I'm curious, why is `SCRIPT_VERIFY_LOW_S` not a standard verification flag?
Because it would block ordinary transactions from many implementations.
I have been nagging implementers on and off for a long time to fix their behavior. In this latest round it looks like Strongcoin, Bter, Kraken, anything using pybitcointools (full of really scary broken crypto, nothing should use it), electrum (just fixed because ThomasV is awesome), were things I could easily identify.
It's been slow going-- even BIP62 only applied that restriction to flagged transactions.
If anyone feels like playing detective, here is a report someone else ran for me of addresses which were violating low-S (before the recent attacks):
https://people.xiph.org/~greg/high-s-reusecnt.log (leading number is how many times the pubkey was reused in the analysis window).
Getting more implementations to produce low-s for all their transactions would be very productive.