Whitehouse Mandates HTTPS For Government Sites and Services

← Back to Stories (view on slashdot.org)

Whitehouse Mandates HTTPS For Government Sites and Services

Posted by samzenpus on Wednesday June 10, 2015 @11:58AM from the keeping-it-secure dept.

Bismillah writes: As per orders from Tony Scott, the government CIO, all federal agencies with publicly accessible websites must provide service only through a secure HTTPS connection. "Federal websites that do not convert to HTTPS will not keep pace with privacy and security practices used by commercial organizations, and with current and upcoming Internet standards," according to his memo. "This leaves Americans vulnerable to known threats, and may reduce their confidence in their government."

3 of 111 comments (clear)

Min score:

Reason:

Sort:

Many are already using HTTPS and IPv6 by WillAffleckUW · 2015-06-10 11:59 · Score: 5, Informative

It's not like this is a new initiative, or that we didn't have dry runs a few years ago.
It's just a few recalcitrant holdouts being told: "Switch or Die".

--
-- Tigger warning: This post may contain tiggers! --
Re:Require .gov TLD ? by ShanghaiBill · 2015-06-10 12:28 · Score: 4, Informative

and .edu, I'd guess.
Those are almost all state, local, or private. But there are a few run by the feds, such as www.usma.edu and www.usna.edu, which default to vanilla http.
Re:Oh the irony by Qzukk · 2015-06-10 13:11 · Score: 3, Informative

you mean like thinking HTTPS stops anyone from seeing the URL you just visited so they can view it for themselves?
... it does, unless you've got some spyware installed phoning home every URL you visit. Or chrome, but I repeat myself.
Thanks to SNI and IPv4 forcing everyone to host multiple sites on one address (but I repeat myself) SSL does now leak the hostname you are attempting to request during the handshake so the server can select a certificate.

--
If I have been able to see further than others, it is because I bought a pair of binoculars.