HTTP Digest Authentication versus SSL

Question

What is the difference between HTTP Digest Authentication and SSL from a performance, security and flexibility point of view?

Answer 1

Digest authentication only encrypts the authentication credentials (that is, the username and password you type into your browser's authentication dialog)... SSL encrypts everything in the page. So SSL will be less efficient, and it's also typically more involved to set up. But SSL does have the advantage that it lets both parties verify each others' identities, if they have trusted certificates. HTTP digest authentication doesn't do that, so when using HTTP digest without SSL, you don't really know if the server you're sending your login info to is the right one or an imposter.