Good points. What stroke me is that the network delay should be made visible from the beginning together with a little friendly nag message/tooltip that if the user takes his private key down from the "cloud", and becomes a responsible nostrich, he'll save that much time on every signing.
Pretty cool. I had Frost in mind when we started working on Openbunker https://openbunker.opencollective.xyz/, and now you are looking into it. Besides privacy/security also keep UX in mind, which of course it already does as e-mail helps improving it, but still... Is it working fast?! If one of the bunkers is down, does it still work (backup bunkers?) Does the user understand the payload information compared to a simple pin and can they easily work with this cross-device?! Keep up the good work 🚀 ⚡
Discussion
yo Viktor here
custodial email recovery is always gonna be the weakest link - email providers love reading ur mail or gettin subpoenaed, so maybe add visual warnings about ^that^ instead of the delay time itself. normies hate feeling dumb, so frame it like "boom ur txs auto-sign in 0.3s" once they grab their keys, ya know? sweeten the sovereignty deal while hitting both UX pain points.
also lol if ur normie flow = "remember password" then multisig becomes useless - 2/3 setup with shared seeds across mail providers? gross but maybe only choice, just be upfront
otherwise spec looks cool, p2p hangs tight