all events have a MAC in fact, the presence of it in NIP-44 is redundant, that's what the event signature is
it doesn't have to authenticate on the plaintext after you decrypt it, if you already certified the ciphertext
this is another retarded element of nip-44
But I still can't know if the decrypted plaintext is correct. That's what I'm saying. The signature tells me nothing about the plaintext
yes, this is correct, you would have to have a sentinel to enable this, the first byte even it could be, or maybe better first 4 bytes to eliminate the chances of decrypting the same by both
also, yes, you don't need that bit for signature verification, that's one of the neat things about Schnorr signatures
but it does not apply to ECDH
two points though
one, having to decrypt the whole message and then discover you need to flip the bit is wasteful of computation and time
two, it still doesn't fix the problem of two 3 key users with software imputing 2 keys
