docs

README.md

@@ -19,6 +19,12 @@ Any nodes that relay a message to Bob will look at the envelope carrying the mes
 
 In practical terms, that means that the *private* side could be encrypted *to* Alice. Alice then decrypts the *private* key, and uses it to sign the envelope. Anyone who receives the envelope is then able to check that the signature & public key are valid together.
 
+Thinking about a social network, this means that a server would be able to see that Alice has gotten a message from someone they gave out an envelope to, nothing else. The server can not even determine the *set* of people that Alice has given envelopes to, because Alice could give out envelopes by a variety of means, like on their website, or via text message.
+
+This decoupling of messages from our application is made possilbe by including a single-use keypair in the envelope. For a different version, see [@ssc-hermes/envelope](https://github.com/ssc-hermes/envelope). There the envelope is just a signed certificate, which means that Alice would need to know ahead of time *who* they are expecting to receive messages from. Meaning you would only give out envelopes to people with a pre-existing account in the network.
+
+In this version, Alice doesn't need to know who they gave out a message to, but they can be sure that the message is legitimate. So, for example, Alice could give out an envelope to someone who doesn't yet have an account, then get a message after the new person has created an account.
+
 -------
 
 This hides information of *who is talking to whom*. A relaying node would be able to see that a message is for Bob, but the *sender* of the message could be encrypted within the message content, so the relay is not able to see *who* is sending the message to Bob.