Regular followers of this podcast hear a great deal about SSL, the CA/Browser Forum, and the standards governing public SSL. But SSL is not the only regulated type of public digital certificate. There are also things like S/MIME, eIDAS, code signing, document signing, and SSH certificates. In this episode our hosts discuss these "other" certificate types and the rules and regulations governing them.
In this episode our hosts go through the various ways in which cryptocurrency can be stolen or lost, including private key compromise, security failures at cryptocurrency brokers, and theft of login credentials. Our hosts also discuss how manipulation of the public ledger could also lead to unfair distribution of cryptocurrency value.
A hot, new topic in the identity space is passwordless. Join our hosts as they explain credential form factors and offer a specific definition of passwordless, including the difference between PINs and passwords.
Sectigo is implementing an important change to its public-facing SSL certificate business, which we call State-Locality Exclusivity. This change removes a the localityName field, a very common field in SSL certificates. In this episode our hosts explain what the localityName field is, why we are removing it, and how this change is to the benefit of SSL Subscribers and Relying Parties.
Linters have been a standard programming tool for more than four decades. This venerable coding tool has recently taken on new significant in the world of public certificates. In this episode our hosts explain linters and how they are applied to SSL certificates.
Microsoft has announced that its upcoming Windows 11 release will require TPM 2.0 support at a minimum. TPM 2.0 enables more modern hashing and encryption algorithms than previous versions. Our hosts discuss the implications of this announcement.
Whitelisting and blocklisting are tried and true elements of the computer industry. In this episode our hosts define whitelisting and blocklisting and the pros and cons of either, with lots of examples from the real world. We discuss fuzzy entities, the scaling problem, layered defenses, and the trouble with active attackers.
If you have paid any attention at all to popular media in the past few months, you will have heard about non-fungible tokens, or NFTs. NFTs are a method of uniquely identifying a digital asset using blockchain technology, and they are big news in the art and media world. Join our hosts as they explain the difference between fungible and non-fungible tokens, how NFTs work, and the significance of publicly asserting ownership for digital files.
Today our hosts explore an esoteric but important error in public certificates that we call the off-by-one-second problem. We explain this problem, how it occurs, and its broader implications.
In celebration of Canada Day, our hosts discuss why Canada in particular offers a disproportionately large contribution to cryptography. We examine historic reasons and the real-world consequences of Canada being a center for cryptographic excellence.
In the developing story of the Colonial pipeline ransomware attack, the FBI recently recovered the ransom money, which had been paid in Bitcoin. In this episode we talk about how this recovery might have occurred.
In our technology discussions we frequently run into confusion about the relationship between electronic document signing and digital document signing. Despite the similarity in names, they are entirely different technological approaches to providing trustworthy electronic signed documents. In this episode we explain the two terms, their distinct definitions, and some of the pros and cons of each approach.
The recent ransomware attack against the Colonial pipeline has captured the news cycles in recent weeks. In this first episode of two our hosts begin to unpack what it known about this attack and how digital identity and PKI fit in.
Of all aspects of public SSL certificates, few are as controversial as the OU field. Standing for Organizational Unit, this field is beloved by a few enterprises and hated by security watchers. It's also under fire in the CA/Browser Forum. Join our hosts as they explain the history of the OU field and why it's an industry flashpoint, including their predictions for the future of the OU field.
In our ongoing examination of blockchain, we define proof of work and proof of stake as consensus algorithms for updating the public ledger. We explain their differences and get into the problems with proof of work and the reasons proof of stake is emerging as a promising new consensus algorithm. We touch on the consequences of these algorithms on other aspects of society as well.
In our ongoing series of episodes on MFA, we explore the plusses and minuses of out-of-band phone calling. Our hosts explain how this form of MFA works, what attacks it defends against successfully, and what attacks can circumvent it.
PKI stands for Public Key Infrastructure. In this episode we focus on the word infrastructure. Our hosts discuss the key qualities of credential form factors, how they are separate and distinct from the infrastructure surrounding them, and the minimum capabilities necessary to refer to a public-private key system as PKI.
In a recent interview Tim Cook took a strong stance against application sideloading as a danger to mobile devices. In this episode we explain sideloading, its potential dangers, and the underlying motivators behind the sideloading debate.
If you pay attention to blockchain and crypto currency, you are sure to hear the phrase consensus algorithm. This concept is fundamental to distributed trust systems like blockchain. In this episode our hosts explain consensus, proof of work, and the Byzantine Generals problem.
A new academic paper has described how a purpose-built quantum computer could break RSA encryption in fewer qbits than commonly are thought necessary possible. In this episode our hosts summarize the basic argument in this highly technical paper and its potential implications on the Quantum Apocalypse.
The CEO of Sky Global, a provider of encrypted data devices and services, has been indicted on RICO charges related to drug trafficking and money laundering. Our hosts discuss this highly unusual development and where it fits into the ongoing battle between law enforcement and encryption technology.
The ongoing Microsoft Exchange vulnerability is huge news in the IT world. In this episode our hosts discuss the reasons why on-premises services might present greater risk than providing the same capabilities in the cloud.
A recently published study of public revocation information takes a numerical approach to revocation behavior from CAs. Our hosts give their first take on this paper and the idea of "revocation transparency."
In the summer of 2019 the Kazakh government attempted to force its citizens to trust its private root, enabling MITM attacks for a variety of potentially nefarious purposes. A recent research paper goes into previously unknown detail about who was targeted and how the regime sought to abuse this short-lived exploit.
In this episode we explore the relationship between Relying Parties (aka users of online services) and Certificate Subscribers (aka providers of these services). We discuss the common attitude that certificate requirements that negatively impact Subscribers are inconsequential. We explain the downstream effects of certificate incidents and why unthinkingly forcing rules on service providers without considering the full consequences is detrimental to everyone.
A recently published paper by a reputable German mathematician and cryptographer has garnered widespread attention for its claim to have destroyed the RSA algorithm. However, many people are skeptical. Join us as we discuss the paper's content, the proposed methodology, and the public discussion it has generated.
Trust models in multi-vendor environments can be particularly tricky. We are joined once again by Tom Tansy, Chairman of the SunSpec Alliance for a deep dive in the challenges and best practices in maintaining trusted roots in complex, global supply chain ecosystems.
The SunSpec Alliance is an important source of standards for clean energy infrastructure including solar and electric vehicles. To protect our electrical infrastructure and ensure proper functioning, digital identity and certificates are a necessity. Join us and guest Tom Tansy as we discuss how SunSpec employs PKI to this end.
Rustls is an important emerging alternative to OpenSSL. In this episode we discuss the Rust programming language and the implications of the fact that is was designed with security in mind from the ground up. This includes how Rustls is protected against attack vectors that have been effective in the past, including Heartbleed. Join us to learn more.
Recent news of the discovery of abandoned Enigma machines on the ocean floor inspires our hosts to discuss history's most famous code system, how it was broken, and how that relates to cryptography today.
