Just now I tested the SSL security ratings for some of the law firms that obtain large numbers of US design patents for their clients (blog article here). This prompted me to look at some patent office web sites. Here are the results:
| site | overall | PFS | HSTS | CAA | CA |
| www.uspto.gov | B | no | yes | no | Entrust |
| epCT | A+ | yes | yes | no | Thawte |
| Private PAIR | B | no | no | no | Entrust |
| EPAS | B | no | no | no | Entrust |
| WIPO DAS | B | no | no | no | Thawte |
As you can see, most of the sites tested achieved only a B rating. Of the sites tested, only WIPO’s ePCT site got an A+ rating. None of the sites has a CAA record. Only one has Perfect Forward Secrecy, and only two have HSTS.
Neither USPTO nor WIPO seems to have migrated to the free-of-charge Let’s Encrypt service for SSL certificates — WIPO uses Thawte, which costs money, and USPTO uses Entrust, which also costs money and is also the maker of the Entrust Java applet that is the bane of PAIR and EFS-Web users.
I only tested five SSL-protected patent office web sites. What’s your favorite SSL-protected patent office web site? What rating does that site achieve in an SSL test?
The Canadian Intellectual Property Office (CIPO) has its web site on the Industry Canada domain (ic.gc.ca) and it got an “A”. CA is Entrust. It has PFS, but does not have HSTS or CAA,
Manuel Fortin
Thank you for doing the test, and thank you for posting!