There is a discussion about clarifying how BIP70 signs payment requests here:
The issue is what to do with the signature field before signing. The code Mike and I initially wrote does this:
request.set_signature(string(""));
(sets signature to the empty string)
I think that is a mistake; it should be:
request.clear_signature();
(clears signature field, so it is not serialized at all).
So: if you are implementing, or have implemented, the payment protocol, please chime in. I'd like to change the spec and the reference implementation NOW, while BIP70 is still a 'Draft'.
Because this type of "hey, I'm implementing your standard and it doesn't work the way I think it should" mistake is exactly why BIPs take a while before being declared 'Final.'