On Mon, Mar 10, 2008 at 07:03:48PM -0400, Bill Sommerfeld wrote: > On Mon, 2008-03-10 at 15:11 -0500, Brian Cameron wrote: > > My understanding is that to provide Trusted Path, you need to remove > > the possibility for anybody to snoop, modify, affect, etc. the > > password that the user enters. > > while that part's important, there's another aspect which is more > important: > > you also need a mechanism for the user to be able to tell when & where > the trusted path is active that can't be spoofed by any other > application.
Yup. Secure attention keys is one possibility. Another is to steal enough pixels from the display to always have a border that is indicative of what the current context is. Secure attention keys are what Windows (and probably others) implement. I think I'd like to have both, or an option for both.
