Schnorr signatures BIP

The author clarified that they switched to the medium article so that they could correct, edit and improve things to make them clearer. The protocol was modified to work better and coding it up in python showed that it's definitely interactive and no different than a "standard shnorr sig" regarding security. No special protocol support is needed over Schnorr signing itself and the e, s version can be made at least as secure as schnorr + DLP. No research has been done on the R,s version. An M-1 rogue-key attack would require an attacker to either attack the hash function to produce a predictable R based on a known message or attack the DLP to influence x or k. Neither attack gives any particular advantage to someone who has M-1 keys. However, the author admitted that they have not tested whether the R,s version is susceptible. In response to the article, Gregory Maxwell suggests that the author may be ignoring feedback they don't like and accepting feedback that sounds favorable. He points out that something "like that" does work and is expressly and explicitly anticipated by the BIP but requires proper delineation (E.g. musig) and interaction. What the author proposed is continually vague. Poelstra suggests a CAS implementation which provides for a method of communicating in both directions which is completely precise.