Open
Description
As described in #197 (comment), when an operation requires owner permission, if a transaction contains that operation is signed by both active key and owner key (two signatures), it will still be accepted by witness nodes. But actually the signature signed by the active key is unnecessary.
To "fix" this, need to change the consensus. It's tricky because it requires client applications to adapt to the new rule, so it's possible to break some of them.
Update: test case is here: fbef6c2