Requires qop-based authentication

the module currently lacks backward compatibility with clients that don't provide ‘qop’ fields in the Authorize header. according to the RFC the server should work without it, but is it worth supporting the less secure version of an already not-bulletproof authentication scheme?
