Feel free to offer better padding. Padding was discussed at length before and after nip44 and directly audited by the firm. No one has proposed anything better yet. I strongly disagree with your "zero risk of plain text attack". There are folks here, with money, whose sole goal is to break our encryption.

the public leak is because relays are not implementing auth and until recently almost no clients did either this is a really small change that prevents this leaking, the main threat users can control their use of relays and if it is discovered a relay is run by spooks, then people can avoid it it's not rocket science... don't allow access to DMs without auth. end of. making complicated obfuscation schemes are not going to help, because "giftwrap" just means the receiver is mentioned not the sender how does a client migrate this data across to other clients the user is using if they then have to literally search for other people's DMs that *might* have been sent by them you really need to think a lot more about what the actual problems are instead of wrapping it in more and more complicated encryption schemes