@Aljoscha thanks for taking a look :)
Just because it hasn't been mentioned yet in this thread: what happens if I start appending to another person's log
I didn't mention that explicitly, but from the code linked you can see that all other things are checked except the signature of the other messages.
You can still easily (and quickly, compared to signature validation) verify that all messages have the same author
Do you mean checking the author field? Or that the signature was created by the said author without checking that the signature is actually correct?
Btw. this optimization is not documented in the spec. There is also the posibility to randomly selecting 1 message in each round and verifying that in full. Then verifying the messages after that one using the same method until you reach the end. It's probably best that each client doesn't follow the same rules. In any case these are just optimizations, you can still verify each message in full (which is what the benchmark does btw.).
Status: In review
By whom? For how long? Under which criteria? Don't tease the poor reader like that.
Like a good stew until it's finished :P Currently I don't expect this to change much so the spec will probably be finalized once we merge that DB2 PR.
The verification section is only local to each message. It should at the very least link to the specification for log verification (valid hash chain, single-author, etc). Which exists, right? =P
It links to bamboo so? :-)