Thanks for your questions, @recent798.
In this covenant model, once you’re KYC’d, you can send bitcoins only to other KYC’d addresses. This is enforced by OP_CTV
No, only the Merkle root of the list, which is very compact.
There are significant differences.
First, the covenant model requires only a single signature every two weeks. That’s 26 signatures per year. In contrast, the cosigner model requires to co-sign every single transaction, which could be millions per year if there are thousands of institutions.
Second, the covenant model tolerates a slow signing process (e.g., it can take a week and use some threshold scheme) because that doesn’t affect transaction speeds. In contrast, in the cosigner model without a hot key you have to wait for the government to complete their cold signing process before you can transact. The longer the waiting time the higher is your opportunity cost. The shorter the waiting time the more complex and fragile is the air-gapped signing.
No, not airgapped. The server hosting the whitelist is just a simple, untrusted, static file server. It’s very easy to run multiple such file servers (particularly, in comparison to the complexity of a cosigning server).