One of the goals for NIP 17 was to not require separate datastores. You can just save the decrypted events in the store the client already uses. It's much easier. I would suggest doing the same on MLS.
Discussion
Makes sense, but that basically guarantees that those events are insecurely treated by clients. My method doesn't make it inherently more secure but it certainly makes it easier to make it more secure...
Why does it guarantee insecurity? Clients have to store events privately already (many use hardware-kept keys), so I don't think the extra encryption from MLS payloads will make a difference. Plus, chat screens tend to require lots of secondary cache/storage to make sure screens load fast, like the last message of each person to build the chat's home screen, pre-parsing markdown/quotes into their own cache, etc. There is no way the protocol can protect from a lousy client.
Yeah. I came to the same conclusion. But I still don’t know if I’m going to add group metadata to the events themselves.
“We kill based on metadata”
In any case, there are other ways to keep pointers to the right events around if you need.
Since everything is unsigned anyway the client can inject extra tags in the event after decrypting and before storing it for that purpose, no? Is that what you mean?
Yep, or the event already comes with the group id... But since it is unsigned, the client can fix stuff up or add more notes.