secure DOIs

[katrinleinweber]

new suggested resolver, see https://www.doi.org/

[sckott]

thanks for the PR @katrinleinweber - been asking about this - it's not yet clear that this is for sure the best thing to do. Yes, https is best practice over http, but I heard that URIs with https vs. http are considered different identifiers.

We should at least change away from dx.doi.org to doi.org

[katrinleinweber]

But in that case, the URIs with & without dx. would also be different, no? In any case, I was targeting software that generated DOIs. If this is a parser, I didn't realise that.

[sckott]

Yes, this client only supports consumption/reading data, not generating DOIs

But in that case, the URIs with & without dx. would also be different, no?

yeah, i suppose so, I'm still asking around trying to get consensus on best practice here

[ioverka]

CrossRef's display guidelines still refer to "http://dx.doi.org" (see http://www.crossref.org/02publishers/doi_display_guidelines.html) and I use this as authoritative source ;)

[sckott]

thanks @ioverka - though @mfenner said he uses doi.org, wonder what @gbilder thinks

[ioverka]

maybe https://www.datacite.org/services/cite-your-data.html would require an update as well...

[mfenner]

I think that there is currently no common practice regarding http vs. https and doi.org vs. dx.doi.org. Hopefully we can all move to https and a common proxy server, but for the time being I suggest to be flexible when consuming DOIs.

[sckott]

Okay, well maybe it makes most sense then to let the user set what base url they want to use for content negotiation, and the default can remain http://dx.doi.org for now

[sckott]

@katrinleinweber see previous comment, okay if I close this? and i'll add a way for users to set the base URL for content negotiation