It will be a long time before users can be trained not to type passwords into attacker-controlled dialogs -- that is definitely true.
No, no. It's a long way down the road to the chemist's. It will be _forever_ before users can be trained not to type passwords into attacker-controlled dialogs. We've been trying for decades, and some of the users in question have _been here_ for decades, and the message still hasn't gotten through.
And we'll also have passwords for a long time yet.
Again, probably forever.
DIGEST-MD5 exists, and I'd advocate its use, but currently that always results in a browser-controlled dialog that app designers hate
To a certain extent, this is too bad. For password dialogs to be safe, they _must_ be browser-controlled (or system-controlled) dialogs over which the app designers have no control. Note that virtually all of the security problems the web has today result from app designers demanding and browser vendors granting more control over the client computer than the system was designed to give them.
Just for the record, the amount of control the system was designed to give app designers over the client computer is.... zero! Every security, performance, and usability problem the Web has today can be traced to violations of that design principle.
-- Jeff
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.