Paying to a non-existing account

[dappelt]

The readme says:

Once the receiver has accumulated settleThreshold drops, (by default 1000 drops if the account exists, or 25 XRP if it doesn't), this plugin will trigger an XRP payment to that address.

Why do you accept payments for non-existing accounts? I assume the reason that the settleThreshold for non-existing accounts is 25 XRP is that the plugin creates the XRP address for the user, right? The problem with creating accounts in the name of a receiver is that the plugin knows the secret key for the XRP address and, thus, full control over the account.

Wouldn't it be better to ping the receiver via a BTP message and tell him "Hey, I got funds for you. Please create an XRP address and send it to me."

[sharafian]

The problem with creating accounts in the name of a receiver is that the plugin knows the secret key for the XRP address and, thus, full control over the account.

You don't need the secret key to create an account. The receiver would generate a key pair on their own machine, and use the XRP address to authenticate to Siren. At this point the XRP account does not yet exist. When 25 XRP is accumulated, Siren pays out to the XRP address. Now the XRP account exists on the ledger and the receiver possesses the only copy of the secret key.

[dappelt]

Correct. As long as the receiver generates the secret all is fine.

[sharafian]

Should we close this issue or was there a different part that I missed?