> I meant USGOV protects USGOV. (Although not USGOV employees per se...)
> Cybersecurity wise USGOV probably doesn't/hardly need HTTPS,
> depending on the abilities of adversaries.

Of course. US govt using https in their stupid propaganda
websites is irrelant. What is weird is that some US govt
employee bothered to advertise it here. Is he clueless?
Was he trolling?

I wasn't trolling. I've been a member of this list, and paying close attention to the field, since well before I joined the US government (which happened back in May).

Before this, I worked for 5 years at a relatively adversarial non-profit group focused on government transparency, called the Sunlight Foundation.

I also did personal work on furthering encryption and drawing attention to government surveillance:

https://konklone.com/post/switch-to-https-now-for-free

https://konklone.com/post/the-door-to-the-fisa-court

https://twitter.com/fisacourt

I still work on them, and stuff like it, in my personal capacity. I'm on the record in all kinds of places, in my personal capacity, supporting what Edward Snowden did and pushing for technical changes and policy reform to curtail surveillance.

I completely expect (and find welcome and appropriate) high levels of skepticism for anything the US government does. All I can tell you is where I'm coming from, and the actions my team is taking.

In my government capacity, when https://letsencrypt.org is operational next year, I hope to get as many .gov domains to use their certificates as I can.

-- Eric

konklone.com | @konklone