< andytoshi>
achow101: sipa: if i'm writing a PSBT finalizer and the `sighash_type` field is literally missing for an input, should the finalizer fail or should it default to SIGHASH_ALL?
< achow101>
andytoshi: default to sighash_all
< andytoshi>
also, is this the right channel for questions like this/
< andytoshi>
thanks
< achow101>
but also the finalizer shouldn't care about that. the signer does
< andytoshi>
from the BIP, "type, finalizers must fail to finalize inputs which have signatures that do not match the specified sighash type"
< andytoshi>
sounds like the finalizer is supposed to have some idea of whether or not signatures are valid
< andytoshi>
and in general, if you've got multiple parties then _somebody_ other than the signer needs to check the signatures, otherwise somebody will be able to grief the protocol with bad sigs
< sipa>
andytoshi: i think the way to look at it is that the sighash type is advisory; the only real check to be performed is that the signers agree with the sighash type they are signing for. if someone were to produce a signature for another sighash type, or replace the sighash_type field and have signers obey that, at worst the resulting transaction won't accomplish the desired goal, but it won't affect
< sipa>
any of the signer's funds (as they...
< sipa>
agreed to sign with whatever they did)
< sipa>
so i guess finalizers checking that the signature matches the sighash type is a useful sanity check against accidental signing with the wrong type, but it isn't protecting anything malicious
< andytoshi>
ok, makes sense
< andytoshi>
yeah, i see. if you want everyone to use the same sighash type (for sanity reasons) you can use this field. but if you want to let the signers do their own thing, there's no point in specifying that in the PSBT since individuals' sighashtypes will be appended to their signatures
< andytoshi>
so in that case you should leave the field empty, and finalizers shouldn't try to enforce anything