From 90095e3f6ea07af054db146888323334b692e626 Mon Sep 17 00:00:00 2001
From: Greg Tonoski <111286121+GregTonoski@users.noreply.github.com>
Date: Sun, 27 Oct 2024 21:08:26 +0100
Subject: [PATCH] point 23 (MSDL-pop scenario and commitment) - exception

---
 Comments:BIP-0341.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Comments:BIP-0341.md b/Comments:BIP-0341.md
index df3a5f8..0c76ddf 100644
--- a/Comments:BIP-0341.md
+++ b/Comments:BIP-0341.md
@@ -2,4 +2,6 @@
 
 There is the should-type requirement of hardcoded constant "TapTweak" in derivation of a private-public key pair used in a spending path that excludes scripts in the BIP-0341 specification. I think that the requirement is unnecessary or too restrictive. I would suggest replacing the requirement with a cautionary note and leaving an option to derive ("TapTweak") a new key pair to an owner's discretion instead. Reasons:
 1. avoidance/minimisation of a number of hardcoded values (in accordance with commonly accepted best practices);
-2. keeping requirements specification consice and of high relevance to changes in protocol and consensus rules.
\ No newline at end of file
+2. keeping requirements specification consice and of high relevance to changes in protocol and consensus rules.
+
+Also it may be worth adding an explanatory/warning note that sometimes the described attack in MSDL-pop scenario is not averted by the proposed "TapTweak" mechanism which is excluded for TapTweaks (t) that exceed SECP256K1_ORDER (regarding the point 23 in Rationale section. i.e. https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_ref-23-0).
\ No newline at end of file