UK government websites will default to HTTPS
Starting October 1, all government digital services (GDS) websites will be required to use HTTPS encryption, according to new security guidelines.
All services will additionally have to publish a domain-based message authentication, reporting & conformance (DMARC) policy that will be applicable to their email systems.
Dafydd Vaughan, a technical architect at the GDS, explained the government’s reasoning behind adopting HTTP encryption in a blog post, saying: "The service.gov.uk standards require all government services to run on secure connections, known as 'HTTPS'. This type of connection makes sure user data is encrypted and stays secure while users interact with your service. In September, we plan to submit the service.gov.uk domain to the browser manufacturers’ HSTS preload list. This means that all modern browsers will only ever connect to government services via HTTPS".
Vaughan also noted that services that are currently only available over unsecured connections will no longer be supported by modern browsers after October 1. To ensure a smooth transition, the GDS has also published guidance on how to implement secure email practices which includes DMARC.
After Edward Snowden disclosed the myriad of ways in which security services took advantages of insecure connections, often to spy on citizens and organizations, there has been a lot of support globally to adopt HTTPS.
Yahoo was one of the first to take action in October 2013 when it transitioned all of Yahoo Mail to HTTPS. Apple will also be forcing developers of iOS apps to secure them with HTTPS from January 1, 2017. Google also took heed in 2014 and promised to rank websites secured with HTTPS higher in its search results.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Image Credit: seanbear/Shutterstock