Tagged hashes are just prepend-this-32-byte-constant-twice-before-you-SHA256. However, it seemed that to check merkle tree proofs, an OP_CAT with only 64 bytes max output size would not be sufficient. Alternatively, tagged SHA256 could be implemented as a new opcode.In another discussion on OP_CAT, it was suggested to remove SIGHASH flags from signatures and put SIGHASH on public keys. Public keys would be encoded as either 33-bytes (implicit SIGHASH_ALL) or 34-bytes (SIGHASH byte, followed by pubkey type, followed by pubkey coordinate). The OP_CHECKSIG and other related functions would then look at the public key to determine the sighash algorithm rather than the signature. This is done by using the script: OP_SETPUBKEYSIGHASH OP_CHECKSIG.In this email thread, ZmnSCPxj suggests that there may be a superior solution to a problem that has been discussed on the bitcoin-dev mailing list. The email ends with links to the Lightning-dev mailing list and its subscription page.