By the way, I noticed in the current protocol draft, that we have
a statement that says an implementation MUST support
digest authentication in HTTP. In my opinion this wording
would be better if we used SHOULD, since we have a goal
for implementers to have secure and non-secure implementations.
Also, digest (and basic auth for that matter) are not REQUIRED
in order to HTTP 1.1 "compliant" (at least thats the way I
understand it...).
Randy