NSA broke it already On Mon, Nov 4, 2013 at 1:42 PM, William Denton <[log in to unmask]> wrote: > I think it's time we made everything on code4lib.org use HTTPS by default > and redirect people to HTTPS from HTTP when needed. (Right now there's an > outdated self-signed SSL certificate on the site, so someone took a stab at > this earlier, but it's time to do it right.) > > StartCom gives free SSL certs [0], and there are lots of places that sell > them for prices that seem to run over $100 per year (which seems ridiculous > to me, but maybe there's a good reason). > > I don't know which is the best way to get a cert for a site like this, but > if people agree this is the right thing to do, perhaps someone with some > expertise could work with the Oregon State hosts? > > More broadly, I think everyone should be using HTTPS everywhere (and HTTPS > Everywhere, the browser extension). Are any of you implementing HTTPS on > your institution's sites, and moving to it as default? It's one of those > slightly finicky things that on the surface isn't necessary (why bother > with a library's opening hours or address?) but deeper down is, because > everyone should be able to browse the web without being monitored. > > Bill > > [0] https://cert.startcom.org/ > > -- > William Denton > Toronto, Canada > http://www.miskatonic.org/ >