No predefined `Satisfier` can be used to sign the keyspend path of a Taproot output

[apoelstra]

Well, the PSBT one does, but that's a lot of infrastructure.

We have an impl for HashMap<(Pk, TapLeafHash>, Signature> that will work for script-spends. But this will silently fail for keyspends, which is confusing and surprising.

[sanket1729]

Taking a step back, how important is our Satisfier support for non-psbt stuff? Most users use psbt APIs which is easiest way to use miniscript.

If you are doing signing, you need some form of psbt infra, might as well have it for finalizing?

[apoelstra]

If you are doing signing, you need some form of psbt infra

No, you don't. If you have an explicitly constructed transaction then you just produce a sighash (which in the case of Taproot, we could really use some help from rust-miniscript to make sure we're signing the right branch(es)), sign, then use the satisfier API to put the signature into the right input(s).

It's strictly more complicated to do "first embed your transaction in a PSBT and then use the PSBT API and then extract the transaction" and this also gives you less flexibility in which branches of which inputs you want to sign.

[sanket1729]

"first embed your transaction in a PSBT and then use the PSBT API and then extract the transaction"

Agreed, this is conceptually simpler. But from coding and implementation simplicity, psbt + plan APIs are far simpler to use. You can select which branches you want to use with the plan API and you don't have to deal with sighashes + satisfiers.

Agreed that we should have some Satisfiers, was mostly curious why you don't like using PSBTs.

[apoelstra]

I just need to develop more familiarity with the API. I haven't had a chance to use the planning API yet.

Broadly speaking I think I need to shift my mindset to one where PSBT is the default way to think about partial transactions, rather than as an extra signer coordination mechanism.