Add minimum timeouts to MWA spec

Fixes #51

spec/spec.md

@@ -16,7 +16,13 @@ Please don't introduce unnecessary line breaks in this specification - it's diff
 
 This specification uses [semantic versioning](https://en.wikipedia.org/wiki/Software_versioning#Semantic_versioning)
 
+<<<<<<< HEAD
 **Version: 0.3.1**
+||||||| parent of 297a538 (Add minimum timeouts to MWA spec)
+**Version: 0.3.0**
+=======
+**Version: 0.3.2**
+>>>>>>> 297a538 (Add minimum timeouts to MWA spec)
 
 ## Changelog
 
@@ -26,7 +32,12 @@ This specification uses [semantic versioning](https://en.wikipedia.org/wiki/Soft
 | 0.2.0   | Updates based on wallet adapter feedback |
 | 0.2.1   | Fix a few missed pluralizations |
 | 0.3.0   | Sessions now track authorization statefully, rather than by providing `auth_token` to each [privileged method](#privileged-methods) |
+<<<<<<< HEAD
 | 0.3.1   | Enforce HTTPS for endpoint-specific URIs |
+||||||| parent of 297a538 (Add minimum timeouts to MWA spec)
+=======
+| 0.3.2   | Replace timeout placeholders with minimum timeouts |
+>>>>>>> 297a538 (Add minimum timeouts to MWA spec)
 
 # Non-normative front matter
 
@@ -133,11 +144,11 @@ where:
 
 Once the URI is opened, the dapp endpoint should attempt to connect to the local WebSocket address, `ws://localhost:<port_number>/solana-wallet`, and proceed to [Session establishment](#session-establishment).
 
-If the WebSocket transport is not available locally after X seconds, the dapp endpoint should display user guidance (e.g. download a wallet) and present the opportunity to connect to a remote wallet endpoint using one or more of the other association mechanisms.
+If the WebSocket transport is unavailable locally after no less than 30 seconds, the dapp endpoint should display user guidance (e.g. download a wallet) and optionally present the opportunity to connect to a remote wallet endpoint using one or more of the other association mechanisms.
 
 #### Android
 
-If a wallet endpoint is installed which has registered an Activity for this URI scheme and format, it will be launched. Upon launch via this URI, the wallet endpoint should start a WebSocket server on port `port_number` and begin listening for connections to `/solana-wallet` for X seconds. This websocket server should only accept connections from the localhost.
+If a wallet endpoint is installed which has registered an Activity for this URI scheme and format, it will be launched. Upon launch via this URI, the wallet endpoint should start a WebSocket server on port `port_number` and begin listening for connections to `/solana-wallet` for no less than 10 seconds. This websocket server should only accept connections from the localhost.
 
 Whether launched from a web browser or a native dapp endpoint, the Intent’s action will be [`android.intent.action.VIEW`](https://developer.android.com/reference/android/content/Intent#ACTION_VIEW) and the category will be [`android.intent.category.BROWSABLE`](https://developer.android.com/reference/android/content/Intent#CATEGORY_BROWSABLE). When launched by a web browser, no caller identity will be available, and as such, the referrer details available within the Intent cannot be used to verify the origin of the association. When launched by a native dapp endpoint, this Intent should be sent with [`startActivityForResult`](https://developer.android.com/reference/android/app/Activity#startActivityForResult(android.content.Intent,%20int)), allowing the wallet endpoint to query the caller identity. The result returned to the calling dapp endpoint is not specified.
 
@@ -165,7 +176,7 @@ where:
 
 This URI should be provided to the wallet endpoint through an out-of-band mechanism, detailed in the subsections below. Each of the dapp and wallet endpoints should attempt to connect to the WebSocket address `wss://<host_authority>/reflect?id=<reflector_unique_id>`. On connection, each endpoint should wait for the [Reflector protocol](#reflector-protocol) to signal that the counterparty endpoint has connected.
 
-The endpoints will each wait up to X seconds for reflection to commence. If it does not commence, the endpoints will disconnect and present appropriate error messages to the user.
+The dapp endpoint must wait no less than 30 seconds for reflection to commence. The wallet endpoint must wait no less than 10 seconds for reflection to commence. If it does not commence, the endpoints will disconnect and present appropriate error messages to the user.
 
 #### QR codes
 
@@ -226,7 +237,7 @@ The `HELLO_REQ` message is the first message sent after a connection is establis
 
 On receipt, the wallet endpoint should verify the signature of `Qd` using the association token. If signature verification is successful, the wallet endpoint should prepare and send a `HELLO_RSP` message to the dapp endpoint.
 
-If qd signature verification fails, if no `HELLO_REQ` message is received by the wallet endpoint within X seconds, or if a second `HELLO_REQ` message is received by the wallet endpoint at any time during the connection, all ephemeral key materials should be discarded, and the connection should be closed.
+If qd signature verification fails, if no `HELLO_REQ` message is received by the wallet endpoint within no less than 10 seconds, or if a second `HELLO_REQ` message is received by the wallet endpoint at any time during the connection, all ephemeral key materials should be discarded, and the connection should be closed.
 
 ### HELLO_RSP
 
@@ -256,7 +267,7 @@ Upon sending of the `HELLO_RSP` message by the wallet endpoint, and receipt of t
 
 Once each endpoint has calculated the ephemeral shared secret, they should proceed to providing or consuming the [Wallet RPC interface](#wallet-rpc-interface).
 
-If either public keypoint `Qd` or `Qw` is not valid, if no `HELLO_RSP` message is received by the dapp endpoint within X seconds, or if a second `HELLO_RSP` message is received by the dapp endpoint at any time during the connection, all ephemeral key materials should be discarded, and the connection should be closed.
+If either public keypoint `Qd` or `Qw` is not valid, if no `HELLO_RSP` message is received by the dapp endpoint within no less than 10 seconds, or if a second `HELLO_RSP` message is received by the dapp endpoint at any time during the connection, all ephemeral key materials should be discarded, and the connection should be closed.
 
 ## Wallet RPC interface
 
@@ -958,7 +969,7 @@ On a disconnection:
 - If the connection is part of the fully open reflections data set, the entry will be removed and the other connection closed as well
 - Otherwise, the entry for the connection will be removed from the half-open reflections data set
 
-Entries in the half open data set should be removed, and the connection closed, if still present in this set  X seconds after being added. Entries in the fully open data set should be removed, and both connections closed, if still present in this list X seconds after being added.
+Entries in the half open data set should be removed, and the connection closed, if still present in this set no less than 30 seconds after being added. Entries in the fully open data set should be removed, and both connections closed, if still present in this list no less than 90 seconds after being added.
 
 To ensure that all active connections are maintained, the reflector shall ensure that periodic [`PING`](https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.2) frames are sent to each connection.