I read robustness-principles-for-public-key-protocols.pdf. It has some good advice, but I don't really think that avoiding a list of "don'ts" is a great way to design protocols. It also suggets things like, use a hash before signing so that your signature algorithm cannot interact with your message. These days, all the libraries do that for you.