+1 from the W3C TAG

[torgo]

The W3C Technical Architecture Group (TAG) (@w3ctag) is happy to see that the United States government is considering the requirement of encryption and authentication (through use of HTTPS) on all publicly-accessible government Web sites. Doing so will increase the security of people who interact with the government and encourage adoption of a more secure Web, as we documented in the “Securing the Web” finding.

A government requirement sends a strong message that encryption and authentication are necessary for Web security, and will encourage government vendors to embrace providing secure services. As has been noted elsewhere, the incremental cost of doing so falling; thanks to efforts like this, we expect it to continue to drop. While good government needs to be cost-conscious, it should not come at the cost of security.

We note also that where facilities are moved from an http: URL to an https: URL, a redirections should be set up so that existing links do not break. There is ongoing work within the W3C to make this transition easier, and we encourage interested parties to contribute to the WebAppSec Working Group and elsewhere.

Tim Berners-Lee, @timbl (Chair)
Daniel Appelquist, @torgo (Chair)
Peter Linss, @plinss (Chair)
Yves Lafon, @ylafon
Travis Leithead, @travisleithead
Mark Nottingham, @mnot
Alex Russell, @slightlyoff
Yan Zhu, @diracdeltas

[wseltzer]

+1 It's great to see the US Government leveraging open standards to promote private and integrity-assured access to government information.
Wendy Seltzer, @wseltzer, W3C Policy Counsel and Technology & Society Domain Lead.