Weak Keys and Outdated Machine Identity Management Hurt TLSv1.3 Adoption: Report


A new report suggests that insufficient steps have been taken in the widespread adoption of encryption by top websites.

The report – sponsored by Venafi and prepared by security researcher and TLS expert Scott Helme – looked at the world’s top million sites and found that while progress has been made, machine identities are not always used most effectively.

The good news is that TLSv1.2 usage has dropped by 13% in the last six months, and v1.3 is now used by nearly half of the top sites.

This was reportedly driven by digital transformation initiatives, cloud migration, and new cloud-native stacks that default to TLSv1.3.

However, the adoption of TLSv1.3 has not been accompanied by a move to stronger keys for TLS machine identities.

According to the report, industry-standard ECDSA keys are now used by 17% of the millions of top sites (up from 14% six months ago), with slower, less secure RSA keys still being used by 39% of them.

And HTTPS adoption is stalled at 72%.

“The fact that enterprises are deploying TLS v1.3 with machine identities using RSA keys shows that there is still a lot of progress to be made with machine identity management. A strong algorithm means very little if used in conjunction with a weak key – it’s like building a stone fortress but leaving the wooden door unprotected,” explained Helme, who is also the founder of Report URI.

“Adoption of newer, more efficient and more secure EDCSA keys has been negligible over the past six months. This, coupled with the fact that HTTPS adoption has plateaued over the past six months, shows that the Internet is n is no safer than he was half sure.” one year ago. Cybercriminals are constantly upping the ante, so it’s disheartening to see companies not following suit.

An improvement was also seen in the number of sites using Certificate Authority Authorization (CAA), which increased by 13%.

CAA allows organizations to create a list of trusted CAs, making it harder for attackers to introduce fake certificates from less rigorous sources.

“The recent boom in cloud migration means that every business needs many more TLS machine identities to secure communication between devices, clouds, software, containers and APIs,” said Kevin Bocek , Vice President of Security Strategy and Threat Intelligence at Venafi.

“The fact that more and more enterprises are using CAAs is a positive sign that enterprises are realizing the need for machine identity management. The adoption of CAA also underscores the urgent need for a machine identity management control plane capable of automating the use of machine identities in increasingly complex cloud environments.”


The last year has seen a meteoric rise in ransomware incidents around the world.

Over the past 12 months, threat researchers at SonicWall Capture Labs have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available through the SonicWall Cyber ​​Threat Report 2022, which ensures that SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the growing wave of cybercrime.

Click the button below to get the report.



It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.

The iTWire campaign will include numerous advertisements on our news site itwire.com and a major newsletter promotion https://itwire.com/itwire-update.html and promotional and editorial news. Plus a keynote speaker video interview on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in promotional messages on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and support through partial payments and extended terms, Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



Comments are closed.