From 37a35b5565d5e56d46163872d992a8c0e80538bb Mon Sep 17 00:00:00 2001
From: Justus Ranvier <justusranvier@riseup.net>
Date: Tue, 19 Apr 2016 13:03:13 -0500
Subject: add recommended handling for notification tx change outputs

---
 bip-0047.mediawiki | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'bip-0047.mediawiki')

diff --git a/bip-0047.mediawiki b/bip-0047.mediawiki
index 248fabc..3f4f6eb 100644
--- a/bip-0047.mediawiki
+++ b/bip-0047.mediawiki
@@ -194,6 +194,17 @@ Alice SHOULD use an input script in one of the following standard forms to expos
 
 Compatible wallets MAY provide a method for a user to manually specify the public key associated with a notification transaction in order to recover payment codes sent via non-standard notification transactions.
 
+=====Post-Notification Privacy Considerations=====
+
+Incautious handling of change outputs from notification transactions may cause unintended loss of privacy.
+
+The recipient of a transaction which spends a change output from a prior notification transaction will learn about the potential connection between the sender and the recipient of the notification transaction.
+
+The following actions are recommended to reduce this risk:
+
+* Wallets which support mixing SHOULD mix change outputs from notification transactions prior to spending them
+* Wallets which do not support mixing MAY simulate mixing by creating a transaction which spends the change output to the next external BIP44 address
+
 ====Sending====
 
 # Each time Alice wants to initiate a transaction to Bob, Alice derives a unique P2PKH address for the transaction using ECDH follows:
-- 
cgit v1.2.3