Hello All,
In the past, discussions around how to securely store/use/setup PSBT's have been decided as out of scope for BIP 174 - "it is not a specification of how hardware wallets should behave, it is a description of a data structure and the abstract workflow around it"
For example, Nicolas Dorier had many concerns around a year ago during the global xpub field discussions, and Electrum Wallet devs and Sjors Provoost have had various discussions on how to coordinate multisig wallets and represent cosigners securely (1. what do cosigners need: xfp, derivation prefix, xpub, script type; 2. needs to be forward thinking: work with Musig, Lightning, Taproot, Native Descriptor Wallets, etc; 3. how do we authenticate across devices, ensure PSBT's haven't been changed en route, defend against change attacks, etc - Bob McElrath had some interesting ideas on these).
Jonathan Underwood's PSBT_GLOBAL_XPUB_SIGNATURE addition to BIP174 helps with some of these, but it is not a finalized BIP yet, and while the global xpub field is, it is not pulled into Core yet.
What do people think of the idea of expanding or creating a new, more descriptive BIP on how to securely use PSBT's?
IMO, especially since Core has been merging more PR's on the work around offline/multisig use, this has become more important.
Last time I discussed this, Glenn Willen and Luke Dashjr thought this was a good idea, with Luke offering a Bitcoin Wiki page for the short term, but that was a few months ago and I thought I would open this idea to the general community.
-Robert Spigler