All US Government Websites to Start Using HTTPS

Web browser closeup on LCD screen with shallow focus with light shining through https padlock. Internet security, SSL certificate, cybersecurity, search engine and web browser concepts

From September 1st this year all US government websites that use the .gov top level domain name will be obliged to use SSL and be available over HTTPS only.

Eventually they plan to add the .gov zone to the HSTS which would make it technically obligatory to have an SSL in order for a site to load in any modern browser. When an entire domain extension is added to the HSTS every domain and subdomain has to use SSL for it to work in browsers. (You can read the full RFC here)

However getting thousands of existing sites to enable SSL is not something that can be done overnight so doing it over the next couple of years makes sense. They admit that they don’t know when they’ll be able to force all sites in .gov to use SSL, as they don’t know what kind of issues the switch could cause. I suspect there are plenty of “gotchas” that they don’t know about yet, so they’ve setup mailing lists and are planning a number of other initiatives to get the word out to government departments.

More information on the .gov site.

Via Bleeping Computer.

By Michele Neylon

Michele is founder and managing director of Irish domain registrar and hosting company Blacknight. Michele has been deeply involved in domain and internet policy discussions for more than a decade. He also co-hosts the Technology.ie podcast.

One comment

Comments are closed.

Exit mobile version