Topic: There needs to be a new bitcoin address format... - page 3. (Read 3392 times)

It probably isn't different.  It's probably much the same.  I am mostly identifying the problem rather than the solution, and it's entirely conceivable that I'm not the first.

Part of it is a social problem.  People should be reluctant to send lots of BTC without a solid technological safeguard protecting them.  Our community has not yet been stunned with the painful realization that big losses can and will occur as hackers intercept and manipulate communications.  If Gavin's proposal is it, then I need to spend more time learning about it.

Interesting ideas. At this moment I wouldn't dare sending someone 1000 coins without at least confirming the last few letters of the address over the phone or through another independant channel.

Mike, how can I contact you (email preferably) to discuss the problem? I have some interesting ideas about that problem.

How (and why) is this different from the invoice/payment/receipt proposed by Gavin?

https://bitcointalksearch.org/topic/invoicespaymentsreceipts-proposal-discussion-128442

There needs to be a new bitcoin address format with the capability of self-confirming that somebody is paying a known party.  In other words, there needs to be infrastructure in place where someone can paste an address into their Bitcoin client and see a confirmation: "Confirmed, you are paying Rocky Mountain Power Company", a confirmation based on cryptography and public key infrastructure.

Why?  Two big reasons.  One, the majority hasn't foreseen this, but it's only a matter of time before someone compromises some key Bitcoin website and causes it to display bogus deposit addresses, thereby stealing bitcoins.  If that happened to MtGox or BitPay, the entire market would be spooked again.  If in June 2011 people were slapped in the face with "OMG bitcoins can be stolen from my hard drive", it's possible that in June 2013, people will be slapped in the face with "OMG you can never trust whether an address you see is really paying the person you think you're paying".

The second big reason is that it would lead to features that will build credibility with the legitimate business world.  If one could download a "walled garden" Bitcoin client that was designed to only pay addresses that could be traced to their recipients via PKI, or else pay individuals after going through a bunch of warnings of the "are you really really sure this is who you're paying?" type... such a client would do very well with a very large segment of the population.

When I see an order come through on my Casascius Coins website and it's like 1000 BTC or something, I cringe and tell myself, "I hope I haven't been hacked and that the customer wasn't given a hacker's payment address".  Sometimes I will run and look at block chain and a printed list with the addresses only, and make sure I actually own the address that was paid, I'm that paranoid.  Meanwhile, somebody ought to be cringing at the prospect of sending 1000 BTC trusting the web site is secure and all... perhaps it ought to be common knowledge to verify a payment address a 2nd way, such as a telephone call or a signed PGP message.  Ideally their client should be smart enough to either say "You're paying Casascius" or "I don't know who you're paying, so you better be sure about this!"