Whitehouse Mandates HTTPS For Government Sites and Services

Bismillah writes: As per orders from Tony Scott, the government CIO, all federal agencies with publicly accessible websites must provide service only through a secure HTTPS connection. "Federal websites that do not convert to HTTPS will not keep pace with privacy and security practices used by commercial organizations, and with current and upcoming Internet standards," according to his memo. "This leaves Americans vulnerable to known threats, and may reduce their confidence in their government."

Re:Many are already using HTTPS and IPv6

Yes, I was referring to the way CAs work. The current trust model makes TLS/SSL connections susceptible to government sponsored MITM attacks. They can do it either by mandating the CAs to hand out their PKs or by hacking them without consequences like we've seen before. There is a single-point of failure in TLS/SSL authentication and that point has failed long ago.