Re: [Bitcoin-development] [softfork proposal] Strict DER signatures

[Pieter Wuille <pieter.wuille@gmail.com>]

On Wed, Jan 21, 2015 at 2:29 PM, Douglas Roark <doug@bitcoinarmory.com> wrote:
> Nice paper, Pieter. I do have a bit of feedback.

Thanks for the comments. I hope I have clarified the text a bit accordingly.

> 1)The first sentence of "Deployment" has a typo. "We reuse the
> double-threshold switchover mechanism from BIP 34, with the same
> *thresholds*, [....]"

Fixed.

> 2)I think the handling of the sighash byte in the comments of
> IsDERSignature() could use a little tweaking. If you look at
> CheckSignatureEncoding() in the actual code (src/script/interpreter.cpp
> in master), it's clear that the sighash byte is included as part of the
> signature struct, even though it's not part of the actual DER encoding
> being checked by IsDERSignature(). This is fine. I just think that the
> code comments in the paper ought to make this point clearer, either in
> the sighash description, or as a comment when checking the sig size
> (i.e., size-3 is valid because sighash is included), or both.

I've renamed the function to IsValidSignatureEncoding, as it is not
strictly about DER (it adds a Bitcoin-specific byte, and supports and
empty string too).

> 3)The paper says a sig with size=0 is correctly coded but is neither
> valid nor DER. Perhaps this code should be elsewhere in the Bitcoin
> code? It seems to me that letting a sig pass in IsDERSignature() when
> it's not actually DER-encoded is incorrect.

I've expanded the comments about it a bit.

-- 
Pieter