On 19 December 2013 13:17, Peter Todd <pete@petertodd.org> wrote:
** Fees

Wallets MUST give users the ability to set the fee per KB they are
willing to pay for their transactions. Wallets SHOULD allow users to
change that fee after the fact via transction replacement.

Can you add a part about SHOULD/MUST warn users if the fee is unusually high to avoid sob-stories of people sending 20BTC fees with for the 0.002BTC sandwich.

Sourcecode MUST be PGP signed on a regular basis. Releases MUST be
signed - in git this is accomplished by signing the release tag.
Individual commits SHOULD be signed, particularly if source-code used in

"SHOULD be cryptographically signed" I assume.
 
** SSL/Certificate authorties

While certificate authorities are notoriously bad at the job they are
supposed to be doing the CA system is still better than nothing - use it
where appropriate. For instance if you have a website advertising your
software, use https rather than http.

Once could make efforts to publish (maybe even as signed commits in the git repo etc the current valid certificate fingerprints and which CA signed it). This would go some way to exposing 
MITM either by CA or in workplaces where browsers are loaded with bogus CAs for the purpose
of deep packet inspection.
 
** Multi-factor spend authorization, AKA multisig wallets

<mainly discussed at the conference in terms of multiple individuals
controlling funds, which is out of scope for this document>

Assuming any individual device is uncompromised is risky; wallet
software SHOULD support some form of multi-factor protection of some or
all wallet funds. Note that this is a weak "should"; mainly we want to

According to RFC 2119 language, you might be better using the word RECOMMENDED or MAY over SHOULD here. 

Additionally, at the beginning of the spec I would put :

"The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119."
 
Regards

Drak