On Mon, 2008-03-10 at 15:11 -0500, Brian Cameron wrote: > My understanding is that to provide Trusted Path, you need to remove > the possibility for anybody to snoop, modify, affect, etc. the > password that the user enters.
while that part's important, there's another aspect which is more
important:
you also need a mechanism for the user to be able to tell when & where
the trusted path is active that can't be spoofed by any other
application.
- Bill
