Mozilla supports digest authentication as a replacement for basic in HTTP/1.1.
Unfortunately, it doesn't support it completely as described in RFC2617, that
is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash
of the body as well as the password/username to prevent the page transmitted
from being tempered with).
It would really be useful if implemented, as I can't use SSL for performance
problems (embedded web server). I'm sure a lot of people would benefit from the
security increase it provides!
PS : The neon library (http://www.webdav.org/neon/) supports that all right, and
is free software as well!
not sure when this'll get fixed... future for now.
any plans for this?
-> default owner