Mozilla supports digest authentication as a replacement for basic in HTTP/1.1. Unfortunately, it doesn't support it completely as described in RFC2617, that is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash of the body as well as the password/username to prevent the page transmitted from being tempered with). It would really be useful if implemented, as I can't use SSL for performance problems (embedded web server). I'm sure a lot of people would benefit from the security increase it provides! PS : The neon library (http://www.webdav.org/neon/) supports that all right, and is free software as well!
not sure when this'll get fixed... future for now.
any plans for this?
-> default owner