Any idea how the trezor could be used to sign longer messages? Like if you wanted to sign a contract that was a few pages long.

I know for maximum security you need to be able to see what you are signing on the trezor but maybe there is some reasonable middle ground for when people dont need that much security? I mean even if someone is spoofing client side the worst they could do is trick you into signing something other than what you intended. As long as it wasn't a transaction than its an acceptable risk. By tricking you in this way they wouldnt actually be getting your private key. And unless they are in such control over your computer that they are man in the middle brute force projecting pixels onto your screen, or part of some vast conspiracy, when you went to verify your signature with a third party you would immediately know you had been compromised in said relatively contained fashion.

It could be bad though if they tricked you into signing a transaction. Does anyone suppose there is a way for the trezor to be sure that, when it is signing a message that is too long to be reviewed on the trezor screen that at the very least it is signing something other than a transaction? One idea is that the trezor forces a concatination onto the end of any long message it signed. For example: signed using trezor. Any message that was being signed that ended with "signed using trezor" shouldnt be validated by the bitcoin network as a transaction. I know that transaction scripting is fairly robust in some ways but not that robust, is it?

Ok anyway that was less of a simple question and more of a stream of consciousness but thoughts?