I think the scenario of the single signer re-ordering the outputs and inputs and then re-signing the transaction is in the same category of simple double-spends. The signer could just as well sign a completely different transaction spending the same coins to somewhere else, so I don't think there is a lot we can do about it even if we instate a canonical ordering. Even if we order the inputs and outputs the signer can just add a new input and output and we would have a different transaction.

Normalized transaction IDs do help in the case that the single signer wants to immediately follow up its transaction with another transaction spending the first one's change output, and it prevents any modification in the multi-signer scenario.

On Thu, Oct 22, 2015 at 1:21 AM Luke Dashjr <luke@dashjr.org> wrote:

On Wednesday, October 21, 2015 6:22:25 PM Danny Thorpe wrote:
> Let's keep canonical ordering separate from the normalized transaction ID
> proposal. Baby steps. Normalized transaction IDs provide an immediate
> benefit against the hazard of third party manipulation of transactions in
> the mempool, even without canonical ordering.

My point is that third-party manipulation is not much more of a problem than
signing-party manipulation. Solving the former (at a high cost), without
solving the latter, seems not worth it IMO.

Luke