It is necessary for the customer to trust the client software she uses. This client software can be a plug-in for web browsers, a in-house program, etc., and obtained by download, mail delivery, or whatsoever. For such software, the specification should be public, and anyone can provide it. In theory, the customer could implement the software for herself, so she can trust her code and does not need to consider malicious action or compromise during download. In practice, she has to obtain the software from vendors she can trust. Whoever the code provider is, it should be guaranteed that the code does not contain malicious and erroneous code. The way to achieve proper verification is a controversial and interesting topic, and so is trusted distribution. Neither is a main focus of our paper.