On Fri, 28 Feb 2014 23:26:57 -0800, Wladimir <laanwj@gmail.com> wrote:

Such a thing would be interesting for a future BIP standard. I see one problem here: for an unsigned payment request there isn't really an "origin". Browser URI handlers don't send the referrer either.

Yeah, good point. If you have a cert, we have the CN from the cert, which becomes the string displayed as 'Pay To' and alternatively 'Merchant'.

But if there's no cert then all you have is memo.

So the best way to differentiate signed requests is by prominently displaying that Merchant string. Really the green part should just be the 'Pay To' line, the rest is content. If it showed a BLANK 'Pay To' that would make the lack of certificate highly apparent.