But is this actually checked by isStandard()?
Can't be yet, a majority of transactions on the network still fail the check.
Is the plan to do it in 2 stages, first make the reference client only produce canonical signatures and then make non-canonical non-standard?
Sort of, the first stage is "get all widely used signers to only produce canonical signatures", which making the reference client do it is just the first step. I believe the latest bitcoinj does this now too.
Thanks for the reminder though, it's time to start the nagging engines.
I guess the problem is that old clients would have transactions rejected.
In theory, miners could switch the signatures to canonical, but I assume that is discouraged.
Sort of a tough problem considering how poor wallets handle the change.
A transaction is non-standard if any of its signatures leave data on the stack? That can't be checked without the input transaction.
We can't verify a transaction without the input since they're included in the signatures.
I thought we templaitized the signatures, but apparently we don't (sometimes it's hard to remember whats been implemented vs discussed).
I think that would give reasonable safety in practice.
Safety for what? I agree that it's reasonably fine against trouble making when the attacker gains little and the harm of a loss is small. But there are already substantial pools like ghash.io who have mined maliciously in order to rip people off.