Make payment addresses extensible. fixes #1344

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -2283,7 +2283,7 @@ $\AuthPublic$ is a $\SHAName$ output.
 $\TransmitPublic$ is a \changed{Bern2006} public key, for use with the
 encryption scheme defined in \crossref{inband}.
 
-The raw encoding of a \paymentAddress consists of:
+The raw encoding of a \paymentAddress starts with:
 
 \begin{equation*}
 \begin{bytefield}[bitwidth=0.07em]{520}
@@ -2308,6 +2308,12 @@ The raw encoding of a \paymentAddress consists of:
         normal encoding of a Curve25519 public key \cite{Bern2006}}.
 \end{itemize}
 
+To allow for future extensions, when reading the raw encoding, up to 66
+additional bytes after the fields defined above \MUST be accepted and stored
+with the address, but otherwise ignored. In this version of the protocol there
+is no defined meaning for these additional bytes, and so they \MUST be omitted
+when an address is generated.
+
 \nsubsubsection{Spending Keys}
 
 A \spendingKey consists of $\AuthPrivate$, which is a sequence of \changed{252} bits.
@@ -3276,6 +3282,13 @@ The errors in the proof of Ledger Indistinguishability mentioned in
 
 \nsection{Change history}
 
+\subparagraph{2016.0-beta-1.2}
+
+\begin{itemize}
+    \item Allow up to 66 ignored but retained bytes after the raw encoding
+          of a payment address, to support extensibility.
+\end{itemize}
+
 \subparagraph{2016.0-beta-1.1}
 
 \begin{itemize}