Title: Finalizing the HTTPS-Only Standard as formal policy by konklone · Pull Request #108 · GSA/https · GitHub
Open Graph Title: Finalizing the HTTPS-Only Standard as formal policy by konklone · Pull Request #108 · GSA/https
X Title: Finalizing the HTTPS-Only Standard as formal policy by konklone · Pull Request #108 · GSA/https
Description: The proposed HTTPS-Only Standard has now been finalized as the White House Office of Management and Budget memorandum M-15-13, "Policy to Require Secure Connections across Federal Websites and Web Services". This pull request contains some changes between the original proposal, and the finalized version, detailed below. Thanks to everyone who participated in the public comment period! The public comment period elicited a number of highly detailed and helpful submissions, and the resulting policy is better for this feedback. For more details, the White House, 18F, and the CIO Council each have some accompanying blog posts about the release of the policy: White House: HTTPS-Everywhere for Government 18F: The U.S. Government is Moving to HTTPS Everywhere CIO Council: HTTPS-Everywhere for Government (different than the WH post) Below are some details on the changes we've made since the original proposal. I've mapped some to commits, but some are lumped in to others. 725b141 - Emphasize that high-priority websites should begin the HTTPS migration process immediately, and set a specific deadline of December 31, 2016. 7f0836c - Elaborate on planning for change, mention cipher/protocol choices and forward secrecy explicitly. 6cb9a30 and eee26c9 - Incorporate the IETF's suggested revisions on integrity in #97, and then make further edits to relevant areas to clarify mixed content and SNI. Thanks to @josephlhall for the detailed pull request. e2061fe - A number of non-substantive copy changes, and rewording to reflect the transition from proposal to policy. Thank you again to everyone who participated! Fixes #78, fixes #79, fixes #80, fixes #81, fixes #83, fixes #84, fixes #86, fixes #87, fixes #88, fixes #89, fixes #92, fixes #93, fixes #94, fixes #95, fixes #96, fixes #97, fixes #98, fixes #99, fixes #100, fixes #101, fixes #103, fixes #104, fixes #105, fixes #106, and fixes #107.
Open Graph Description: The proposed HTTPS-Only Standard has now been finalized as the White House Office of Management and Budget memorandum M-15-13, "Policy to Require Secure Connections across Federal Websites and...
X Description: The proposed HTTPS-Only Standard has now been finalized as the White House Office of Management and Budget memorandum M-15-13, "Policy to Require Secure Connections across Federal Websites...
Opengraph URL: https://github.com/GSA/https/pull/108
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/checks(.:format) |
| route-controller | pull_requests |
| route-action | checks |
| fetch-nonce | v2:74bd5350-ecb5-e89b-2e5b-51c397a80734 |
| current-catalog-service-hash | 87dc3bc62d9b466312751bfd5f889726f4f1337bdff4e8be7da7c93d6c00a25a |
| request-id | EAFA:1494FD:49CC965:60FC67E:6974A4C6 |
| html-safe-nonce | 705a54a61d36f09697a40426684d8cd2d324c487ebeb354291c2e0740eafee7f |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFQUZBOjE0OTRGRDo0OUNDOTY1OjYwRkM2N0U6Njk3NEE0QzYiLCJ2aXNpdG9yX2lkIjoiODEzMTQ2ODE3MjMxODc3ODU2NiIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | f971e48e05e230bb9cc08b355e8eb94d2a22efef0d64118e606ed2a7aed24056 |
| hovercard-subject-tag | pull_request:37190491 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,checks,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/GSA/https/pull/108/checks |
| twitter:image | https://avatars.githubusercontent.com/u/4592?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/4592?s=400&v=4 |
| og:image:alt | The proposed HTTPS-Only Standard has now been finalized as the White House Office of Management and Budget memorandum M-15-13, "Policy to Require Secure Connections across Federal Websites and... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 4a4bf5f4e28041a9d2e5c107d7d20b78b4294ba261cab243b28167c16a623a1f |
| turbo-cache-control | no-preview |
| go-import | github.com/GSA/https git https://github.com/GSA/https.git |
| octolytics-dimension-user_id | 643070 |
| octolytics-dimension-user_login | GSA |
| octolytics-dimension-repository_id | 28724827 |
| octolytics-dimension-repository_nwo | GSA/https |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 28724827 |
| octolytics-dimension-repository_network_root_nwo | GSA/https |
| turbo-body-classes | logged-out env-production page-responsive full-width full-width-p-0 |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 488b30e96dfd057fbbe44c6665ccbc030b729dde |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width