Hello Jonas, thanks for your efforts of writing the draft for the standard. First, this only describes detached signing. A wallet also needs to connect with a hardware wallet at some time to learn the xpubs controlled by the hardware. Do you plan to have this in a separate standard or should this also be included here? Basically one needs one operation: get xpub for an HD path. From a first read over the specification I found the following points missing, that a fully checking hardware wallet needs to know: - the amount spent by each input (necessary for segwit). - the full serialized input transactions (without witness informations) to prove that the amount really matches (this is not necessary for segwit) - the position of the change output and its HD Path (to verify that it really is a change output). - For multisig change addresses, there are more extensive checks necessary: All inputs must be multisig addresses signed with public keys derived from the same set of xpubs as the change address and use the same "m of n" scheme. So for multisig inputs and multisig change address the standard should allow to give the parent xpubs of the other public keys and their derivation paths. It is also a bit ambiguous what the "inputscript" is especially for p2sh transactions. Is this always the scriptPubKey of the transaction output that is spent by this input? For p2wsh nested in BIP16 p2sh transactions there are three scripts witness: 0 <1 2 CHECKMULTISIG> scriptSig: <0 <32-byte-hash>> (0x220020{32-byte-hash}) scriptPubKey: HASH160 <20-byte-hash> EQUAL (0xA914{20-byte-hash}87) (quoted from BIP-141). In principle one could put witness and scriptSig (with "OP_FALSE" in places of the signatures) in the raw transaction and make inputscript always the scriptPubKey of the corresponding output. Then one also doesn't need to distinguish between p2pkh or p2sh or p2wpkh or "p2wpkh nested in bip16 p2sh" transactions. Regards, Jochen