Hi James,

Thanks for the additional thoughts.

> In your example script, you're not making use of the template hash or OP_NOP4.

I think this is where we're talking past each other as in example of the
script previosuly given, there is a CTV opcode used in the first OP_IF
branch.

Here again the script:

        OP_IF
                <my_little_vault_hash> OP_CHECKTEMPLATEVERIFY
        OP_ELSE
                <alice_bob_their_family_aggregated_pubkey> OP_CHECKSIG
        OP_ENDIF

Correct if I'm wrong, but in my understanding of BIP119, if the first
path is taken, the templating will be checked on the spending transaction
from the <my_little_vault_hash> stack element.

Of course, this is not a concern specific to OP_CTV and it's concerning
all the non bitcoin witness v1 traffic. Though, apart of the additional
work to change BIP119 and its code, I don't see why it's not technically
rational to make BIP119 a bitcoin witness v1 only.

Reducing the attack surface now, it's always less attack surface for
funds locked in the future thanks to CTV. Indeed, if you see technical
rational not to do CTV a segwit v1 and keep it as a legacy or you would
like I explain better such "blocksig overflow attack", I'm all hear.

The letter was asking for technical review. So here some "troubleshoot"
review of CTV, which I believe it's worthy to fix in its design. I don't
think it's a lot of work to make CTV a segwit v1, though I can suggest
pseudo-code if you wish so.

Re-iterating my previous commitment to advance on the review of CTV+ CSFS
(and BIP54) during the next 6 months. Your letter was asking for some kind
of goodwill signaling, here mine.

Thanks for the degree of professionalism you're upholding in the wish
to move the lines forward.

Best,
Antoine
OTS hash: 03eedd0ff78d4417c53cb0eb5660c89d5d13f6e1c4fc55a8d7f2bb83f209ce5b