Perhaps the UI just isn't expressive enough currently to expose this situation in any way, let alone reliably alert the user to the issue, because there's no way for the payment processor to get authenticated fields other than memo into the UI.

I think for now as long as payment processors include the merchant name in the memo, that's good - as long as hardware devices or second factor wallets display the memo as well! Trezor has a small screen, I don't know how feasible displaying the whole memo is there though - hence an interest in something better. For now we can probably muddle through.

A poor solution: If the UI included some sort of certificate viewer, even just tied to the OS certificate viewer, and made the cert available for inspection, at least the merchant would have a chance to put some fields in there which a very advanced user might actually find.

Not really interested in solutions that only help very advanced users. Besides, my understanding is that most PKI CA's will not sign certs that include arbitrary data they don't understand for I guess the obvious security reasons (generally signing things you don't understand is a bad idea). But I've never actually tried it.

We don't want anyone to have to go back to their CA anyway, especially not with special requests.