I think it's time we made everything on use HTTPS by default 
and redirect people to HTTPS from HTTP when needed.  (Right now there's an 
outdated self-signed SSL certificate on the site, so someone took a stab 
at this earlier, but it's time to do it right.)

StartCom gives free SSL certs [0], and there are lots of places that sell 
them for prices that seem to run over $100 per year (which seems 
ridiculous to me, but maybe there's a good reason).

I don't know which is the best way to get a cert for a site like this, but 
if people agree this is the right thing to do, perhaps someone with some 
expertise could work with the Oregon State hosts?

More broadly, I think everyone should be using HTTPS everywhere (and HTTPS 
Everywhere, the browser extension).  Are any of you implementing HTTPS on 
your institution's sites, and moving to it as default?  It's one of those 
slightly finicky things that on the surface isn't necessary (why bother 
with a library's opening hours or address?) but deeper down is, because 
everyone should be able to browse the web without being monitored.



William Denton
Toronto, Canada