Last spring, we embarked on an ambitious project to strengthen the security of the Northwest Progressive Institute’s network of websites by making them available only over HTTPS, beginning with this domain, nwprogressive.org, and all the publications housed under it, like the Cascadia Advocate.
Today, we are pleased to announce that we have done the same for two of our oldest projects as well: Permanent Defense and Pacific NW Portal. Both will be celebrating their anniversaries within the next few weeks.
Going HTTPS-only takes work. It involves setting up secure hosting, installing professionally-signed secure certificates, eliminating mixed-content warnings by preventing images, stylesheets, and images from being served over regular ‘ol HTTP, and finally, configuring our servers to seamlessly reroute HTTP requests to HTTPS.
But it’s definitely worth it.
See, when you connect to one of our websites over HTTPS, your session is encrypted. That makes eavesdropping by a third party much more difficult. If you happen to leave a comment or submit a form while visiting one of our sites, the contents of that communication can be scrambled while in transit to our server.
In its popular deployment on the internet, HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
HTTPS cannot hide the address of a website a user is connecting to, or mask the ports being used, due to the nature of the TCP/IP protocols the Internet uses. However, request URLs (specific pages visited by the user), query parameters, headers, and cookies can all be encrypted using HTTPS.
Historically, setting up and operating HTTPS-only websites was expensive, and required the purchase of unique IPs and pricey professionally-signed certificates. But with the advent of Server Name Indication (SNI) and the availability of free professionally-signed certificates from Let’s Encrypt and Amazon Trust Services, it’s easier than it ever has been to go HTTPS-only.
Again, Permanent Defense and Pacific NW Portal are now configured to work only over HTTPS. If you try to connect to either insecurely, your connection will be automatically and seamlessly upgraded to Transport Layer Security by our servers.
Unfortunately, old and crumbly browsers like Microsoft’s Internet Explorer 6/7/8 do not understand how to communicate with hosts using Server Name Indication, and also don’t know to trust certificates authenticated by Let’s Encrypt or Amazon Trust Services, which are new Certificate Authorities (CAs).
We are confident that Pacific NW Portal and Permanent Defense will load correctly, without certificate warnings or other problems, on the following:
Also see Let’s Encrypt’s fairly comprehensive list of supported platforms.
If you’re still using Windows XP (seriously!? Please plan to upgrade as soon as possible!), you will run into problems connecting to our sites unless you are using Mozilla Firefox. You will also run into problems using…
We’ll be getting in touch with BlackBerry tomorrow to ask them to fix the certificate recognition problems on devices running BlackBerry 10, like the Classic, Z30, and Passport. If you use a BB10 device, you can still reach Pacific NW Portal and Permanent Defense — you just have to bypass the scary-looking warning.
When I say “old”, I’m generally referring to any mobile browser that came out more than four years ago, and any desktop browser/operating system combination that is older than ten years. If you’re on something ancient, you really owe it to yourself to upgrade. You don’t have to throw out your old hardware to do this. Even decent computers from the late 1990s are capable of running modern software.
Enjoy the upgraded security on our network!
Depriving states of the means to modestly regulate national banks would further tilt America’s already…
Biden will headline a reception for the Biden Victory Fund, a joint fundraising committee, and…
The administration's action keeps roads out of the Brooks Range and lands of the caribou…
Couldn't join the opening festivities on Saturday, April 27th? Replay the speaking program on-demand and…
The Puget Sound region's second light rail line opened to riders on Saturday, April 27th,…
View a collection of photographs that give a sense of what the new Eastside stations…