Root Causes: A PKI and Security Podcast podcast artwork

PODCAST · technology

Root Causes: A PKI and Security Podcast

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.

Publisher-supplied feed metadata · PodParley refreshed Jun 12, 2026 · Source feed

  1. 628

    Root Causes 641: What Is SPIRE?

    In our episode 640 we defined SPIFFE, which provides digital identity for agentic workloads. In this episode we explain SPIRE (SPIFFE Runtime Environment), the SPIFFE certificate provisioning protocol.

  2. 627

    Root Causes 640: What is SPIFFE?

    SPIFFE (Secure Production Identity Framework for Everyone) is a standard for digital identity for agentic workloads. In this episode we explain.

  3. 626

    Root Causes 639: Fighting Static API Key Spillage Is Like Fighting Gravity

    Static API keys are a common security practice. In this episode we discuss the risk of these keys being revealed, including directly by the AIs that use them.

  4. 625

    Root Causes 638: Catfishing

    Tim shares his very personal experience with would-be catfishers and we talk about how AI is set to change the catfishing attack.

  5. 624

    Root Causes 637: Is It Time to Get Rid of EV SSL?

    The Baseline Requirements, CT logs, the Bugzilla Bloodbath, shortening certificate lifespans, all these trends serve to enforce a high level of quality and predictability across WebPKI certificates. Nearly twenty years after the introduction of EV SSL, we ask if it has served its purpose and should be retired.

  6. 623

    Root Causes 636: The Future of Crypto Agility

    Dustin Moody of NIST joins us to talk about the evolution of standardized cryptography beyond the current PQC efforts. Topics include maintaining visibility on cryptography presently in use, 50 years of RSA, and cryptographic heterogeny.

  7. 622

    Root Causes 635: Do We Need to Get Rid of ECC?

    Bas Westerbaan of Cloudflare joins us to discuss recent information that heightens concerns about Elliptic Curve Cryptography (ECC) and its vulnerability to a cryptographically relevant quantum computer (CRQC). We pose the question do we need to deprecate ECC in advance of our migration to ML-DSA and other PQC algorithms.

  8. 621

    Root Causes 634: White House Executive Order Accelerates PQC Deployment

    A new Executive Order (EO) moves the deadline for ML-DSA deployment up to 2031. We talk about why this happened and its implications on government, the technology industry, and enterprises around the globe.

  9. 620

    Root Causes 633: ETSI PQC Conference Wrap Up

    We are freshly returned from the 2026 ETSI PQC Conference. We give a debrief on the conference, including the difference between post quantum cryptography (PQC) and quantum key distribution (QKD), the algorithmic zoo, PQC for blockchain, the Dunning Kruger Effect, and cryptographic Frogger.

  10. 619

    Root Causes 632: Gartner Risk and Security 2026 Wrap Up

    We recently attended the Gartner Risk and Security conference for 2026, where we observed a great deal of attention on not only AI but also post quantum cryptography (PQC). Join us as we share the key takeaways.

  11. 618

    Root Causes 631: Did the Bugzilla Bloodbath Change Anything?

    2024 saw a flurry of high profile incidents for public CA, which we named the Bugzilla Bloodbath. We look back to see how the WebPKI has changed as a consequence.

  12. 617

    Root Causes 630: The PQC Physicality Crisis

    Resource-constrained devices may need to address PQC through real-time, seed-based, key generation. Unfortunately, this leaves the full key exposed very briefly in RAM. The potential consequences of this are far-reaching and scary. We go into the details.

  13. 616

    Root Causes 629: Does the Evidence Support Moving PQC Deadlines to 2029?

    Sam Jaques of the University of Waterloo returns to discuss his tracking of progress in quantum computers and offer a perspective on moving our PQC deadlines up to 2029.

  14. 615

    Root Causes 628: PI-DOS (Prompt Injection-based Denial of Service)

    An emerging attack against AIs is to create a significantly complex and recursive prompt that will occupy the AI indefinitely or for a sufficiently long time that it acts as a Denial-of-Service (DoS) attack. We describe how this works.

  15. 614

    Root Causes 627: UK vs Apple E2EE Backups

    In the latest in our coverage of government versus encryption, the UK issued secret orders to Apple to give it a cryptographic backdoor to Apple's advanced data protection capability for iCloud. Apple responded by eliminating encryption entirely for UK users. We break it down.

  16. 613

    Root Causes 626: TLS 1.3 Roadblock

    TLS 1.3 is required to take advantage of post quantum cryptography (PQC) algorithms. Yes, we still see a lot of TLS 1.2 or earlier in deployment. We examine why this is the case and what to do about it.

  17. 612

    Root Causes 625: AI in 1000 Days - Cyber Defense

    Recent revelations about Mythos and its ability to expose vulnerabilities have forced us to rethink basic assumptions about cyber defense. In our "AI in 1000 Days" series, Jason Soroko and I examine the implications of these revelations three years from now. This includes upping the overall pace of attack and changes to best practices in cyber security defense.

  18. 611

    Root Causes 624: Implications of Mythos

    Anthropic has delayed its widespread release of Mythos to give major software providers a chance to close off the many vulnerabilities it has discovered. We dig into the vast implications of Mythos and other AI models for the future of cybersecurity.

  19. 610

    Root Causes 623: Are PQC Key Sized Big Enough?

    We discuss the possibility that our standardized ML-DSA keys turn out to be too short for true confidence, why that might occur, and the implications for private PKI certificates.

  20. 609

    Root Causes 622: Modeling the Time to CRQC

    Sam Jaques joins us to explain his much-referenced chart mapping progress toward cryptographically relevant quantum computing (CRQC).

  21. 608

    Root Causes 621: Simplicity at Scale

    We break down the phrase "Simplicity at Scale" to see what it means to us in the context of CAs and CLM.

  22. 607

    Root Causes 620: Will NIST Update Its PQC Timelines?

    A few years ago NIST proposed deadlines for PQC deployment at 2030 and 2035. But recent announcements from Google and Cloudflare suggest 2029 as a better deprecation target. We are joined by Dustin Moody to get the NIST perspective on these announcements.

  23. 606

    Root Causes 619: Do We All Need to Adopt PQC by 2029?

    Recent announcements from Google and Cloudflare have declared new 2029 deadlines for full post quantum cryptography (PQC) migration. Bas Westerbaan explains the rationale behind Cloudflare's decision and discusses implications for other enterprises, asking "Are you a gambler?"

  24. 605

    Root Causes 618: MTC and Private PKI

    Repeat guest Bas Westerbaan of Cloudflare joins us to explore the role of Merkle Tree Certificates in private CA scenarios with an eye toward where they will be needed and where traditional PKI will be better suited.

  25. 604

    Root Causes 617: What Are X9 Certificates?

    The US-based X9 financial industry consortium has created a server certificate. We explain what X9 certificates are and suitable use cases for this certificate type.

  26. 603

    Root Causes 615: What Is IETF PLANTS?

    Repeat guest Bas Westerbaan of Cloudflare joins us to explain the PLANTS working group in IETF, which is driving standards around post quantum cryptography (PQC) and Merkle Tree Certificates (MTC). Bas explains the path to becoming a final standard, where we are in this process, and how you can get involved.

  27. 602

    Root Causes 614: MTC and Downgrade Attacks

    It's reasonable to believe that Merkle Tree Certificates (MTC) and traditional RSA will co-exist on the same servers for years, if not decades, during the transition to post quantum cryptography (PQC). Bas Westerbaan of Cloudflare joins us in this episode to explore the possibility of quantum downgrade attacks and what we can do about them.

  28. 601

    Root Causes 613: Status of the NIST PQC Contests

    We are joined by Dustin Moody of NIST to go over the current state of the various post quantum cryptography (PQC) contests, including upcoming FIPS standards for Falcon (FN-DSA) and HQC, other Round 4 algorithms, the digital signing algorithm (DSA) On Ramp, isogeny, and future cryptographic exploration.

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.

HOSTED BY

Tim Callan and Jason Soroko

Produced by Tim Callan Jason Soroko

Frequently Asked Questions

How many episodes does Root Causes: A PKI and Security Podcast have?

Root Causes: A PKI and Security Podcast currently has 28 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Root Causes: A PKI and Security Podcast about?

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new...

How often does Root Causes: A PKI and Security Podcast release new episodes?

Root Causes: A PKI and Security Podcast has 28 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Root Causes: A PKI and Security Podcast?

You can listen to Root Causes: A PKI and Security Podcast on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Root Causes: A PKI and Security Podcast?

Root Causes: A PKI and Security Podcast is created and hosted by Tim Callan and Jason Soroko.
URL copied to clipboard!