Schnorr signatures BIP

In a conversation between Erik Aronesty and Gregory Maxwell, they discussed the use of delinearization in cases where it can be used. They both agreed that communication efficiency is important for some applications and that delinearization is a better option in those cases. For users who want an "M of N" scheme that doesn't cost more to send funds, allows them to lose a device and keep their coins, and allows them to establish and validate the scheme safely, a simple "verified signer" threshold scheme is probably the best solution. It was noted that M of M is a particular threshold, and if you want a threshold other than M of M, then you use a threshold other than M of M. There was a discussion about having the senders of the G*x pubkey shares sign their messages with the associated private key share to prevent them from using Wagner's algorithm to attack the combined key. While this is a possibility described in the musig paper, it requires users to communicate an extra signature per key. Therefore, in any case where delinearization can be used, it is a better option as it has better failure properties and eliminates the need for extra communication.