Validator re-jailing issues

[jtremback]

When a validator unjails themselves, they do not have signed_valsets_window blocks to submit signatures because they are held accountable for validator sets created while they were jailed. Furthermore, you cannot submit signatures while you are jailed, so it's not possible for them to catch up and then unjail themselves.

Possible solution 1:

• Allow jailed validators to submit valset signatures.
• The problem with this is that we need to give validators the caveat that they need to catch up on signing before unjailing themselves. This is an unacceptable mental load for most validators.

Possible solution 2:

• Forgive jailed validators for any valsets they missed while they were jailed
• Proof that this is not exploitable by someone jailing and unjailing themselves repeatedly or something will be provided by Justin in the comments below.
• There could be other issues that Justin will explore further in another documents.

[jkilpatr]

So we can't forgive the validator for any validator sets that where created while they where jailed. At least not without creating another slashing condition to deal with the fallout.

Imagine a scenario where we have two validators, each has 32% of the stake and they leave the validator set in back to back blocks. This is perfectly allowed by tendermint.

Neither of them sign any additional validator sets and simply rejoin fully forgiven after the jail period is up

After they both left an essential validator set was created, since they where forgiven and didn't have to sign that validator set control of the bridge is lost.

After considering this it seems to be that solution 1 is viable and easy to implement (write some docs and a minor edit to submit valset signatures) so we should at least do that one for now.

[jtremback]

Solution 1 may be a deal breaker for the Hub I suspect.

[jkilpatr]

it is now possible for validators to submit signatures while jailed.