Send with attestation and send to attestation, MVP use-case of attestation

Let's say the problem that needs to be solved here is to send someone a token without knowing his Ethereum address. There are only 2 methods that I can see.

By passing secrets

In LinkDrop model, it's assumed that there is a secure (confidential) way to deliver the link to the end-user and that opening the link in a browser does not leak the link. These assumptions I think is a bit overconfident since there are multiple points of potential leaks:

  • Android/iOS's leak through link handling.
  • If a link is sent by email, the Email software which may have a link redirector.
  • The web server that opens the link has to be secured, or the log leaks.

There are ways to amend it (e.g. send the LinkDrop link in 2 sections separately).

Generally speaking, it's not good to make a security assumption that is different than other IT systems. In many IT systems, link itself is not treated as secret.

By an identifier

Instead of "anyone who can see the link" this is directed to the recipient with an attestable identifier.

Alice (the sender) has to know something of Bob that bob can proof. This is a typical flow in other tokenisation cases (hence reuse value if made into a framework).