I don't think that is what the proposed text is saying; a client
MUST *support* authentication (Digest at a minimum), so that if a
server requires authentication it can interoperate (the client does
not use authentication if the server doesn't ask for it).
Conversely, if a server supports authentication (only a SHOULD for
the server side), it MUST support Digest (at a minimum) to
interoperate with compliant clients.
Remember, most authentication systems (including HTTP Digest) require
a challenge or handshake from the server, so a client can't do any
authentication until the server says so.
-- ______________________________________________________________________ Michael Sweet, Easy Software Products email@example.com Printing Software for UNIX http://www.easysw.com