It'd be pretty sweet to be able to include a short message with your transaction. While I guess this message would be pubically readable (i.e. in the blockchain) it'd be good for reference numbers and the like. There's no reason why this technically couldn't happen right?

The best way for the merchant is to specify a different address for each transaction known to one person only.

Something like this is possible (I've been thinking about doing it, although I have higher priority things on my TODO list):

• Sophisticated user runs a tool on her computer that, giving the bitcoin address payment was sent to and "here's a description of me or what I paid for" string.  Tool looks in the wallet.dat and figure out which keypair(s) were used to pay.  Then it does some openssl magic and exports a file that contains the string, the public keys and ECDSA signatures using the private keys of the "description of me or what I paid for" string.
• Sophisticated user uploads that file to a "Prove I Paid" website, which checks the signatures and adds info to the database.
• Unsophisticated user goes to website and pastes the receiving address.  The public key corresponding to that address is looked up, and all the "here's a description of me or what I paid for" strings for that public key are shown.

bitcointools+openssl (see grondilu's thread about "a shell-script implementation of bitcoin) are enough to do all all the public/private key, file-creation, and signature generation/checking stuff.

Ah ... got it.

I suppose the amount could be any amount (e.g., just 0.01 BTC) as long as I've emptied my wallet (down to 0 BTC) first.

This is an excellent and preferable idea before the payment is made.

Once the payment has been made, the address is part of the block chain and is no longer private.  If the amount, and/or especially the time of the transaction is known, then identifying the address is trivial.

I've argued something similar to this before and I'll start by admitting that there were holes in my argument. What I would like to see is a way to show upon transaction that the sender was me and to also allow a 3rd party to see that the payment was from me. When I say me I don't necessary mean that me should be validated by a government ID rather it should be something that some people would accept as identity. In addition, the reason why I would want this in the transaction is so that it will be difficult to show that the transaction was not made by me. For example, I could have stolen someone elses bitcoin wallet and said that I made the transaction when I didn't. I'm not necessary saying that this is the approach that should be taken. I could be completely wrong again in my argument, however I do know through a previous thread that it is possible to send data along the side of a transaction without changing the bitcoin protocol and one of the ideas that I was thinking of at the time which would support my argument was that a transaction could also include your GPG key which would then be your identity and you could prove to the receiver of the bitcoin and to any 3rd party that it was your transaction simply by signing that it was you.

Edit: Here's the topic that I was referencing
Development & Technical Discussion: Topic: How do I know who paid me?  (March 06, 2011) http://bt.irlbtc.com/view/4220.0

It would be pretty cool if the client could sign a message with your payment, an the client could verity that signature.   Don't include the message in the block chain, just send it over whatever medium you normally communicate with.

To provide a bookend to this thread, v0.5 of the Bitcoin client has as one of the features: "sign/verify a message with a wallet public/private keypair"
 - http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg00262.html

Better yet just encrypt it with the receiver's public key.  The message is in the block chain and only the person receiving the funds can see it.

Easy hack: write up a "receipt" containing whatever info you want (payer, payee, what payment is for, etc).  Hash it, turn that hash into a bitcoin address, and add that as a tiny 0.001 BTC output to the TX.

In retrospect it would have been wise for TX structure to contain a memo field, to bridge from the world where smart-contracts are possible to the rest of the world where some kind of human/out-of-band parsing is needed.