Lots of activity going on around digest auth lately: James Snell's Claim Authentication and Robert Sayre's HMAC Digest Auth scheme. Probably all spurred by activity in the Atompub working group. I'm disappointed that digest isn't better supported in HTTP stacks, I'd venture that SSL and Digest are supported about equally well, client side, though SSL has some significant implementation costs server side. I would rather client side stacks supported Digest well, though in truth, Basic is frequently supported only by virtue of a client's ability to add HTTP headers and to do Base 64 encoding. Digest requires at least an MD5 implementation and is apparently somewhat more subtle to implement.