First up, I've got to say that I'm unaware of anyone using these over 
HTTPS in production, so issues are forward-looking and largely hypothetical.

The good news is that both use DNSSEC:

The bad news is that some servers in the DNS rotation don't 
appear be listening on 443 at all and that those that do have variable 
configuration that gets them a 'C':

Further, a number of links redirect from HTTPS to HTTP 
without warning. For example links to but that's just a redirect to isn't listening 
on port 443.

Testing DOI resolution over HTTPS gives occasional very long timeouts 
(presumably those non-443 servers?).

All of the servers in the  DNS rotation are listening on 
443, but again the variable security config and low scores:

Note that some of the servers have 'test' in their server name, which 
makes me wonder...

Again, the home site and help pages are HTTP only and there are HTTPS-> 
HTTP redirects.

Testing handle resolution over HTTPS seemed to work reliably for me when 
I tested it.

Anyone have ideas as to who needs to lobby who to get this improved?