grandpa: don't send equivocation reports for local identities

[andresilva]

There's no need to send equivocation reports for keys that we control:

• If the equivocation went to the network then someone else will report it;
• Otherwise there was no harm done so the slash is unnecessary.

This can happen (and has happened) when node operators restore the database from a backup and lose the GRANDPA voter state. They might end up equivocating on an old round for which no one in the network is listening anymore (and therefore the equivocation is harmless and would go unreported), but they end up reporting themselves and getting slashed.

[burdges]

It's harmless I'm sure, and even helpful, but not really a fix if I understand, right? We need grandpa to recognize when its voter state looks tainted relative to the database.

We’ve a “slashing reform” design https://hackmd.io/@rgbPIkIdTwSICPuAq67Jbw/BkCOQ8CvP that should basically end slashing of honest nodes across the board. It meshes nicely with two other problems: our session keys never sign their own certificates, and some future session keys require proofs-of-possession. It'd benefit from more formalization probably, but basically workable.

I'm not arguing against this change, but I wanted anyone interested to know.

[andresilva]

@burdges Yeah this is just small patchwork to avoid some class of "benign" equivocations. I've read through the document you've sent and I agree some mechanism like that is the proper way to go for preventing these kinds of equivocations caused by operational errors. I have created an issue for this (#7398) and linked to the document you posted.

[andresilva]

bot merge

[ghost]

Trying merge.