to sync the records retroactively. This allowed us to permanently fix LSBC's DEV and TEST instances, however we were unable to permanently fix the issue in PROD. A second fix (workaround) was put in place in aca-py so it automatically invoked the retro-active resync code whenever there was an error writing a revocation entry to the ledger.

Not saying it's the case, but you might be seeing a possible side affect due to this process. To rule this out as an issue we'd need to monitor the ledger and see if there are any timing issues with revocation entries being written to the ledger during the revoke and re-issue process.