On 11/17/2014 06:20 AM, Adam Back wrote:
> b) backup: the blockchain is not an efficient reliable generic backup
> mechanism because its broadcast.  there are cheaper and relatively
> simple ways to get end2end secure backup, the main challenge of which
> is having secure keys and not forgetting them.  bitcoin already has
> that covered as its a central requirement of blockchain security.  If
> you want to archive your payment protocol receipts store them on some
> cloud storage service or disk encrypted with related keys.  for
> example tahoe-lafs is optimised for the decentralised long-term
> storage kind of use.
>
This is my main concern in the context of stealth addresses. I intend to
start a larger discussion on stealth addresses, but I wont hijack the
tread.

Of course it's easy to send the necessary data out of band as opposed to
OP_RETURN. The problem is if you do that the transaction cannot not be
recovered from seed. We've been fairly successful in transitioning to HD
wallets and avoiding the need to make regular wallet backups.

If users wishes to use stealth addresses with out of band communication,
the benefits of HD would largely be lost and they would be back to
making regular backups ― this time after /every/ transaction rather than
every 100.

There are only a couple options in such cases:

1) The user could send the payment to an addresses that is derived from
seed, but now you're using even /more/ storage space than you would by
just using OP_RETURN.

2) The user can backup after every transaction, which nobody wants to do.

3) The user could use some form of a cloud backup service and place
trust in them that their servers wont go down and lose their coins.

None of those options are really that appealing. OP_RETURN seems like
the best alternative to me, at least for that use case.