Hi Ruben, I have incorporated your feedback. Using only the first four bytes of the notification code is a very valuable suggestion, so thank you for that. I have added you as a co-author.
In regards to hiding the recipient in the notification, the purpose is not only to allow Alice to send a notification herself, but also to break the link between the notifier (be that Alice or a third-party service) and Bob. Not doing so would reintroduce the same problem we have with BIP47 and unique per-recipient notification addresses -- namely that of social graph building. The tradeoff, as you noticed, is that light clients have to rely on some kind of OP_RETURN indexing service. I personally consider any inconvenience (to developers, as end users never see this) stemming from that to be acceptable because: 1) it reduces the amount of social metadata on the blockchain 2) notification services might otherwise be pressured into censoring certain recipients 3) it allows wallets to decide the level of outsourcing they are comfortable with 4) adversaries monitoring notifications might see a lot of notifications to someone and use that information to mount an attack Thanks for all the feedback. Alfred _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
