To Kjj, I accept all of your points but as the only one who does not want to change I hope you will accept my right to say that. It does seem that you think multi sig is the way to go and that also reflects gavins point in his original post but in his case I think "everyone agrees" means the three main developers. Has he asked every one on the bitcoin network (he could there is a way to vote). As a non techie (I know that negates my position) it has been shown that multisig is already in the os program but not used due to bugs. So future development and alternative branches are not ruled out. Also I may seem paranoid to you but I am english and here the police have just trawled millions of phone calls and e-mails stored from the last few years to arrest Sun journalists for phone hacking. Eventually (my main point) it was yourself who outlined in step by step how a multi sig would work and it looks difficult (to me) and time consuming defeating the speed of current transactions. So please put my mind at rest and do it again for someone like me, an average user who has no mobile, access to only one personal computer and here in the uk internet cafe's are rare and the public library controls access to its database? reg.
I think that the universe of bitcoin users can be divided into two groups: those that want multisignature capabilities and know it, and those that want it, but don't know it. I'm pretty sure that you are in the second group, even if you think you are in a third group, those that are aware of multi-sig, and really don't want it. I really, truly believe that you do want it but don't know that you want it, but it isn't something that I'm willing to argue about.
The example using the mobile phone is pretty common. I have no idea who first came up with it, but I fleshed it out in detail showing one possible
way that it really could work in real life. But there are other ways to do it. Most of the other ways to do it haven't even been invented yet, so I have no idea what they will be.
If we want, we can abstract my mobile phone example back a step or two, and come up with something less specific, but still clear (I hope).
Step 1, I tell my client to send 5 coins to address XYZ.
Step 2, my client creates that transaction, signs it with the key it has, then sends it to my wallet service.
Step 3, my wallet service looks up my policy preferences, and since the transaction is more than 2 BTC but less than 10 BTC (my policy), it invokes a verification step. The verification step involves either me contacting the service, or the service contacting me, using some communication channel other than the one used to communicate the transaction. This could be a text message on a cell phone, a regular phone call, a personal visit to the local branch office, a telegram, a website, email, a USENET post, snail mail, smoke signals, carrier pigeon, semaphores, chalk marks on mailboxes, etc. This will be either a little bit slower (SMS) or a lot slower (chalk marks). You will customize your policy preferences to balance your desires for speed and safety.
Step 4, the communication involves some means of mutual verification, such as challenge-response, code words, photo identification verification, etc.
Step 5, if I am satisfied that I am talking to my service, and they are satisfied that they are talking to me, I can approve or recant the previously sent transaction. If approved, they countersign using their key.
Step 6, my wallet service now sends my double-signed 2-of-2 key transaction out to the bitcoin network.
Step 7, the bitcoin network checks that the two signatures on this transaction match the P2SH signature that was provided earlier, and the BTC shows up in the vendor's wallet.
This is a basic model that has already been invented, and in the abstract sense is actively used all around the world every day. The specifics can be adapted in many ways to meet different needs while still keeping some essential features and characteristics. Other models may also work that accomplish the same goals.
And I want to stress two important things that I think are easy to overlook in this discussion.
First, no one can force you to use multisignature systems. Even if there was a proposal to modify the network to totally disallow single signature transactions (a change which would be approved by pretty much no one at all), it would be trivial to be your own verification service. Your computer would run bitcoin, and also run a second program just to approve them. This could either be automatic or manual. If automatic, it would be exactly the same as what everyone is using now, as far as they are concerned.
And second, bip16/bip17 are totally not about whether multi-sig is good or not, or will be included or not. They are about how
multi-sig will work behind the scenes.