Bringing this back from the dead for something slightly related I am brain-storming. If I understand this correctly, two separate devices can generate a ECDSA public key without ever knowing the full private key. The security problem arises when one needs to actually utilize the private key, correct?
Um, no not quite. What Gavin was talking about here is a form of two factor authentication, as applied to how the bitcoin system works. Roughly what is being suggested is that one device is creating the transaction according to what it knows about the spender's wallet.dat file, less the private keys that go with the addresses that contain value; and the second device's job is simply to securely hold the private keys, and sign the transaction with the correct keys when presented with a verifiable transaction and proper authorizasion from a human being. But the second device does not have access to the transaction inputs in the wallet.dat file, and therefore couldn't create a valid transaction on it's own.
Actually, that's not quite right. What I've described above is a split wallet.dat system, which can be done now; but what Gavin is suggesting is the development of a new kind of address that, even if the second device is compromised and the private keys stolen, the funds cannot be moved without access to the first device. Currently, a split wallet.dat system is employed by a couple of light android clients (such as Mycelium) to permit a server to hold the wallet.dat while the actual private keys are kept on the android phone. When the user, from the android phone, initiates a transaction; the server creates the transaction and then sends it to the device for signing by the user's phone. This protects the user's funds both from a hacker tricking the server into thinking that they are the user's phone and from similar server ended theft/fraud, but the user's funds are still at risk if the phone is stolen. 'Split addresses' would permit two factor transaction signing, requiring both access to the user's phone, and another of the user's devices; so that the attacker would require both devices to agree. This may not be useful for most people, since if someone is mugged of their phone they are likely mugged of any devices that they possess at the time. But the second device could be as simple as a bluetooth only device that must be within range of the cell phone, with a keypad to enter a code upon POS. Or it could be the user's home pc, that can be set to remain open (within limits, say a max BTC per day rule) for a full day or week, so that if the user's phone is stolen, the amount at risk is limited to what can be taken before the home PC client can be stopped. Either device could be backed up as well.