First up, I've got to say that I'm unaware of anyone using these over
HTTPS in production, so issues are forward-looking and largely hypothetical.
The good news is that both use DNSSEC:
The bad news is that some servers in the dx.doi.org DNS rotation don't
appear be listening on 443 at all and that those that do have variable
configuration that gets them a 'C':
Further, a number of doi.org-native links redirect from HTTPS to HTTP
without warning. For example https://dx.doi.org/ links to
https://dx.doi.org/help.html but that's just a redirect to
http://www.doi.org/factsheets/DOIProxy.html www.doi.org isn't listening
on port 443.
Testing DOI resolution over HTTPS gives occasional very long timeouts
(presumably those non-443 servers?).
All of the servers in the hdl.handle.net DNS rotation are listening on
443, but again the variable security config and low scores:
Note that some of the servers have 'test' in their server name, which
makes me wonder...
Again, the home site and help pages are HTTP only and there are HTTPS->
Testing handle resolution over HTTPS seemed to work reliably for me when
I tested it.
Anyone have ideas as to who needs to lobby who to get this improved?