Also there is a rather short limit to the longest transaction it can sign. That makes its functionality for doing things like signing contracts limited. I suppose you could make a hash of a contract and sign that hash though. Probably worth it for the security that you would gain from using a trezor instead of keeping the keys to your online identity on a computer. I wonder if people will be able to to get used to and accept signing a hash of a contract rather than signing the contract its self.
That's normally how signing works (with PGP, and I assume with other systems as well). Does signing a message with a Bitcoin private key not create a hash of the message as an intermediate step? Or is the Trezor implementation missing that? Is there a specification for how message signing and verification should be done?
That is a question for someone smarter than myself. All i am sure of is that i tried to sign a message that was more than a paragraph or two long and it refused. Presumably because it does not have enough ram on the devise to load a longer message and perform all of its internal calculations. if you are correct and the normal procedure in pgp is to create a hash and sign that, than perhaps they could make it so that mytrezor.com could create the hash browser side and send that to the trezor to sign.