Good idea. You can associate another public key with your account and make an announcement that you only use this key for encrypted communications.
>>if you want to do secure communications *onchain* >> the communication is off-chain. only initial signaling is on-chain.
Anyway, it is better than plain text emails...
Ok, then just do not use implementations of such a protocol - if it will ever be implemented - that rely on insecurely hosted keys.
-> where actual message encryption is done using symmetric keys
>The problem with symmetric encryption is that both parties are a security vulnerability -> every modern widely deployed scheme of encrypted communications is a hybrid encryption
To fetch a notification you must listen for all his actions (you anyway listen them if you follow) discarding all that does not include your unique ephemeral id
If your addressee is interested in communicating with your, he/she extracts your public key -> ecdh -> shared secret (unmasks url) -> unique id (will be different) -> notify you.
And then notify your addressee with a tip and unique id with masked (using shared secret -> derived encryption key) url to a web server with signed message.
You fetch your addressee's transaction directly from the blockchain (spv or full node), extract public key, do ecdh with your private key, derive shared secret, derive unique id
To understand this protocol, imagine that you are using memo implementation as a standalone app run on very secure system.
BitcoinIsP2PC4$H If you are concerned that your private key is hosted on memo, then simply don't use web implementations.
BitcoinIsP2PC4$H The server in the scheme above is not involved in a handshake. The "handshake" is non-interactive, thus you only need to fetch your addressee's public key from tx
BitcoinIsP2PC4$H >Maybe we could implement onchain ECDH handshake? -> I am not sure whether you understand what I propose.
The Memo statistics are much more addictive than price charts. Just try it
https://temo.cash. When is the next spike? 📈
@hillaryclinton memo is already a Keybase on steroids. Except identities are not unique. So Memo on Namecoin is the real Keybase lol.
You are becoming dependent on several third party key-servers etc. How will this system be better than keybase.io with their encrypted messaging service?
I am not against that, Memo is open protocol and you can associate the key right away. But I don't think this will work, pgp is a complicated setup and nobody uses it today.
there can be standalone open source memo implementations based on spv protocol where your keys are relatively safe and you do not need to use browser at all
@BitcoinIsP2PC4$H I do not think it is viable approach to design messaging protocol keeping only particular memo implementation im mind.
>I do not trust my key is safe on memo. you can initiate a contact with your addressee from different key that's kept safe, and if needed proof your memo identity with signature.
>Everything needs to be degoogled too. For example bch.gg and memo sign up will ID accounts instantly: I did not get that. what do you mean?
BitcoinIsP2PC4$H, >to avoid MITM message tampering: as long as messages are signed, the signature proves message integrity and authenticity
BitcoinIsP2PC4$H, imo it's illogical to associate additional keys if we can do everything with bitcoin keys and some smart elliptic-curve Diffie–Hellman
