Friday, 20 March 2015

Proposal to make all .gov sites secure HTTP

Federal News Radio reports that  the Office of Management and Budget (OMB) of the United States has proposed a plan to make HTTPS the standard for all .gov websites. “The majority of Federal websites use HTTP as the primary protocol to communicate over the public internet,” says the plan, which also states that HTTP “create a privacy vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services.” The plan goes on to say that "HTTPS verifies the identity of a website or Web service for a connecting client, and encrypts nearly all information sent between the website or service and the user. Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit."
The OMB is asking for feedback and suggestions for this proposal and technical assistance materials. They add that you may email to provide private comments. 

No comments: