If the variable size increase is only a few bytes, then three possibilities arise:- one should allow signatures to be zero padded (to reach the maximum size) and abandon strict DER encoding- one should allow spare witness stack elements (to pad the size to match the maximum size) and remove the cleanstack rule. But this is tricky because empty stack elements must be counted as 1 byte.- signers must loop the generation of signatures until the signature generated is of its maximum size.