First up, I've got to say that I'm unaware of anyone using these over HTTPS in production, so issues are forward-looking and largely hypothetical. The good news is that both use DNSSEC: http://dnssec-debugger.verisignlabs.com/hdl.handle.net http://dnssec-debugger.verisignlabs.com/dx.doi.org The bad news is that some servers in the dx.doi.org DNS rotation don't appear be listening on 443 at all and that those that do have variable configuration that gets them a 'C': https://www.ssllabs.com/ssltest/analyze.html?d=dx.doi.org Further, a number of doi.org-native links redirect from HTTPS to HTTP without warning. For example https://dx.doi.org/ links to https://dx.doi.org/help.html but that's just a redirect to http://www.doi.org/factsheets/DOIProxy.html www.doi.org isn't listening on port 443. Testing DOI resolution over HTTPS gives occasional very long timeouts (presumably those non-443 servers?). All of the servers in the hdl.handle.net DNS rotation are listening on 443, but again the variable security config and low scores: https://www.ssllabs.com/ssltest/analyze.html?d=hdl.handle.net Note that some of the servers have 'test' in their server name, which makes me wonder... Again, the home site and help pages are HTTP only and there are HTTPS-> HTTP redirects. Testing handle resolution over HTTPS seemed to work reliably for me when I tested it. Anyone have ideas as to who needs to lobby who to get this improved? cheers stuart