Stories
Slash Boxes
Comments

SoylentNews is people

All U.S. Federal Websites to Move to HTTPS

posted by n1 on Wednesday June 10 2015, @06:57AM   Printer-friendly
from the fbi-encryption-prevention dept.

takyon writes:

The White House Office of Management and Budget (OMB) has issued a directive that requires all publicly accessible federal Web sites to adopt HTTPS:

An HTTPS-Only standard will eliminate inconsistent, subjective determinations across agencies regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide. Federal websites that do not convert to HTTPS will not keep pace with privacy and security practices used by commercial organizations, and with current and upcoming Internet standards. This leaves Americans vulnerable to known threats, and may reduce their confidence· in their government. Although some Federal websites currently use HTTPS, there has not been a consistent policy in this area. An HTTPS-only mandate will provide the public with a consistent, private browsing experience and position the Federal Government as a leader in Internet security.

United States Chief Information Officer Tony Scott adds:

Per the issuance of this Memorandum, all publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31st of 2016.

OMB first proposed the HTTPS-Only Standard in March and requested comment from the public. During the feedback period, OMB's proposal received numerous comments and suggestions from Internet's standards bodies, popular web browsers, and concerned citizens. To assist with the conversion to HTTPS, technical assistance and best-practices for migration are available at https://https.cio.gov – a site that is open to contribution from technical experts around the world. Finally, a public dashboard has been constructed to monitor progress.

Original Submission

 
This discussion has been archived. No new comments can be posted.
All U.S. Federal Websites to Move to HTTPS | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by MichaelDavidCrawford on Wednesday June 10 2015, @05:40PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday June 10 2015, @05:40PM (#194601) Homepage Journal

    ... so that visitors will have no choice but to use encryption, but before I do, I want to know:

    Is there any country in the world, in which it is illegal to use SSL encrytion? Would someone violate the law by visiting my site, or alternatively would they violate the law simply by possessing a browser that supported SSL?

    I once read that it is a criminal offense, subject to court martial, for US military personnel to use any form of encryption other than that provided by the military for their work. Otherwise there would be the obvious problem of spies letting our enemies know that we plan to attack at dawn.

    But if that's still the case, so much as checking your bank balance would land you in Leavenworth.

    --
    Yes I Have No Bananas. [gofundme.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 4, Informative) by NCommander on Wednesday June 10 2015, @06:34PM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Wednesday June 10 2015, @06:34PM (#194618) Homepage Journal

    I don't think its explicatively illegal anywhere except maybe North Korea. That being said, the CA system pretty much inherently broken, as long as a nation-state has a certificate in the root or can pressure a company w/ a intermediate certicate in the chain, your hosed. HSTS and HPKP can protect you *after* first connection but beyond that, you're basically fucked. I lived in China, and as long as the entire site wasn't blacklisted, SSL worked just fine through the great firewall as did SSH.

    --
    Still always moving