Colin,
1) This is a good start for a BIP, but it's missing details. For example,
the nonce is encrypted by the server. What key is it encrypted with?
Clarifying ambiguities like this can sometimes reveal weaknesses that you
wouldn't otherwise think of.
2) What kind of recovery questions are asked
Hi Colin
> In case the server goes rogue and starts refusing to sign, the user can use
> their userRecoveryPrivKey to send the funds anywhere they choose. Because if
> this, the userRecoveryPrivKey is best suited to cold wallet storage.
Would you then assume that userWalletPubKey is a hot key (