PODCAST · technology
Root Causes: A PKI and Security Podcast
by Tim Callan and Jason Soroko
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.
-
628
Root Causes 641: What Is SPIRE?
In our episode 640 we defined SPIFFE, which provides digital identity for agentic workloads. In this episode we explain SPIRE (SPIFFE Runtime Environment), the SPIFFE certificate provisioning protocol.
-
627
Root Causes 640: What is SPIFFE?
SPIFFE (Secure Production Identity Framework for Everyone) is a standard for digital identity for agentic workloads. In this episode we explain.
-
626
Root Causes 639: Fighting Static API Key Spillage Is Like Fighting Gravity
Static API keys are a common security practice. In this episode we discuss the risk of these keys being revealed, including directly by the AIs that use them.
-
625
Root Causes 638: Catfishing
Tim shares his very personal experience with would-be catfishers and we talk about how AI is set to change the catfishing attack.
-
624
Root Causes 637: Is It Time to Get Rid of EV SSL?
The Baseline Requirements, CT logs, the Bugzilla Bloodbath, shortening certificate lifespans, all these trends serve to enforce a high level of quality and predictability across WebPKI certificates. Nearly twenty years after the introduction of EV SSL, we ask if it has served its purpose and should be retired.
-
623
Root Causes 636: The Future of Crypto Agility
Dustin Moody of NIST joins us to talk about the evolution of standardized cryptography beyond the current PQC efforts. Topics include maintaining visibility on cryptography presently in use, 50 years of RSA, and cryptographic heterogeny.
-
622
Root Causes 635: Do We Need to Get Rid of ECC?
Bas Westerbaan of Cloudflare joins us to discuss recent information that heightens concerns about Elliptic Curve Cryptography (ECC) and its vulnerability to a cryptographically relevant quantum computer (CRQC). We pose the question do we need to deprecate ECC in advance of our migration to ML-DSA and other PQC algorithms.
-
621
Root Causes 634: White House Executive Order Accelerates PQC Deployment
A new Executive Order (EO) moves the deadline for ML-DSA deployment up to 2031. We talk about why this happened and its implications on government, the technology industry, and enterprises around the globe.
-
620
Root Causes 633: ETSI PQC Conference Wrap Up
We are freshly returned from the 2026 ETSI PQC Conference. We give a debrief on the conference, including the difference between post quantum cryptography (PQC) and quantum key distribution (QKD), the algorithmic zoo, PQC for blockchain, the Dunning Kruger Effect, and cryptographic Frogger.
-
619
Root Causes 632: Gartner Risk and Security 2026 Wrap Up
We recently attended the Gartner Risk and Security conference for 2026, where we observed a great deal of attention on not only AI but also post quantum cryptography (PQC). Join us as we share the key takeaways.
-
618
Root Causes 631: Did the Bugzilla Bloodbath Change Anything?
2024 saw a flurry of high profile incidents for public CA, which we named the Bugzilla Bloodbath. We look back to see how the WebPKI has changed as a consequence.
-
617
Root Causes 630: The PQC Physicality Crisis
Resource-constrained devices may need to address PQC through real-time, seed-based, key generation. Unfortunately, this leaves the full key exposed very briefly in RAM. The potential consequences of this are far-reaching and scary. We go into the details.
-
616
Root Causes 629: Does the Evidence Support Moving PQC Deadlines to 2029?
Sam Jaques of the University of Waterloo returns to discuss his tracking of progress in quantum computers and offer a perspective on moving our PQC deadlines up to 2029.
-
615
Root Causes 628: PI-DOS (Prompt Injection-based Denial of Service)
An emerging attack against AIs is to create a significantly complex and recursive prompt that will occupy the AI indefinitely or for a sufficiently long time that it acts as a Denial-of-Service (DoS) attack. We describe how this works.
-
614
Root Causes 627: UK vs Apple E2EE Backups
In the latest in our coverage of government versus encryption, the UK issued secret orders to Apple to give it a cryptographic backdoor to Apple's advanced data protection capability for iCloud. Apple responded by eliminating encryption entirely for UK users. We break it down.
-
613
Root Causes 626: TLS 1.3 Roadblock
TLS 1.3 is required to take advantage of post quantum cryptography (PQC) algorithms. Yes, we still see a lot of TLS 1.2 or earlier in deployment. We examine why this is the case and what to do about it.
-
612
Root Causes 625: AI in 1000 Days - Cyber Defense
Recent revelations about Mythos and its ability to expose vulnerabilities have forced us to rethink basic assumptions about cyber defense. In our "AI in 1000 Days" series, Jason Soroko and I examine the implications of these revelations three years from now. This includes upping the overall pace of attack and changes to best practices in cyber security defense.
-
611
Root Causes 624: Implications of Mythos
Anthropic has delayed its widespread release of Mythos to give major software providers a chance to close off the many vulnerabilities it has discovered. We dig into the vast implications of Mythos and other AI models for the future of cybersecurity.
-
610
Root Causes 623: Are PQC Key Sized Big Enough?
We discuss the possibility that our standardized ML-DSA keys turn out to be too short for true confidence, why that might occur, and the implications for private PKI certificates.
-
609
Root Causes 622: Modeling the Time to CRQC
Sam Jaques joins us to explain his much-referenced chart mapping progress toward cryptographically relevant quantum computing (CRQC).
-
608
Root Causes 621: Simplicity at Scale
We break down the phrase "Simplicity at Scale" to see what it means to us in the context of CAs and CLM.
-
607
Root Causes 620: Will NIST Update Its PQC Timelines?
A few years ago NIST proposed deadlines for PQC deployment at 2030 and 2035. But recent announcements from Google and Cloudflare suggest 2029 as a better deprecation target. We are joined by Dustin Moody to get the NIST perspective on these announcements.
-
606
Root Causes 619: Do We All Need to Adopt PQC by 2029?
Recent announcements from Google and Cloudflare have declared new 2029 deadlines for full post quantum cryptography (PQC) migration. Bas Westerbaan explains the rationale behind Cloudflare's decision and discusses implications for other enterprises, asking "Are you a gambler?"
-
605
Root Causes 618: MTC and Private PKI
Repeat guest Bas Westerbaan of Cloudflare joins us to explore the role of Merkle Tree Certificates in private CA scenarios with an eye toward where they will be needed and where traditional PKI will be better suited.
-
604
Root Causes 617: What Are X9 Certificates?
The US-based X9 financial industry consortium has created a server certificate. We explain what X9 certificates are and suitable use cases for this certificate type.
-
603
Root Causes 615: What Is IETF PLANTS?
Repeat guest Bas Westerbaan of Cloudflare joins us to explain the PLANTS working group in IETF, which is driving standards around post quantum cryptography (PQC) and Merkle Tree Certificates (MTC). Bas explains the path to becoming a final standard, where we are in this process, and how you can get involved.
-
602
Root Causes 614: MTC and Downgrade Attacks
It's reasonable to believe that Merkle Tree Certificates (MTC) and traditional RSA will co-exist on the same servers for years, if not decades, during the transition to post quantum cryptography (PQC). Bas Westerbaan of Cloudflare joins us in this episode to explore the possibility of quantum downgrade attacks and what we can do about them.
-
601
Root Causes 613: Status of the NIST PQC Contests
We are joined by Dustin Moody of NIST to go over the current state of the various post quantum cryptography (PQC) contests, including upcoming FIPS standards for Falcon (FN-DSA) and HQC, other Round 4 algorithms, the digital signing algorithm (DSA) On Ramp, isogeny, and future cryptographic exploration.
We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.
HOSTED BY
Tim Callan and Jason Soroko
CATEGORIES
Loading similar podcasts...