Proposals which reduce security
"Difficulty adjustment should adapt to sudden hashrate loss"
It's really hard to construct general proofs, but I believe that _all_ such schemes substantially reduce the cost of performing forged chain attacks against isolated nodes. I gave an argument of this here, assuming a particular decrease handling improvement: 
Beyond those problems schemes with asymmetric difficulty creates non-linearities which make it profitable for miners as a group to game the system: e.g. turn off until it falls fast, then turn on until it catches back up. The current mostly linear system doesn't enable this even if the miners conspire.
One of my concerns about this page is that lots of ideas sound just fantastic until you consider their costs, or sound great so long as you don't mind their particular costs. Because these changes must be adopted by consensus and because people evaluate costs differently it's hard to find things that win the cost/benefit analysis for almost everyone.
In my opinion, the drop risk is inconsequential: Having the average txn time go to 20 minutes for a month isn't really a big deal... and if there is a bigger drop then the slow txn processing time will be the least of our problems. The costs here are not speculative, altchains with "improved" difficulty adjustments have been exploited several times. The benefit is purely speculative and primarily matters only if bitcoin is already failing.
Perhaps we should change the page to tabular layout so that we can link to for and against arguments for features where ones exist? --Gmaxwell 19:59, 4 January 2012 (GMT)
- And yet another variant of this: * Replace the 10 minute block finding target with a dynamic target decided by the market . This one misses that the interblock time is important for convergence, also a naive implementation would change the payout schedule. --Gmaxwell (talk) 03:03, 28 July 2012 (GMT)
Trying to eliminate hard-coded time parameters means working in the "Partially Synchronous" communications model . It's also equivalent to building a "partition tolerant" system in the sense of P in the CAP theorem. This is a difficult problem, and most proposed solutions to it are going to be broken. Still it's a fundamental goal, and it deserves its own section in the wishlist. --Amiller (talk) 08:46, 9 August 2012 (GMT)
I've removed this suggestion:
- Add a few new opcodes called OP_FAILn or repurpose them from OP_NOPn. These would immediately fail a transaction, and like OP_NOPn, would be available as new opcodes for future purposes, but without the burden of old clients dangerously understanding them as "do nothing".
Because it's idiotic. You could already use undefined opcodes for this— but even that is stupid, the reason the the OP_NOPs are useful for futureproofing is specifically because they pass. The fact that they pass is what enables you to run a mixed network. If you use an opcode that always fails for old nodes as an extension mechanism the instant that it gets mined the network forks. --Gmaxwell 17:13, 19 February 2012 (GMT)
Removed 'Proof of Stake'
As non-viable due to being economically significant. --Gmaxwell 14:42, 12 March 2012 (GMT)
Economic theory unambiguously indicates that the current protocol will fail eventually. It will need to be changed either before or when this happens. A proof-of-stake system is likely the only viable long-term solution. Preparing for a forseeable problem is only prudent. --Cunicula 7 April 2012
Merkle trees, lite clients, coinbase commitments, UTXOs
There have been at least four generations now of essentially the same proposal. I just added etotheipi's and DiThi's. The language for them has changed has many times. Should this be consolidated somewhere else? For what it's worth, I now prefer "hash graph" as the general term including chains, trees, and skiplists. --Amiller (talk) 08:37, 9 August 2012 (GMT)
As roughly sketched in the proposal bullet, this proposes some kind of new blockchain transaction-like directive to indicate permanent retirement of an old key and by-rule delegation of outputs to a new key. (This could solve some usability problems with prominently-advertised, but then lost or compromised, or suspected-compromised, keys.)
This new categorical directive would not be understood by older nodes/mining software, so they'd reject blocks containing the directive. Even if it could be crafted to be ignored by older nodes... they'd then accept transactions/blocks which spend outputs from the 'dead' key according to old rules, leaving contradictory info in the shared chain. Thus as far as I can tell, to work this feature requires a hard fork. Of course, if there's a way to implement the same benefit in a compatible way, I'd appreciate hearing about it here on the talk page or elsewhere on the wiki. WargeGeoshington (talk) 10:52, 13 June 2013 (GMT)
- Something like this really makes sense as a higher level of abstraction - part of a merged-mined timestamp block, for example. Clients would just consult this database for forwarding information when sending, and use the output for the new destination instead. It doesn't need to involve miners or other nodes at all. Even if you wanted miners to block sending to the forwarded output, that would be at most a soft-fork (making something formerly legal, now illegal). BUT, since addresses are single-use, I'm not sure it makes sense to do this at the address level at all - and it's effectively "default" in the payment protocol. --Luke-jr (talk) 19:11, 13 June 2013 (GMT)