[Tim Wood]

I've updated the release notes to be more clear on this issue.

We aren't switching protocols; https is still being used.

Rather, the WebDAV spec requires a Destination header that determines the, well, destination of the MOVE command. The server in question gets confused when using https and thinks we are trying to move the resource between servers. Passing a http:// URL as the value of the Destination header, within the https session, works around its confusion.

That said, yes, we do want to contact the server to fix their bogus implementation, but as far as we know there are no security problems with this fallback.