I wasn't sure where to post this, but thought Pools might be the best section for pool operators to see the suggestion (as opposed to suggesting it to a specific pool operator). I was just messing around with bitcoind and noticed this option:
signmessage <bitcoinaddress> <message>
I know several pools advocate payout locking and using PINs and the like. Seeing this option made me wonder if it wouldn't be more secure to require a new payout address to be signed by the old one. For instance, when I sign FakeNewAddress with 1B19RDfQtFNDsAa9toRWEXZbrFRZvZcET6 I get this:
So if I entered FakeNewAddress into an address field and the above into a signature field, the pool server could run this:
bitcoind verifymessage 1B19RDfQtFNDsAa9toRWEXZbrFRZvZcET6 G4Z1xAHdiqLnIY/+V5a0m3wmaTfjPUcJhlZZiwUgAx/lKlQbFvCnZpB3GxslYqNKuSb08T87obPaopN25NPRX6o= FakeNewAddress
and it should return true.
Even if it wouldn't be desirable (for instance, because the Windowns bitcoin-qt executable dosen't appear to support the walletpassphrase command, which is necessary to unlock an encrypted wallet before signing) to be required for all address changes (after the initial address input), it might be a nice optional security feature to override a 24 hour payout lock or otherwise permanent payout lock, at least for users who have their wallet stored in multiple locations.