Take a look at this: 📝 e23206e9… NIP-29 needs to be better explained.

Your scheme also seems to work at a first glance, but it's computationally expensive and cannot be used to do "private" groups, unless you introduce encryption, then it gets more even more complex and inefficient. I believe a similar approach was attempted at NIP-87 (which was never merged but was implemented in Coracle and somewhere else I forgot and actually used for a while). The biggest problem with it, though, is that in order to get a consistent view of who is in the group you need someone controlling it. In the most obvious scheme that would be the pubkey that created the group -- or you can come up with something else like a threshold scheme or some form of democracy, at the cost of complexity -- in any case there is always still a group of people that controls everything. In NIP-29 the group has admins, but they don't own the group. The relay enforces the admin's policies, but if a part of the members is unhappy with the administration they can fork the group and move it to another relay that will pledge to serving them, then the group can continue there. For small friends groups this isn't a concern, but it solves many issues that have happened in big Reddit communities, for example.