That's not accurate. The witness is stored in the blockchain.
In the segwit format, the signature is part of the witness, the witness is part of the transaction and the transaction is written to the block in full. Nodes that understand segwit will download and store the complete transaction including the signature.
However, segwit is constructed in a forwards compatible manner. It's made so that it is possible to produce a "stripped version" of a segwit transaction that omits the "witness". This stripped version is a non-standard valid transaction according to pre-segwit rules. This means that pre-segwit nodes will not propagate it when it is unconfirmed, but accept it when it is included in a block. Segwit-enabled nodes would consider the stripped version incomplete and therefore depend on receiving the complete version of the transaction from another segwit-enabled node.
Since the transaction outputs are part of the stripped transaction (because they are not part of the witness), pre-segwit nodes will come to the same conclusion regarding the ownership of funds by following the stripped blocks as segwit-capable nodes that read the complete blocks.
Part of the criticism of segwit is that pre-segwit nodes will not verify the signature of segwit transactions, as they do not receive the witness and wouldn't know what to do with it. This means that a legacy node might accept an segwit-invalid block until that block is no longer part of the heaviest chain-tip. However, such a block would not propagate well on the network, as about 89% of the nodes on the network are segwit-capable. If you're receiving a significant amount of funds from a segwit transaction and are running a segwit-incapable node, you might want to wait for additional confirmations before taking it at face value. However, for significant amounts that would be a great idea regardless.
Thank you for this thorough explanation, however I'm not sure to understand the very last sentence – EricLavault – 2017-10-02T00:31:18.767
@EricLavault: If you're receiving a large amount of money, it can become interesting for people to try to trick you. If you wait for more than one confirmation, it'll be more costly and harder for them. – Murch – 2017-10-02T02:17:08.670
1This is not a answer to my question ... my question was ; where is the signature stored when its seperated from the transaction ( SegWit Format ) ? in the blockchain or outside the blockchain ? – laizess – 2017-10-02T18:48:30.157
@laizess: In the blockchain. See my second sentence: "In the segwit transaction format, the signature is part of the witness, the witness is part of the transaction, and the transaction is part of the block." Really, the signature is not separated from the transaction, but it is just separate from the rest of the input script but still inside the same transaction. – Murch – 2017-10-02T19:56:04.897
1@Murch That's confusing. If the witness is in the block, then why doesn't it count towards the block size? Assume the possibility that it's not part of the block, and instead comes in from a separate channel. In that case, it's clear that there's less data being stored on the blockchain for each transaction. What you're describing puts exactly the same amount of data onto the blockchain; so I don't see how it resolves the problem. – jkabrg – 2018-12-07T10:04:07.047
New question here: https://bitcoin.stackexchange.com/questions/81727/how-can-segwit-increase-transaction-throughput-if-the-same-amount-of-data-is-sto
– jkabrg – 2018-12-07T10:58:14.147