Root Causes: A PKI and Security Podcast

Tim Callan and Jason Soroko•soundcloud.com

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.

Last refreshed: June 28th, 2025 at 3:27 PM ⓘ

Follow this podcast in the Metacast mobile app to refresh it and see new episodes.

Follow on

Apple Podcasts

Spotify

RSS

Podcasts are better in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

Root Causes 449: What Is a Quantum-safe HSM?

Repeat guest Bruno Coulliard of Crypto4A joins us to define a quantum-safe (or PQC enabled) hardware security module.

Dec 18, 2024•24 min

Root Causes 448: The Privilege of Being a Public CA

We go over Tim's September 2024 keynote speech at ENISA CA Day, "The Privilege of Being a Public CA."

Dec 17, 2024•26 min

Root Causes 447: NIST Deprecates RSA-2048 and ECC 256

As part of its post-quantum cryptography (PQC) initiative NIST has released a draft deprecating RSA-2048 and ECC 256 by 2030 and disallowing them by 2035. We get into the details.

Dec 13, 2024•14 min

Root Causes 446: Sectigo Assumes Five CABF Offices

Tim has stepped into the position of vice-chair of the CA/Browse Forum, and Sectigo now holds five chair or vice-chair positions in that body. We explain how leadership is chosen, the offices Sectigo holds today, and some of our vision for CABF in the next two years.

Dec 12, 2024•13 min

Root Causes 445: Seven Reasons to Shorten Certificate Lifespans

We take a deep dive into the seven reasons shorter certificate lifespans are better.

Dec 09, 2024•28 min

Root Causes 444: What Happens to the WebPKI if Google Sells Chrome?

We discuss how a potential break of Chrome from Google would affect the WebPKI. We look at product changes, resourcing, post-quantum cryptography (PQC), innovation, moonshot initiatives, and other public CAs.

Dec 05, 2024•19 min

Root Causes 443: Is MSCA Going Away?

In this episode we discuss the challenges for enterprises using Microsoft Active Directory Certificate Services (ADCS).

Dec 01, 2024•13 min

Root Causes 442: Apple Proposal to Reduce SSL Lifespan Updated

Apple has published an updated draft to its proposal for shortening the lifespan of SSL certificates, including a final maximum term of 47 rather than 45 days. We explain.

Nov 25, 2024•22 min

Root Causes 441: New White House Initiative Targets BGP

A new White House initiative requires that federal agencies need to create plans to thwart BGP attacks. We discuss, including Resource PKI (RPKI) and Multi-Perspective Issuance Corroboration (MPIC).

Nov 22, 2024•15 min

Root Causes 440: Public Key Directories

We talk about public key directories and complicating factors such as Tailscale, VPN, TOR, Cloudflare, and Zero Trust.

Nov 18, 2024•13 min

Root Causes 439: PQC Onramp Narrowed Down to 15 Candidates

NIST has narrowed its PQC onramp contest to 15 candidates. We go over who remains and the makeup of the remaining candidates.

Nov 15, 2024•17 min

Root Causes 438: PQC Is an Existential Requirement

Repeat guest Bruno Couillard argues that cryptography is part of the foundational fabric of our lives and that the transition to PQC is an existential requirement.

Nov 12, 2024•28 min

Root Causes 437: Don't Blame the Linter

Linters are essential tools for maintaining quality of certificate issuance. Public open-source linters are available to help CAs assure compliance. As a result, CAs have begun attributing gaps in coverage by public linters as the root cause for misissuance events. We explain why this is faulty reasoning.

Nov 05, 2024•11 min

Root Causes 436: Formal Proofs

Formal proofs are critical to cryptography. We discuss how better processes and AI can accelerate formal proofs of cryptographic concepts.

Oct 29, 2024•10 min

Root Causes 435: The PQC "Q Day" Is Not That Simple

The PQC community likes to debate when crypto relevant quantum computers will be available, which is sometimes called "Q day." In this episode we explain how radically oversimplified this concept is and dive into the nuances of what a "cryptographically relevant quantum computer" really will be.

Oct 25, 2024•20 min

Root Causes 434: Did Researchers Break AES Using Quantum Annealing?

News reports claim Chinese researchers broke AES with a quantum annealing computer. We clarify the details and talk about the implications of this reported discovery.

Oct 22, 2024•12 min

Root Causes 433: Will AI Eat All the Electricity?

We explore the question of whether or not we have enough electricity to fuel AI's expected growth.

Oct 17, 2024•10 min

Root Causes 432: Apple Floats New Short-lived Certificate Proposal

Apple recently floated a draft CABF ballot for commentary that steps down maximum term for SSL certificates starting next year and eventually landing at 45 days in 2027. We share the details.

Oct 14, 2024•26 min

Root Causes 431: New Mozilla Proposal to Combat Delayed Revocation

Deliberate delay of mandatory revocations has plagued the WebPKI in 2024. A new proposed policy from Mozilla stands to eliminate most of this behavior. In this episode we go over the proposal and explain its potential consequences.

Oct 11, 2024•28 min

Root Causes 430: How Does a TLS Handshake Work?

In this episode we give a high-level explanation of what happens in a TLS 1.3 handshake and then discuss what will happen when PQC is included.

Oct 09, 2024•15 min

Root Causes 429: ServiceNow Outage Due to Expired Root Certificate

A ServiceNow private CA root expired, creating outages across hundreds of enterprises. We explain what appears to have gone on.

Oct 08, 2024•7 min

Root Causes 428: .MOBI Attack Puts WHOIS-based DCV into Question

White hat researchers managed to take over WHOIS for the .mobi TLD. Among other things, this discovery foretells the death of WHOIS as a valid email source for Domain Control Validation (DCV).

Oct 04, 2024•17 min

Root Causes 427: Mapping CLM to NIST CSF 2.0

In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.

Oct 01, 2024•16 min

Root Causes 426: Expired Certificate Takes Down Bank of England

A certificate expiration is now known to have created July's outage of Bank of England. Join us as we shake our heads in amazement yet again.

Sep 30, 2024•8 min

Root Causes 425: PQC Requirements for Voting Systems

In honor of the upcoming US elections, we describe the six main requirements for a post-quantum voting system.

Sep 27, 2024•11 min

Root Causes 424: Using LoRA IoT Protocol for Clandestine Communications

In this episode we describe the LoRA protocol, which allows IoT devices to communicate securely without using a cellular network, and how it can be used for secret communications.

Sep 25, 2024•12 min

Root Causes 423: Is a Certificate Software or a Service?

In this episode we discuss the dual nature of a public certificate as both a file and part of a holistic service that lasts until its expiration. We discuss revocation checking, CT logging, GAAP accounting, linters, certificate tracking tools, Certificate Lifecycle Management, standards bodies, post-quantum cryptography, and subscription models.

Sep 20, 2024•18 min

← Prev Next →

For the best experience, listen in Metacast app for iOS or Android