Tim Callan and Jason Soroko

Root Causes: A PKI and Security Podcast

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to u...

Autor

Tim Callan and Jason Soroko

Categoría

Technology

Web del podcast

soundcloud.com

Último episodio

10 de jul. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

Root Causes 639: Fighting Static API Key Spillage Is Like Fighting Gravity 10.07.2026

Static API keys are a common security practice. In this episode we discuss the risk of these keys being revealed, including directly by the AIs that use them.

Root Causes 638: Catfishing 08.07.2026

Tim shares his very personal experience with would-be catfishers and we talk about how AI is set to change the catfishing attack.

Root Causes 637: Is It Time to Get Rid of EV SSL? 06.07.2026

The Baseline Requirements, CT logs, the Bugzilla Bloodbath, shortening certificate lifespans, all these trends serve to enforce a high level of quality and predictability across WebPKI certificates. Nearly twenty years after the introduction of EV SSL, we ask if it has served its purpose and should be retired.

Root Causes 636: The Future of Crypto Agility 02.07.2026

Dustin Moody of NIST joins us to talk about the evolution of standardized cryptography beyond the current PQC efforts. Topics include maintaining visibility on cryptography presently in use, 50 years of RSA, and cryptographic heterogeny.

Root Causes 635: Do We Need to Get Rid of ECC? 29.06.2026

Bas Westerbaan of Cloudflare joins us to discuss recent information that heightens concerns about Elliptic Curve Cryptography (ECC) and its vulnerability to a cryptographically relevant quantum computer (CRQC). We pose the question do we need to deprecate ECC in advance of our migration to ML-DSA and other PQC algorithms.

Root Causes 634: White House Executive Order Accelerates PQC Deployment 26.06.2026

A new Executive Order (EO) moves the deadline for ML-DSA deployment up to 2031. We talk about why this happened and its implications on government, the technology industry, and enterprises around the globe.

Root Causes 633: ETSI PQC Conference Wrap Up 24.06.2026

We are freshly returned from the 2026 ETSI PQC Conference. We give a debrief on the conference, including the difference between post quantum cryptography (PQC) and quantum key distribution (QKD), the algorithmic zoo, PQC for blockchain, the Dunning Kruger Effect, and cryptographic Frogger.

Root Causes 632: Gartner Risk and Security 2026 Wrap Up 22.06.2026

We recently attended the Gartner Risk and Security conference for 2026, where we observed a great deal of attention on not only AI but also post quantum cryptography (PQC). Join us as we share the key takeaways.

Root Causes 631: Did the Bugzilla Bloodbath Change Anything? 19.06.2026

2024 saw a flurry of high profile incidents for public CA, which we named the Bugzilla Bloodbath. We look back to see how the WebPKI has changed as a consequence.

Root Causes 630: The PQC Physicality Crisis 17.06.2026

Resource-constrained devices may need to address PQC through real-time, seed-based, key generation. Unfortunately, this leaves the full key exposed very briefly in RAM. The potential consequences of this are far-reaching and scary. We go into the details.

Root Causes 629: Does the Evidence Support Moving PQC Deadlines to 2029? 15.06.2026

Sam Jaques of the University of Waterloo returns to discuss his tracking of progress in quantum computers and offer a perspective on moving our PQC deadlines up to 2029.

Root Causes 628: PI-DOS (Prompt Injection-based Denial of Service) 12.06.2026

An emerging attack against AIs is to create a significantly complex and recursive prompt that will occupy the AI indefinitely or for a sufficiently long time that it acts as a Denial-of-Service (DoS) attack. We describe how this works.

Root Causes 627: UK vs Apple E2EE Backups 10.06.2026

In the latest in our coverage of government versus encryption, the UK issued secret orders to Apple to give it a cryptographic backdoor to Apple's advanced data protection capability for iCloud. Apple responded by eliminating encryption entirely for UK users. We break it down.

Root Causes 626: TLS 1.3 Roadblock 08.06.2026

TLS 1.3 is required to take advantage of post quantum cryptography (PQC) algorithms. Yes, we still see a lot of TLS 1.2 or earlier in deployment. We examine why this is the case and what to do about it.

Root Causes 625: AI in 1000 Days - Cyber Defense 05.06.2026

Recent revelations about Mythos and its ability to expose vulnerabilities have forced us to rethink basic assumptions about cyber defense. In our "AI in 1000 Days" series, Jason Soroko and I examine the implications of these revelations three years from now. This includes upping the overall pace of attack and changes to best practices in cyber security defense.

Root Causes 624: Implications of Mythos 03.06.2026

Anthropic has delayed its widespread release of Mythos to give major software providers a chance to close off the many vulnerabilities it has discovered. We dig into the vast implications of Mythos and other AI models for the future of cybersecurity.

Root Causes 623: Are PQC Key Sized Big Enough? 01.06.2026

We discuss the possibility that our standardized ML-DSA keys turn out to be too short for true confidence, why that might occur, and the implications for private PKI certificates.

Root Causes 622: Modeling the Time to CRQC 29.05.2026

Sam Jaques joins us to explain his much-referenced chart mapping progress toward cryptographically relevant quantum computing (CRQC).

Root Causes 621: Simplicity at Scale 26.05.2026

We break down the phrase "Simplicity at Scale" to see what it means to us in the context of CAs and CLM.

Root Causes 620: Will NIST Update Its PQC Timelines? 22.05.2026

A few years ago NIST proposed deadlines for PQC deployment at 2030 and 2035. But recent announcements from Google and Cloudflare suggest 2029 as a better deprecation target. We are joined by Dustin Moody to get the NIST perspective on these announcements.

Root Causes 619: Do We All Need to Adopt PQC by 2029? 18.05.2026

Recent announcements from Google and Cloudflare have declared new 2029 deadlines for full post quantum cryptography (PQC) migration. Bas Westerbaan explains the rationale behind Cloudflare's decision and discusses implications for other enterprises, asking "Are you a gambler?"

Root Causes 618: MTC and Private PKI 15.05.2026

Repeat guest Bas Westerbaan of Cloudflare joins us to explore the role of Merkle Tree Certificates in private CA scenarios with an eye toward where they will be needed and where traditional PKI will be better suited.

Root Causes 617: What Are X9 Certificates? 13.05.2026

The US-based X9 financial industry consortium has created a server certificate. We explain what X9 certificates are and suitable use cases for this certificate type.

Root Causes 616: NIST and Merkle Tree Certificates 11.05.2026

Dustin Moody of NIST joins us to discuss Merkle Tree Certificates (MTC) and the NIST position on them.

Root Causes 615: What Is IETF PLANTS? 08.05.2026

Repeat guest Bas Westerbaan of Cloudflare joins us to explain the PLANTS working group in IETF, which is driving standards around post quantum cryptography (PQC) and Merkle Tree Certificates (MTC). Bas explains the path to becoming a final standard, where we are in this process, and how you can get involved.

Escucha el podcast Root Causes: A PKI and Security Podcast en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos