I generally agree that the strict liveness penalty is likely hurting the network (by reducing security) more than it’s helping the network (by incentivizing liveness) today. Nearly all past double signing on other staking activities has in the past come from operational errors by validators that were over-optimizing for liveness (e.g. hot spares)
But the network is also only 85 days old and I’d rather keep pushing towards a great long-term solution than jump straight to reducing the liveness criteria. Particularly because the a small (1-2m) outage is near zero.
I think we all agree #2 (multiproxy) from Asa will go a long way to addressing this.
Improving container restart speed would also be a nice optimization.
I also agree that Asa’s threshold signatures could be fantastic to optimize both security and availability.