Root Causes: A PKI and Security Podcast

Tim Callan and Jason Soroko•soundcloud.com

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.

Last refreshed: June 28th, 2025 at 3:27 PM ⓘ

Follow this podcast in the Metacast mobile app to refresh it and see new episodes.

Follow on

Apple Podcasts

Spotify

RSS

Podcasts are better in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

Root Causes 510: Introducing the GoML Browser

We discuss Jason's code vibing journey to create the Get Off My Lawn! (GoTM) browser. We discuss SSL certificate information, EV indicators, and cookie handling.

Jun 26, 2025•10 min

Root Causes 509: What Is a CPS?

We define CPS (Certificate Practices Statement) and explain the role it plays in both the WebPKI and private CAs.

Jun 25, 2025•8 min

Root Causes 508: What Is Code Vibing?

"Code vibing" is using generative AI to create or improve working code. We share Jason's adventure using code vibing to create his own web browser.

Jun 23, 2025•18 min

Root Causes 507: First Distrust of 2025

The first CA distrust event of 2025 comes with two simultaneous CA distrusts. We give you the details.

Jun 19, 2025•10 min

Root Causes 506: Recap of CABF Face-to-face #65

For the first time ever, Jason and I record an episode from the floor of the CA/Browser Forum face-to-face meeting. We recap the themes of this meeting, and Jason gives his first impressions of a CABF Face-to-face.

Jun 17, 2025•9 min

Root Causes 505: Trust Now, Forge Later

In this episode we explain the potential for future quantum computers to break files signed today with RSA or ECC, called "Trust now, forge later."

Jun 13, 2025•11 min

Root Causes 504: Jason Programs a Quantum Computer

Jason describes his recent experience using Amazon Braket.

Jun 10, 2025•18 min

Root Causes 502: The PQC Game of Chicken

In this episode Jason explains the fallacy of "playing chicken" with the Quantum Apocalypse. We discuss stack ranking and "eyes open" PQC risk decisions.

Jun 04, 2025•11 min

Root Causes 501: Why Increasing RSA Key Size Won't Solve the Quantum Problem

In this brief episode we explain why the problem that Shor's Algorithm poses to RSA and ECC can't be solved simply by increasing key size.

Jun 02, 2025•4 min

Root Causes 500: OMG! 500 Episodes of Root Causes!

Wow. It's episode 500 of Root Causes. Jason and Tim talk about how the podcast has evolved in the past six years, how it remains consistent, and the updates we're making to keep being a valuable resource for our listeners.

May 29, 2025•21 min

Root Causes 499: Don't Blame Signal

The recent Signal controversy highlights the importance of understanding what protections an E2EE messaging app provides, and what it does not.

May 27, 2025•9 min

Root Causes 498: UK NCSC PQC Guidance

The UK National Cyber Security Centre (NCSC) has released new PQC guidance. We take exception to the dates it gives and explain why.

May 23, 2025•16 min

Root Causes 497: PQC Update with Sofia Celi

Guest Sofia Celi (IETF, Brave) returns to talk about important developments in post quantum cryptography. Sofia tells us about her candidate algorithm MAYO and what is happening with the NIST PQC onramp. We learn about KEM TLS and the status of PQC initiatives in IETF.

May 21, 2025•20 min

Root Causes 496: E2EE Gmail

Gmail is now end-to-end encrypted for all recipients, regardless of the receiving client. We explain how Gmail accomplishes this trick.

May 18, 2025•12 min

Root Causes 495: Trust Models and Post Quantum Cryptography

We build on our Trust Models discussion to explore how organizations can structure their PKI for the transition to post quantum cryptography (PQC).

May 16, 2025•7 min

Root Causes 494: Introduction to Trust Models

We explain the basics of trust models and compare various models including WebPKI, private CA, and consortium models.

May 13, 2025•21 min

Root Causes 493: Disentangling Public and Private Certificate Use Cases

Changing root store requirements mean CAs must separate their root hierarchies for different certificate types. We explain why enterprises should consider private CA for some use cases.

May 07, 2025•12 min

Root Causes 492: When Mandatory Security Training Sucks

In this episode we get excited about errors we see in mandatory security trainings.

May 06, 2025•20 min

Root Causes 491: RSA's Non-quantum Threat

We are rejoined by Dr. Michele Mosca to explore the potential threat of RSA being broken even in the absence of a quantum computing attack.

May 01, 2025•32 min

Root Causes 490: Chrome and Chromium

We define Chrome versus Chromium, explaining what each is and the difference between the two.

Apr 28, 2025•10 min

Root Causes 489: Does AI Nullify E2EE?

Does AI kill end-to-end encryption? There is a contention that the presence of AI agents in the workstream will render your confidential information visible outside the encrypted communication channels and therefore that E2EE is pointless. We explore this argument.

Apr 24, 2025•12 min

Root Causes 488: CABF Face-to-Face Meeting Update

We explain the major news items from the most recent CA/Browser Forum face-to-face meeting in Tokyo. Topics include MPIC, 47-day certificate term, and Temporary Restraining Orders.

Apr 22, 2025•6 min

Root Causes 487: Security 2030

Jason and I take a peek forward at what we imagine IT security looks like in 2030. Topics include PQC, ZTNA, "green zones," deep fakes, IoT, connected cars, agentic AI, blockchain, and CLM.

Apr 16, 2025•47 min

Root Causes 486: 47-day Maximum Term Ballot Passes CABF

Apple's ballot to step the maximum term for public SSL certificates down to 47 days has passed in the CA/Browser Forum. We explain.

Apr 14, 2025•11 min

Root Causes 485: What Is Open MPIC?

Guest Dmitry Sharkov joins us to describe Open MPIC, the open-source project to help public CAs support MPIC.

Apr 13, 2025•20 min

Root Causes 484: Multi Good Factor Authentication

We define multi good factor authentication, which is the idea that not all authentication factors are equal. We discuss the importance of considering authentication strength and the contextual nature of trust.

Apr 09, 2025•13 min

Root Causes 483: Introducing the PQC Sandbox

We are joined by repeat guest Bruno Coulliard of Crypto4A to introduce Sectigo's new post quantum cryptography (PQC) sandbox. The PQC sandbox allows you to get quantum resistant certificates in your hands to understand how they work with your systems.

Apr 07, 2025•23 min

Root Causes 482: Microsoft and PQC

In this episode we explore the potential PQC future for Microsoft Active Directory Certificate Services, aka MSCA. We discuss potential paths for Microsoft to take and their consequences.

Apr 02, 2025•15 min

Root Causes 481: What Is Protocol Ossification?

Protocol ossification is the phenomenon whereby ecosystems fail to work correctly with the full range of options included in a protocol. This occurs when individual software components only partially support the capabilities that should be available. We define protocol ossification, explain how and why it occurs, give real world examples, and talk about potential remedies.

Mar 31, 2025•12 min

Root Causes 480: White House PQC Executive Order

Many people believe that the Trump White House rescinded an important cybersecurity executive order from late days of the Biden administration. We set the record straight.

Mar 24, 2025•10 min

For the best experience, listen in Metacast app for iOS or Android