If it protects the user against a backdoor hidden deep in some fringe dependency, maybe "we" want anti-klepto.

Isn't it marvelous that the deterministic nature of Bitcoin can let a companion app verify a hardware wallet is following the protocol in a non-leaking way? I find this unbelievable and would want that for my hardware wallet to sleep sound at night, knowing that nobody can exfiltrate keys. No supplier. No library provider. No engineer around me. Not even with a gun to their head they could succeed. 

 The hyperbolic recommendations being made in some of the original posts… what is stopping ColdCard from adding this probable random capability?

Hardware limitation, or just developer hours? 

 Those posts Aside*** 

 Lack of standards and transport, we will not expose people to USB risk for this. This to use PSBTs. 

 It's minimal additional data that fits comfortably into your BBQRs. Why bring up USB here? 

 The current spec used for this protocol is over usb and custom hwi.

Ideally there would be an extra field on PSBT. And the clients would include in it. We would taken take it and sign it. And to feel comfortable I want to see core with a proposed implementation of the client side. 

Messing with nonces is dangerous as fuck. 

 Makes sense, USB is a cluster fuck.

I don’t get it then… how is BitBox claiming to do this securely? 

 They claim airgap is bad or something 😂 

 Who will write the standard if not you or your peers? 

 Core tends to lead the way on these things, there is no Core support for it. 

 "Core" is not an entity you should ever be waiting for. If you were serious about this, you would sponsor somebody writing a BIP. Can't be that hard to spec this out.