A few weeks ago I wrote about each SSL certificate used on a web server needing to have its own IP address. I ran across a reference to RFC 2817, Upgrading to TLS Within HTTP/1.1. It describes a method to upgrade a connection to TLS (Transport Layer Security, the successor to SSL; I’ll use the terms interchangeably). It’s somewhat complex, and does indeed expand the request/response model along the same lines as basic authentication while taking advantage of HTTP/1.1 persistent connections.
Of course, just because something is described in an RFC doesn’t mean it’s being used. Apache has TLS Upgrade support as of 2.2, but at this time none of the browsers (at least the major ones) support the protocol. Even though it’s not really in use, it’s an interesting exercise to look at how it’s defined and think about implications of its use.