Slashdot Mirror

← Back to Stories (view on slashdot.org)

Whitehouse Mandates HTTPS For Government Sites and Services

Posted by samzenpus on from the keeping-it-secure dept.

Bismillah writes: As per orders from Tony Scott, the government CIO, all federal agencies with publicly accessible websites must provide service only through a secure HTTPS connection. "Federal websites that do not convert to HTTPS will not keep pace with privacy and security practices used by commercial organizations, and with current and upcoming Internet standards," according to his memo. "This leaves Americans vulnerable to known threats, and may reduce their confidence in their government."

8 of 111 comments (clear)

  1. Many are already using HTTPS and IPv6 by WillAffleckUW · · Score: 5, Informative

    It's not like this is a new initiative, or that we didn't have dry runs a few years ago.

    It's just a few recalcitrant holdouts being told: "Switch or Die".

    --
    -- Tigger warning: This post may contain tiggers! --
  2. Oh the irony by Anonymous Coward · · Score: 5, Insightful

    Commanding the NSA to continue violating the Constitution and sucking up our data despite the Supreme Court's ruling that it is illegal. And this is the same gov't that wants to weaken encryption... yet they want to use it at the same time.

    1. Re:Oh the irony by vux984 · · Score: 4, Funny

      Jebus Christ. Seriously?

      HTTPS on government sites isn't to protect you snooping from the NSA. Its to protect you from the neighbors kids, and random hackers around the world.

      Not everything is about the NSA all the time. This is a good thing; even if if doesn't shut down the NSA.

    2. Re:Oh the irony by Qzukk · · Score: 3, Informative

      you mean like thinking HTTPS stops anyone from seeing the URL you just visited so they can view it for themselves?

      ... it does, unless you've got some spyware installed phoning home every URL you visit. Or chrome, but I repeat myself.

      Thanks to SNI and IPv4 forcing everyone to host multiple sites on one address (but I repeat myself) SSL does now leak the hostname you are attempting to request during the handshake so the server can select a certificate.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  3. Confidence in their government by Ada_Rules · · Score: 4, Insightful

    So, we'll keep locking people in rape cages for growing plants, pulling guns on unarmed teens and going through security theater in air ports with a 90% detection failure rate....But finally I can do https://whitehouse.gov/ to vote on a bogus petition with no effect. My confidence is restored thusly.

    --
    --- Liberty in our Lifetime
  4. But encryption by penguinoid · · Score: 4, Funny

    Wait, I thought government as trying to fight encryption, not require it.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:But encryption by viperidaenz · · Score: 4, Insightful

      No, they're trying to compromise encryption, not fight it.

  5. Re:Require .gov TLD ? by ShanghaiBill · · Score: 4, Informative

    and .edu, I'd guess.

    Those are almost all state, local, or private. But there are a few run by the feds, such as www.usma.edu and www.usna.edu, which default to vanilla http.