# HTTPS for .gov

Talk given by Eric Mill at the National Association of Government Web Professionals (NAGW) 2015 conference in Albuqerque, New Mexico.

## Resources

* [Introduction to HTTPS](https://www.youtube.com/watch?v=d2GmcPYWm5k), by Eric Mill for DigitalGov University
* [Implementing HTTPS](https://www.youtube.com/watch?v=rnM2qAfEG-M), by Eric Mill for DigitalGov University
* [https.cio.gov](https://https.cio.gov/), OMB/GSA hub for HTTPS policy implementation

## Links from the talk

* [Comcast's ad injection](http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/), September 2014
* [Verizon's tracking injection](http://www.forbes.com/sites/kashmirhill/2014/10/28/find-out-whether-this-privacy-killing-super-cookie-is-on-your-phone/), October 2014
* [Verizon-Turn zombie cookie](http://webpolicy.org/2015/01/14/turn-verizon-zombie-cookie/), January 2015
* ["Data is at the heart of search. But who has access to it?"](http://andreasgal.com/2015/03/30/data-is-at-the-heart-of-search-but-who-has-access-to-it/), March 2015
* [China's Great Cannon](https://citizenlab.org/2015/04/chinas-great-cannon/), April 2015
* [AIDS.gov leaking location information](https://www.washingtonpost.com/news/the-switch/wp/2014/11/07/federal-sites-leaked-the-locations-of-people-seeking-aids-services-for-years/), November 2014
* [Federal IGs not encrypting whistleblower forms](https://www.washingtonpost.com/blogs/the-switch/wp/2015/04/16/why-confidential-tips-to-the-government-may-not-be-confidential-after-all/), April 2015
* [HTTPS FAQ by https.cio.gov](https://https.cio.gov/faq/)
* ["Open Web Alliance" report on growth of encryption](http://www.atis.org/openweballiance/docs/OWAKickoffSlides051414.pdf), May 2014
* [Vox piece on China's Great Cannon attack](http://www.vox.com/2015/3/30/8315281/github-chinese-ddos-attacks), March 2015
* [Wikimedia moving to HTTPS](https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/), June 2015
* [Russia briefly bans Wikipedia](http://www.theguardian.com/world/2015/aug/25/russia-bans-wikipedia-drug-charas-https), August 2015
* [Google using HTTPS as a search ranking signal](http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html), August 2014
* [Mozilla deprecating non-secure HTTP in Firefox](https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/), April 2015
* [Chrome plan to mark HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure), December 2014
* [WhiteHouse.gov announcing HTTPS-only policy](https://www.whitehouse.gov/blog/2015/06/08/https-everywhere-government), June 2015
* [White House OMB Memorandum M-15-13](https://www.whitehouse.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf), June 2015
* ["Why HTTPS for Everything?"](https://https.cio.gov/everything/)
* [HTTPS Strict Transport Security](https://https.cio.gov/hsts/)
* [Pulse](https://pulse.cio.gov) (pulse.cio.gov)
* ["The first .gov domains hardcoded into your browser as all-HTTPS"](https://18f.gsa.gov/2015/02/09/the-first-gov-domains-hardcoded-into-your-browser-as-all-https/), by 18F, February 2015
* [HSTS preload list submission form](https://hstspreload.appspot.com/)
* [Let's Encrypt](https://letsencrypt.org)
* ["Is TLS fast yet?"](https://istlsfastyet.com)
* [HTTP/2 standard](https://tools.ietf.org/html/rfc7540), May 2015
* [Server Name Indication](https://https.cio.gov/sni/)
* [US government web traffic statistics](https://analytics.usa.gov), analytics.usa.gov
* [US Web Design Standards](https://playbook.cio.gov/designstandards/getting-started/) dropping IE8 support