You generally know the witness size to within a few bytes right before signing. Why would you not? You know the size of ECDSA signatures. You can be told the size of a hash preimage by the other party. It takes some contriving to come up with a scheme where one party has variable-length signatures of their chosing
> On Sep 22, 2017, at 2:32 PM, Sergio Demian Lerner <[email protected]> > wrote: > > But generally before one signs a transaction one does not know the signature > size (which may be variable). One can only estimate the maximum size. _______________________________________________ bitcoin-dev mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
