Sorry for the confusion.


Here a little clearer, hopefully:

2-of-3 Multi-Sig-Setup Alice and Bob

Alice and Bob share the physical devices Trezor1, TrezorT and LedgerS.

But, Alice and Bob have different passphrases, in order to have different xpub's.

That means:

House: There's a Trezor1, its recovery seed and two passphrases, Passphrase_Alice and Passphrase_Bob.
Vacation Home: There's a Ledger, its recovery seed and two passphrases, Passphrase_Alice and Passphrase_Bob.
Safe Deposit Box: There's a TrezorT, its recovery seed and two passphrases, Passphrase_Alice and Passphrase_Bob.

The passphrases are per person the same across locations, but different for Alice and Bob, in order for them to have logically different wallets.

3-of-4

Too little redundancy, that's out.



3-of-5

Charlie creates the following wallets:

Trezor1 using its seed and the passphrase "Passphrase_Charlie" (substituted for an actual strong passphrase, of course)

TrezorT using its seed and the passphrase "Passphrase_Charlie" (same as with the Trezor1, but the seed is different, hence different wallet)

LedgerS using its seed and the passphrase "Passphrase_Charlie" (same as with the Trezor1, but the seed is different, hence different wallet)

Electrum_Seed_Brain: An Electrum wallet to which he remembers the seed, but also writes the seed on paper.

Electrum_Seed_GFM: Another Electrum wallet, but the seed is encrypted using Passphrase_GFM. It's intended to be sent out using GMail's scheduled sending and FinalMessage.io.

Additionally, he calculates the sha256sum of Electrum_Seed_Brain and uses that hex-string as the passphrase to encrypt the seed of TrezorT.


Locations:

Home:
  * Trezor1 and Passphrase_Charlie
  * Passphrase_GFM
  * encrypted TrezorT-Seed, using sha256sum of Electrum_Seed_Brain

Safe-Deposit-Box:
  * TrezorT, Passphrase_Charlie
  * Electrum_Seed_Brain.
  * Passphrase_GFM
So here are 2 of the 5 wallet seeds needed.

Vacation Home
  * LedgerS and Passphrase_Charlie
  * Passphrase_GFM
  * encrypted TrezorT-Seed, using sha256sum of Electrum_Seed_Brain

He then uploads the encrypted Electrum_Seed_GFM to FinalMessage.io and GMail.

And he remembers the seed to Electrum_Seed_Brain.

How can Charlie lose his bitcoins? Ideally, a 3-of-5 should survive the loss of 2 seeds.



If he loses:

Home & Safe-Deposit-Box: He still has vacation home, he hopes that FinalMessage.io and GMail deliver the encrypted seed of Electrum_Seed_GFM, so that's 2 and now he has to remember the brain-wallet Electrum_Seed_Brain, that's 3 out of 5. Actually it's 4, because with the brain-wallet he can recreate TrezorT of the now gone Safe-Deposit-Box too.

(Uppercase OR and AND are to be understood in the logical sense, not in the colloquial)

Dependency: He's dependent on (FinalMessage.io OR GMail) AND brain.



If he loses:

Home & Vacation-Home: He still has Safe-Deposit-Box, that's 2 seeds and now has to hope that FinalMessage.io OR Gmail delivers.

Dependency: Safe-Deposit-Box AND (FinalMessage OR Gmail). A little better than before, because at least he's not dependent on his brain.


If he loses:

Vacation-Home and Safe-Deposit-Box: Same as "Home & Safe-Deposit-Box".


If he loses:

Brain and Safe-Deposit-Box (i.e. death): Trezor1 at home, plus LedgerS in Vacation Home, plus FinalMessage OR Gmail.

Dependency: Home AND Vacation-Home AND (FinalMessage OR Gmail)


If he loses:

Brain and something else, except Safe-Deposit-Box (i.e. forgot brain-wallet): Trezor1 at Home, TrezorT in Safe-Deposit-Box, LedgerS in Vacation-Home, also Brain-Wallet backed up in Safe-Deposit-Box.

Dependency: Only physical locations.


If he loses:

FinalMessage.io and GMail (i.e. they don't deliver for whatever reason): Trezor1 at Home, LedgerS in Vacation-Home.

Now his relatives are fucked, if they don't get the content of the Safe-Deposit-Box.

This might be a problem.