White House Proposal Urges All Federal Websites To Adopt HTTPS

blottsie writes: In an effort to close security gaps that have resulted in multiple security breaches of government servers, the Obama administration on Tuesday introduced a proposal to require all publicly accessible federal websites to use the HTTPS encryption standard. "The majority of federal websites use HTTP as the as primary protocol to communicate over the public Internet," reads the proposal on the website of the U.S. Chief Information Officer. "Unencrypted HTTP connections create a privacy vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services."

Re:Rules for some, or everyone?

[Lunix+Nutcase]

I don't know. She should probably check the configurations of Jeb Bush's and Rick Perry's private email servers before making a decision.

Re:Only on some...

[TechyImmigrant]

Second, what's you're requirement for not having the security benefit? Given that certs are about $10 a year and require negligible resources, what is your compelling reason for not having encryption by default?

Don't the government have their own CA? The cost to cut a cert should be less than $0.04. I know this because I've set up a real CA and $0.04 per cert included the costs of the operations along with the profit. The actual computing cost is negligible. The costs are the premises and pay for employees, spread out across all the certs they cut.