Root Causes: A PKI and Security Podcast
Episodes
Root Causes 624: Implications of Mythos
03 Jun 2026
Contributed by Lukas
Anthropic has delayed its widespread release of Mythos to give major software providers a chance to close off the many vulnerabilities it has discover...
Root Causes 623: Are PQC Key Sized Big Enough?
01 Jun 2026
Contributed by Lukas
We discuss the possibility that our standardized ML-DSA keys turn out to be too short for true confidence, why that might occur, and the implications ...
Root Causes 622: Modeling the Time to CRQC
29 May 2026
Contributed by Lukas
Sam Jaques joins us to explain his much-referenced chart mapping progress toward cryptographically relevant quantum computing (CRQC).
Root Causes 621: Simplicity at Scale
26 May 2026
Contributed by Lukas
We break down the phrase "Simplicity at Scale" to see what it means to us in the context of CAs and CLM.
Root Causes 620: Will NIST Update Its PQC Timelines?
22 May 2026
Contributed by Lukas
A few years ago NIST proposed deadlines for PQC deployment at 2030 and 2035. But recent announcements from Google and Cloudflare suggest 2029 as a bet...
Root Causes 619: Do We All Need to Adopt PQC by 2029?
18 May 2026
Contributed by Lukas
Recent announcements from Google and Cloudflare have declared new 2029 deadlines for full post quantum cryptography (PQC) migration. Bas Westerbaan e...
Root Causes 618: MTC and Private PKI
15 May 2026
Contributed by Lukas
Repeat guest Bas Westerbaan of Cloudflare joins us to explore the role of Merkle Tree Certificates in private CA scenarios with an eye toward where th...
Root Causes 617: What Are X9 Certificates?
13 May 2026
Contributed by Lukas
The US-based X9 financial industry consortium has created a server certificate. We explain what X9 certificates are and suitable use cases for this c...
Root Causes 616: NIST and Merkle Tree Certificates
11 May 2026
Contributed by Lukas
Dustin Moody of NIST joins us to discuss Merkle Tree Certificates (MTC) and the NIST position on them.
Root Causes 615: What Is IETF PLANTS?
08 May 2026
Contributed by Lukas
Repeat guest Bas Westerbaan of Cloudflare joins us to explain the PLANTS working group in IETF, which is driving standards around post quantum cryptog...
Root Causes 614: MTC and Downgrade Attacks
06 May 2026
Contributed by Lukas
It's reasonable to believe that Merkle Tree Certificates (MTC) and traditional RSA will co-exist on the same servers for years, if not decades, during...
Root Causes 613: Status of the NIST PQC Contests
04 May 2026
Contributed by Lukas
We are joined by Dustin Moody of NIST to go over the current state of the various post quantum cryptography (PQC) contests, including upcoming FIPS st...
Root Causes 612: What Do Subscribers Need for MTC?
01 May 2026
Contributed by Lukas
We are joined by Bas Westerbaan of Cloudflare to explain considerations and requirements for use of Merkle Tree Certificates (MTC). This includes full...
Root Causes 611: Merkle Tree Certificates, What and Why
29 Apr 2026
Contributed by Lukas
There are strong reasons to believe that the architecture of PQC TLS will take the form of Merkle Tree Certificates (MTC). We are joined by post quant...
Root Causes 610: Types of Logical Qubits
27 Apr 2026
Contributed by Lukas
We describe three different kinds of logical qubits with their relative strengths and weaknesses.
Root Causes 609: Side Channel Apocalypse
24 Apr 2026
Contributed by Lukas
Jason explains the extreme danger of side channel attacks in the new post quantum cryptography (PQC) era.
Root Causes 608: The Fragility of Formal Verification
22 Apr 2026
Contributed by Lukas
The reliability of cryptographic algorithms is largely a matter of conjecture based on track record. Proving security is impaired by the difficulty of...
Root Causes 607: PKI That's Hard to Discover
20 Apr 2026
Contributed by Lukas
The first of the five pillars of Certificate Lifecycle Management (CLM) is discovery. While many of your certificates are easily discoverable, some d...
Root Causes 606: What Is the UK Online Safety Act?
17 Apr 2026
Contributed by Lukas
The UK Online Safety Act intends to force vendors who sell hardware and software to allow the government to scan end-to-end encrypted communication on...
Root Causes 605: Chrome Declares Its Support for Merkle Tree Certificates (MTC)
15 Apr 2026
Contributed by Lukas
Google has taken a strong position supporting Merkle Tree Certificates (MTC) as the PQC-enabled future for SSL / TLS. We unpack this extremely importa...
Root Causes 604: Accelerated Timeline for Quantum Computers Breaking ECC in Crypto and Blockchain
13 Apr 2026
Contributed by Lukas
A new paper from Google Quantum AI and others documents a new technique for breaking ECC, particularly the curve protecting crypto currencies, smart c...
Root Causes 603: Cryptographically Relevant Quantum Computing (CRQC) with Only 10,000 Qubits
10 Apr 2026
Contributed by Lukas
New research suggests that a cryptographically relevant quantum computer is achievable with only 10,000 qubits. This was an important contributor to G...
Root Causes 602: Google Moves the PQC Date Forward to 2029
08 Apr 2026
Contributed by Lukas
Google has announced that it is moving its target for full PQC support to 2029. This is a strong statement from one of the most knowledgeable PQC tec...
Root Causes 601: The Zombie in the Server Room
06 Apr 2026
Contributed by Lukas
Legacy PKI implementations in the enterprise are holding back technical progress and creating security risk. We discuss reasons why, consequences, an...
Root Causes 600: Cryptographic Design Is Not Neutral
03 Apr 2026
Contributed by Lukas
In our previous episode we defined cryptography as the new geopolitics. Now in our 600th episode we follow up to explain how all cryptographic decisi...
Root Causes 599: Cryptography Is the New Geopolitics
01 Apr 2026
Contributed by Lukas
In the last decade or so, nations around the world have become keenly determined to use cryptography for their own legal, economic, and military advan...
Root Causes 598: Why Johnny Can't authN in OT
30 Mar 2026
Contributed by Lukas
A recent CISA report declares that the nation's OT infrastructure is incapable of keeping up with the crypto agility and certificate management needs ...
Root Causes 597: If You Don't Hold the Keys, You Don't Hold the Subpoenas
27 Mar 2026
Contributed by Lukas
Microsoft has publicly stated that it will hand over Bitlocker keys to US law enforcement agencies without requiring a subpoena or court order. These ...
Root Causes 596: CLM and Operational Uptime
25 Mar 2026
Contributed by Lukas
We usually think of Certificate Lifecycle Management (CLM) as a security category. But we could equally well categorize it as an operations category t...
Root Causes 595: What Is a Digital Parasite?
23 Mar 2026
Contributed by Lukas
We introduce the concept of a "digital parasite," explaining why this attack philosophy appears to be on the rise.
Root Causes 594: Google's Five PQC Recommendations for Policy Makers
18 Mar 2026
Contributed by Lukas
In a recent blog post Google made five recommendations for policy makers. We walk down the list.
Root Causes 592: When a CAA Record Outlives the CA
13 Mar 2026
Contributed by Lukas
CAA records exist to restrict issuing CAs for a given domain to as few as one CA. But what happens when the CAA record outlives the CA to which it res...
Root Causes 593: New PQC Guidance from CISA
11 Mar 2026
Contributed by Lukas
Root Causes 591: Client Authentication Deprecation Date Moves Out
11 Mar 2026
Contributed by Lukas
Root Causes 590: The Size of the CA Is Not the Size of the Risk
10 Mar 2026
Contributed by Lukas
It would be easy to believe that the amount of risk posed to the WebPKI by any individual public CA is somehow proportional to the number of active ce...
Root Causes 589: Is a Cryptographically Relevant Quantum Computer Economically Viable?
06 Mar 2026
Contributed by Lukas
We recently heard the argument that it's simply too expensive to develop a cryptographically relevant quantum computer. We vehemently disagree. In thi...
Root Causes 588: It's Cryptographic Frogger from Here on Out
04 Mar 2026
Contributed by Lukas
In this episode Tim explains that the transition to PQC is not just a change in cryptographic algorithms but also a fundamental shift in how we treat ...
Root Causes 587: AI Orchestration for Attackers
02 Mar 2026
Contributed by Lukas
Jason describes a recent intrusion almost entirely operated by off-the-shelf AI tools. This is an important milestone in security. We describe its p...
Root Causes 586: Beyond Harvest Now Decrypt Later
27 Feb 2026
Contributed by Lukas
We expand on the concept of trust-now-forge-later to list a whole bevy of additional attacks that eventually will be enabled by cryptographically rele...
Root Causes 585: The Cryptographic Inventory Manifesto
25 Feb 2026
Contributed by Lukas
We all love a good manifesto! Jason spells out the ten principles of the Cryptographic Inventory Manifesto, and we discuss.
Root Causes 585: The Cryptographic Inventory Manifesto
24 Feb 2026
Contributed by Lukas
We all love a good manifesto! Jason spells out the ten principles of the Cryptographic Inventory Manifesto, and we discuss.
Root Causes 584: Mapping DORA to CLM
23 Feb 2026
Contributed by Lukas
We look at the new European DORA and NIS2 regulations and how Certificate Lifecycle Management is a key requirement to meet these requirements. You w...
Root Causes 584: Mapping DORA to CLM
23 Feb 2026
Contributed by Lukas
We look at the new European DORA and NIS2 regulations and how Certificate Lifecycle Management is a key requirement to meet these requirements. You wi...
Root Causes 583: AI Versus ECC P 256
21 Feb 2026
Contributed by Lukas
In an innovative application, an AI has been used to find private keys for ECC (Elliptic Curve Cryptography) P 256. We explain how.
Root Causes 583: AI Versus ECC P 256
20 Feb 2026
Contributed by Lukas
Recorded in Ottawa Ontario.
Root Causes 582: New Research Drastically Cuts Number of Qubits for Cryptographic Relevance
17 Feb 2026
Contributed by Lukas
New research indicates that the number of qubits necessary to achieve cryptographic relevance has reduced by two orders of magnitude. We cover this b...
Root Causes 581: A Timeline for Deprecation of Manual DCV Methods
15 Feb 2026
Contributed by Lukas
By CABF ballot all manual methods of Domain Control Validation (DCV) will be deprecated by 2028. We explain which methods are due for deprecation and...
Root Causes 580: Top Use Cases for Hybrid Certificates
13 Feb 2026
Contributed by Lukas
We go over the qualities in abstract of a use case that strongly invites the use of hybrid certificates and then run down a list of specific use cases...
Root Causes 579: Make Cryptography Boring Again
10 Feb 2026
Contributed by Lukas
In this episode Jason declares that we must make cryptography boring again. We get into what that means and why it matters.
Root Causes 578: 200 Days Won't Actually Be 200 Days
09 Feb 2026
Contributed by Lukas
We have seen much talk of the upcoming drop of maximum TLS term to 200 days, followed by 100 days, and eventually down to 47 days. It happens that al...
Root Causes 577: All the Stuff That's Coming in March
06 Feb 2026
Contributed by Lukas
March 2026 is due to be the most eventful month in the history of the WebPKI. Join us as we go over all the many changes coming next month.
Root Causes 576: Jeffries Dumps Bitcoin Due to the Quantum Threat
04 Feb 2026
Contributed by Lukas
A large investment firm divests from Bitcoin for fear of the quantum threat.
Root Causes 575: Shortening Certificate Term - All the Dates
02 Feb 2026
Contributed by Lukas
Everybody knows about March 15 and the drop in maximum public TLS certificate term to 200 days. But that only scratches the surface on key dates with...
Root Causes 574: 2025 Predictions Scorecard - Part 2
30 Jan 2026
Contributed by Lukas
We score our 2025 predictions in this second of two parts.
Root Causes 573: 2025 Predictions Scorecard - Part 1
28 Jan 2026
Contributed by Lukas
Every new year we make predictions for the year to come, and every year we go back and see how we did. This is the first of two parts scoring our 202...
Root Causes 572: Quality of Entropy
26 Jan 2026
Contributed by Lukas
We discuss the idea that not all cryptographic entropy is equally "random" and potential consequences.
Root Causes 571: Will There Ever Be a Cryptographically Relevant Quantum Computer?
23 Jan 2026
Contributed by Lukas
We discuss the idea that it might be impossible to actually create a cryptographically relevant quantum computer and weigh in on this idea.
Root Causes 570: PQC Readiness at the Boardroom Level
21 Jan 2026
Contributed by Lukas
Repeat guest Chris McGrath shares what enterprises need to be doing now to stay on track for the NIST PQC deadline in 2030.
Root Causes 569: New Regulations Are Changing the PKI Landscape
19 Jan 2026
Contributed by Lukas
Repeat guest Chris McGrath joins us to discuss how increasingly strict regulations are requiring increased rigor, visibility, and auditability for ent...
Root Causes 568: Upping Your Certificate Game for Better Security
16 Jan 2026
Contributed by Lukas
Senior cyber security advisor Chris McGrath joins us to discuss redefining digital certificates and their role in your organizational security profile...
Root Causes 567: Top 10 PQC Laggards in the Enterprise
14 Jan 2026
Contributed by Lukas
We name the ten enterprise environments and use cases that are most likely to be late adopters of post quantum cryptography (PQC).
Root Causes 566: Time Is a Security Primitive
12 Jan 2026
Contributed by Lukas
We discuss the foundational importance of time in PKI and security in general. This includes when things happen, the order in which things happen, and...
Root Causes 565: Our Response to QWAC Arguments - Part 3
09 Jan 2026
Contributed by Lukas
In our concluding episode on the topic, we scrutinize arguments make for and against QWACs, this time focused on "compliance and interoperability."
Root Causes 564: Our Response to QWAC Arguments - Part 2
07 Jan 2026
Contributed by Lukas
In our second of three episodes on the topic, we scrutinize arguments make for and against QWAKs, this time focused on "governance and sovereignty."
Root Causes 563: Our Response to QWAC Arguments - Part 1
05 Jan 2026
Contributed by Lukas
As a follow up to our episode 546, we break down the first of three sets of arguments about QWACs and examine their level of validity.
Root Causes 562 : What Is a Side Oracle Attack?
30 Dec 2025
Contributed by Lukas
You may have heard of side channel attacks. Now Jason explains what a side oracle attack is and how a side oracle attack in conjunction with AI could ...
Root Causes 561: What Is Classic McEliece?
23 Dec 2025
Contributed by Lukas
One of the NIST Round 3 PQC finalists that was never selected or eliminated is Classic McEliece. In this episode we explain in non-math terms how this...
Root Causes 560: AI in 1000 Days - Small Language Models
18 Dec 2025
Contributed by Lukas
Continuing our examination of AI in 1000 days, we discuss the use of finely tuned small language models for highly specific use cases.
Root Causes 559: AI 1000 days - Content Quality
17 Dec 2025
Contributed by Lukas
We discuss what happens when the quality gap between AI-generated and human-generated content drops to zero. We explore the consequences of this inev...
Root Causes 558: AI in 1000 days - Human-in-the-loop Economy
15 Dec 2025
Contributed by Lukas
In our ongoing series on what AI will look like in 1000 days, we discuss the spread of a new business process, where AIs do the bulk of the work while...
Root Causes 557: Top 5 PQC Laggards
12 Dec 2025
Contributed by Lukas
Following up on our list of top 5 PQC vanguards, in this episode we detail the top 5 PQC laggards.
Root Causes 556: Top 5 PQC Vanguards
10 Dec 2025
Contributed by Lukas
We describe the top five technology categories that are on the vanguard of driving PQC adoption. We describe what these categories have in common and...
Root Causes 555: Perpretrators of Rogue Certificates
08 Dec 2025
Contributed by Lukas
We detail the top ten groups inside the organization who introduce rogue certificates into IT organizations.
Root Causes 554: Disentangling Quantum
05 Dec 2025
Contributed by Lukas
Tech watchers tend to conflate the many quantum technologies under development right now. In this episode we go through these technologies and expla...
Root Causes 553: Connecting Quantum Clocks to Cryptography
03 Dec 2025
Contributed by Lukas
We discuss quantum clocks and their potential role in cryptography.
Root Causes 552: 2026 Predictions
01 Dec 2025
Contributed by Lukas
We share our PKI predictions for 2026. Topics include PQC, eIDAS 2, CT logging, ACME, passkeys, CA distrust, AI model poisoning, and new attack vector...
Root Causes 551: PKI in a Swarm at 50 mph
24 Nov 2025
Contributed by Lukas
Jason explores the role cryptography and trust systems play in the command and control of groups of autonomous drone systems.
Root Causes 550: WebPKI Certificate Lifespan - How Low Can You Go?
21 Nov 2025
Contributed by Lukas
Certificate maximum term is shrinking. In this episode we examine exactly how short they could get.
Root Causes 549: AI 1000 Days from Now - the Defeat of Voice Authentication
19 Nov 2025
Contributed by Lukas
In our ongoing series on AI in 1000 days, we describe the inevitable, complete distrust of voice printing as an authentication method, including why a...
Root Causes 548: AI 1000 Days from Now - Emotional Intelligence
17 Nov 2025
Contributed by Lukas
We begin a new series about what we expect from AI in the next three years. In this episode we discuss AI emulating emotional intelligence and its be...
Root Causes 547: Should We Do Mass Revocation Fire Drills?
14 Nov 2025
Contributed by Lukas
In this episode we discuss the value for enterprises in running mass revocation drills and compare the merits of tabletop exercises versus voluntary r...
Root Causes 546: New Research Codifies Arguments for and Against QWACs
11 Nov 2025
Contributed by Lukas
We are joined by guests Pol Holzmer and Johannes Sedlmeir to describe their recent research that documents and organizes public arguments made about Q...
Root Causes 545: What Is MOSH?
10 Nov 2025
Contributed by Lukas
The MOSH tool aids the use of SSH-secured sessions, especially across different systems. Jason unpacks the security of this system and how it uses enc...
Root Causes 543: AI Finds a Zero Day
05 Nov 2025
Contributed by Lukas
We have seen the first known instance of an AI tool discovering a zero-day vulnerability. This could have vast implications on vulnerability detectio...
Root Causes 544: What Is Chain of Lure?
05 Nov 2025
Contributed by Lukas
Chain of lure is an attack method used to circumvent restrictions and boundaries placed on AIs. Jason explains this attack and its implications.
Root Causes 542: Use Cases for HQC
02 Nov 2025
Contributed by Lukas
In this episode we go over some of the reasons one might choose HQC over ML-KEM as a PQC key exchange algorithm for specific circumstances. And we dis...
Root Causes 541: Introducing the HQC PQC Algorithm
31 Oct 2025
Contributed by Lukas
NIST recently selected a second Key Exchange Module (KEM) among the PQC algorithms, HQC. We explain this code-based algorithm.
Root Causes 540: Contextual CBOM
27 Oct 2025
Contributed by Lukas
We define Cryptographic Bill of Materials (CBOM), which is more than a list of your cryptography and where it is. A CBOM need also include information...
Root Causes 539: What Is the Two-QWAC Architecture?
22 Oct 2025
Contributed by Lukas
A new kind of eIDAS QWAC (Qualifieid Website Authentication Certificate) is on the way. The "two-QWAC architecture" introduces a second certificate co...
Root Causes 538: What Is an Entropy Desert?
20 Oct 2025
Contributed by Lukas
An environment in which credentials are extremely predictable could be described as an entropy desert. There are occurring at a global scale. We discu...
Root Causes 537: The Thermodynamics of Privacy
17 Oct 2025
Contributed by Lukas
In this episode we build on our concept of entropy-aware guidance to explain how we might quantify privacy. We touch on GDPR, proof of work, and Landa...
Root Causes 536: Patent Blocker on ML-KEM
15 Oct 2025
Contributed by Lukas
A patent dispute in 2024 nearly blocked ML-KEM. But emerging thinking raises concern that the 2024 resolution did not guarantee full, clear access to...
Root Causes 535: The CPS Is a Superset of Actual Practices
12 Oct 2025
Contributed by Lukas
The CPS must always be a superset of actual practices in a properly running CA. We explain why this is a product of good design.
Root Causes 534: Signing the Machines That Think
10 Oct 2025
Contributed by Lukas
Imagine what happens if you use the wrong LLM, including a malicious model placed there to create mischief or crime. How do you know? Jason proposes...
Root Causes 533: Flexibility Through Multi-CA Trust Models
07 Oct 2025
Contributed by Lukas
We discuss how a static PKI structure can hurt corporate flexibility and resilience. Events like reorgs and M&A activity can cause intractable problem...
Root Causes 532: Introducing Offline PKI
02 Oct 2025
Contributed by Lukas
In this episode, Jason describes how we might use the principles of PKI in a purely offline scenario.
Root Causes 531: Benefits of Single-purpose Root Hierarchies
01 Oct 2025
Contributed by Lukas
Public certificates are transitioning from multi-purpose root hierarchies to single-purpose ones. We discuss why.
Root Causes 530: Introducing the AI Iceberg
29 Sep 2025
Contributed by Lukas
We compare AI in 2025 to Internet in 1995 and describe the AI iceberg, including the majority of applications which are below the waterline.
Root Causes 529: What Is a Common Mark Certificate?
24 Sep 2025
Contributed by Lukas
Verified Mark Certificates (VMC) now have a companion product for logos that are not registered trademarks, called a Common Mark Certificate (CMC). We...
Root Causes 528: Misissued SSL Certificate for 1.1.1.1
17 Sep 2025
Contributed by Lukas
A CA has incorrectly issued TLS certificates for the 1.1.1.1 and 2.2.2.2 IP addresses. We go into the details.