I think that this is a very good idea.
Cherry Hill has committed to going all HTTPS this year. As a hosted service provider, the challenge is getting our clients to do their part, as they own their domains. We are now at the point where they just need to respond to an email. This is easy if their domain record is up to date, but can be problematic when all of the contacts on the record are stale.
We do not find self-signed certificates to be useful for production resources, but we are following the free cert movement, including Let’s Encrypt and WoSign.
Thanks,
Cary
> On Jun 13, 2015, at 9:26 AM, Eric Hellman <[log in to unmask]> wrote:
>
> Jeremy's response made me think.
>
> What do people think about formulating a "Library Digital Privacy Pledge" that libraries, publishers and vendors could sign onto?
>
> Or perhaps a set of pledges. I'd start with moving services to SSL.
>
> Principle:
> Library Services and Resources should be delivered, whenever practical, over channels that are immune to eavesdropping.
>
> Current Best Practice:
> Require HTTPS (SSL) for all services and resources delvivered via the web.
>
> Pledge (for Libraries):
> 1. All web services that we control will require SSL by the end of 2015.
> 2. All web services that we pay for will require SSL by the end of 2016.
>
> Pledge (for Publishers and Vendors):
> 1. All web services that we control will enable SSL by the end of 2015.
> 2. All web services that we offer will require SSL by the end of 2016.
>
> I pick HTTPS to focus on first because it's relatively easy to specify/ understand. You could do something similar with meta referrer, but it's a bit more arcane.
>
> There's a NISO group (I'm on the steering committee) looking at developing principles for library privacy that might be an appropriate forum to support this.
>
> Eric
>
>> On Jun 11, 2015, at 11:55 PM, Frumkin, Jeremy A - (frumkinj) <[log in to unmask]> wrote:
>>
>> Eric -
>>
>> Many thanks for raising awareness of this. It does feel like encouraging good practice re: referrer meta tag would be a good thing, but I would not know where to start to make something like this required practice. Did you have some thoughts on that?
>>
>> — jaf
>>
>> -----------------------------------------------------------
>> Jeremy Frumkin
>> Associate Dean / Chief Technology Strategist
>> University of Arizona Libraries
>>
>> +1 520.626.7296
>> [log in to unmask]
>> ——————————————————————————————
>> "A person who never made a mistake never tried anything new." - Albert Einstein
>>
>>
|