NSA broke it already
On Mon, Nov 4, 2013 at 1:42 PM, William Denton <[log in to unmask]> wrote:
> I think it's time we made everything on code4lib.org use HTTPS by default
> and redirect people to HTTPS from HTTP when needed. (Right now there's an
> outdated self-signed SSL certificate on the site, so someone took a stab at
> this earlier, but it's time to do it right.)
>
> StartCom gives free SSL certs [0], and there are lots of places that sell
> them for prices that seem to run over $100 per year (which seems ridiculous
> to me, but maybe there's a good reason).
>
> I don't know which is the best way to get a cert for a site like this, but
> if people agree this is the right thing to do, perhaps someone with some
> expertise could work with the Oregon State hosts?
>
> More broadly, I think everyone should be using HTTPS everywhere (and HTTPS
> Everywhere, the browser extension). Are any of you implementing HTTPS on
> your institution's sites, and moving to it as default? It's one of those
> slightly finicky things that on the surface isn't necessary (why bother
> with a library's opening hours or address?) but deeper down is, because
> everyone should be able to browse the web without being monitored.
>
> Bill
>
> [0] https://cert.startcom.org/
>
> --
> William Denton
> Toronto, Canada
> http://www.miskatonic.org/
>
|