Hacker News new | past | comments | ask | show | jobs | submit login

Co-author of the post here, happy to answer questions. =)

This is a GSA initiative, not an 18F initiative. But 18F has a recent post detailing executive branch progress on HTTPS that may also be relevant:

https://18f.gsa.gov/2017/01/04/tracking-the-us-governments-p...




The blog post is unclear. On a technical level (on the preload list), is the enforcement at the TLD level or is it just a legal requirement to submit all .gov domain names to the preload list? If the latter, any plan to move to the former?


Not quite either one -- it's technical enforcement by the TLD, but still done on a per-domain basis (this doesn't affect state/local .gov domains, or legislative/judicial .gov domains). The dotgov.gov program will forcibly preload new domains, but it's not feasible to just submit ".gov" to the preload list right now.


Any plans to force IPv6 adoption in the same manner?



Fantastic! Thanks!


IPv6 is pretty low priority compared to comprehensive HTTPS support.

Disclaimer: Not USDS/18F, just tech professional.


Oh I agree, but the two things can be done at the same time. Especially for new .gov sites.

It appears a lot of .gov sites already support IPv6 but I was wondering if it's an official policy or just at the discretion of the tech team.


Does this include DOD? I suspect DOD is probably already doing this, but just wonder if they fall under the umbrella.


DoD does have some .gov domains, so it would affect them in that way. But .mil is not affected.


The DoD has a massive PKI system already and makes the assumption users of its sites have the appropriate CAs installed. (Home access typically requires installing a set of them, typically bundled separately or in an installer)


DoD uses https and crypto at the transport layer in SIPR. Lots of "type 1" crypto as well, which is its own special thing with NSA issued hardware crypto keys.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: