He suggested putting "SIGHASH" on public keys instead and encoding them as either 33-bytes (implicit SIGHASH_ALL) or 34-bytes. Then, OP_CHECKSIG and friends will look at the public key to determine the sighash algorithm rather than the signature. ZmnSCPxj also proposed adding an opcode called "OP_SETPUBKEYSIGHASH," which would allow the selection of SIGHASH flag at time-of-signing if the script is formed to do so. By default, public keys will not have an attached SIGHASH byte, implying SIGHASH_ALL. This proposal removes the problems with SIGHASH_NONE and SIGHASH_SINGLE, as they are allowed only if the output specifically says they are allowed.