On the scalability issues of onboarding millions of LN mobile clients

Keagan McClelland expressed the need for an interface between a peer interface and an owner interface, which could limit exposure while serving bip157 filters without removing the ability to use those services. FullyNoded2 is a multisig wallet on iOS and Mac that communicates with a personal node over RPC, using Tor over a hidden onion service and two-way client authentication. The app serves as an interface between a personal full node and a user, but the team wishes that the full RPC functionality was not exposed in Bitcoin-core. They propose a cryptographic capability mechanism that would allow remote wallets to only request node functions they need, with additional authorization required for rarer services. This should apply both ways, from a minimum subset needed for watch-only transaction verification to things RPC cannot do, such as deleting a wallet or changing bitcoin.conf parameters. Blockchain Commons is interested in hosting proposals for defining different sets of wallet functionality, which could later inform proposals for the future of core wallet functionality as it gets refactored.