Implementing digest authentication is not difficult.
However, if we want to change owner of running httpd by digest
authentication,
then we should consider many many problems.
Digest is a bit of a hybrid in that it does authentication, and also
provides data integrity and protection. It would be nice to implement the
transport layer part in a manner analogous to TLS. I'm currently hacking
on Plan 9's IMAP support, and SASL DIGEST with encryption is high on the
TODO list. (It's a toss-up as to whether DIGEST-MD5 or STARTTLS has the
wider deployment, but software that supports one tends not to support the
other, so it's useful to have both for interoperability's sake.)
--lyndon
