Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday April 24 2017, @07:31AM   Printer-friendly
from the one-step-forward,-two-steps-back dept.

The USPTO (Patent and Trademark Office) has updated its Public Patent Application Information Retrieval (Public-PAIR) service so that it no longer supports HTTPS (secure) access. From the announcement with emphasis added:

Public PAIR Maintenance and Outage

The USPTO will be performing maintenance on the Public Patent Application Information Retrieval (Public Pair) beginning at 12:01 a.m., Friday, April 21 and ending at 2 a.m., Friday, April 21 ET.

During the maintenance period, Public PAIR will be unavailable.

Immediately after the maintenance, users will only be able to access Public PAIR through URLs beginning with HTTP, such as http://portal.uspto.gov/pair/PublicPair. Past URLs using HTTPS to access Public Pair, such as https://portal.uspto.gov/pair/PublicPair, will no longer work.

Can anyone explain why there would be this seemingly backwards move to insecure communications?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Soylentbob on Monday April 24 2017, @03:07PM

    by Soylentbob (6519) on Monday April 24 2017, @03:07PM (#498876)

    Where HTTPS evangelism gets a bit ridiculous is when it is applied to sites serving public, mostly static information. HTTPS can't hide which server you're accessing and, given that and a knowledge of what is on each page of the site, it isn't rocket science to predict which pages you actually viewed from download size etc.

    But is will be more difficult with https for AT&T [webpolicy.org], Comcast [theregister.co.uk] and others to inject their JavasCrapt. Also it will be more difficult for my provider to sell my browser-history, or for my purely hypothetical over-ambitious colleague to guesstimate on what project I'm working by seeing which patents I look up.

    Also, to re-iterate my original point, the weakest link of HTTPS is the use of certificates to verify the site's identity, which is critical to stop your ISP or employer MITMing you.

    I could go to some lengths and remove insecure root-authorities, but even without that effort my provider would be hard-pressed to get fake-certificates for all websites I visit.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2