Take this with a grain of salt. I'm no expert. However: I'd guess that no applications (besides the secure nexus) would have access to your "list of doggie names", just the ability to display it. The list just indicates that you are seeing a window from one of your partitioned and verified applications. I would also assume the window would get decorated with the name of the trusted application (not just your secret list). Thus you only need a single secret list to handle all of your "authorized" applications. -AdamL On Mon, 2003-06-09 at 22:00, Nomen Nescio wrote: <snip>
I don't see how this is going to work. The concept seems to assume that there is a distinction between "trusted" and "untrusted" programs. But in the NGSCB architecture, Nexus Computing Agents (NCAs) can be written by anyone. If you've loaded a Trojan application onto your machine, it can create an NCA, which would presumably be eligible to put up a "trusted" window.
So either you have to configure a different list of doggie names for every NCA (one for your banking program, one for Media Player, one for each online game you play, etc.), or else each NCA gets access to your Secret Master List of Doggie Names. The first possibility is unmanageable and the second means that the trustedness of the window is meaningless.
So what good is this? What problem does it solve? -- Adam Lydick <adam.lydick@verizon.net>