Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Blog Pricing
Podcast Image

Root Causes: A PKI and Security Podcast

Technology Business Science

Activity Overview

Episode publication activity over the past year

Episodes

Showing 101-200 of 641
«« ← Prev Page 2 of 7 Next → »»

Root Causes 509: What Is a CPS?

25 Jun 2025

Contributed by Lukas

We define CPS (Certificate Practices Statement) and explain the role it plays in both the WebPKI and private CAs.

Root Causes 508: What Is Code Vibing?

23 Jun 2025

Contributed by Lukas

"Code vibing" is using generative AI to create or improve working code. We share Jason's adventure using code vibing to create his own web browser.

Root Causes 507: First Distrust of 2025

19 Jun 2025

Contributed by Lukas

The first CA distrust event of 2025 comes with two simultaneous CA distrusts. We give you the details.

Root Causes 506: Recap of CABF Face-to-face #65

17 Jun 2025

Contributed by Lukas

For the first time ever, Jason and I record an episode from the floor of the CA/Browser Forum face-to-face meeting. We recap the themes of this meeti...

Root Causes 505: Trust Now, Forge Later

13 Jun 2025

Contributed by Lukas

In this episode we explain the potential for future quantum computers to break files signed today with RSA or ECC, called "Trust now, forge later."

Root Causes 504: Jason Programs a Quantum Computer

10 Jun 2025

Contributed by Lukas

Jason describes his recent experience using Amazon Braket.

Root Causes 502: The PQC Game of Chicken

04 Jun 2025

Contributed by Lukas

In this episode Jason explains the fallacy of "playing chicken" with the Quantum Apocalypse. We discuss stack ranking and "eyes open" PQC risk decisi...

Root Causes 501: Why Increasing RSA Key Size Won't Solve the Quantum Problem

02 Jun 2025

Contributed by Lukas

In this brief episode we explain why the problem that Shor's Algorithm poses to RSA and ECC can't be solved simply by increasing key size.

Root Causes 500: OMG! 500 Episodes of Root Causes!

29 May 2025

Contributed by Lukas

Wow. It's episode 500 of Root Causes. Jason and Tim talk about how the podcast has evolved in the past six years, how it remains consistent, and the u...

Root Causes 499: Don't Blame Signal

27 May 2025

Contributed by Lukas

The recent Signal controversy highlights the importance of understanding what protections an E2EE messaging app provides, and what it does not.

Root Causes 498: UK NCSC PQC Guidance

23 May 2025

Contributed by Lukas

The UK National Cyber Security Centre (NCSC) has released new PQC guidance. We take exception to the dates it gives and explain why.

Root Causes 497: PQC Update with Sofia Celi

21 May 2025

Contributed by Lukas

Guest Sofia Celi (IETF, Brave) returns to talk about important developments in post quantum cryptography. Sofia tells us about her candidate algorithm...

Root Causes 496: E2EE Gmail

18 May 2025

Contributed by Lukas

Gmail is now end-to-end encrypted for all recipients, regardless of the receiving client. We explain how Gmail accomplishes this trick.

Root Causes 495: Trust Models and Post Quantum Cryptography

16 May 2025

Contributed by Lukas

We build on our Trust Models discussion to explore how organizations can structure their PKI for the transition to post quantum cryptography (PQC).

Root Causes 494: Introduction to Trust Models

13 May 2025

Contributed by Lukas

We explain the basics of trust models and compare various models including WebPKI, private CA, and consortium models.

Root Causes 493: Disentangling Public and Private Certificate Use Cases

07 May 2025

Contributed by Lukas

Changing root store requirements mean CAs must separate their root hierarchies for different certificate types. We explain why enterprises should cons...

Root Causes 492: When Mandatory Security Training Sucks

06 May 2025

Contributed by Lukas

In this episode we get excited about errors we see in mandatory security trainings.

Root Causes 491: RSA's Non-quantum Threat

01 May 2025

Contributed by Lukas

We are rejoined by Dr. Michele Mosca to explore the potential threat of RSA being broken even in the absence of a quantum computing attack.

Root Causes 490: Chrome and Chromium

28 Apr 2025

Contributed by Lukas

We define Chrome versus Chromium, explaining what each is and the difference between the two.

Root Causes 489: Does AI Nullify E2EE?

24 Apr 2025

Contributed by Lukas

Does AI kill end-to-end encryption? There is a contention that the presence of AI agents in the workstream will render your confidential information ...

Root Causes 488: CABF Face-to-Face Meeting Update

22 Apr 2025

Contributed by Lukas

We explain the major news items from the most recent CA/Browser Forum face-to-face meeting in Tokyo. Topics include MPIC, 47-day certificate term, and...

Root Causes 487: Security 2030

16 Apr 2025

Contributed by Lukas

Jason and I take a peek forward at what we imagine IT security looks like in 2030. Topics include PQC, ZTNA, "green zones," deep fakes, IoT, connecte...

Root Causes 486: 47-day Maximum Term Ballot Passes CABF

14 Apr 2025

Contributed by Lukas

Apple's ballot to step the maximum term for public SSL certificates down to 47 days has passed in the CA/Browser Forum. We explain.

Root Causes 485: What Is Open MPIC?

13 Apr 2025

Contributed by Lukas

Guest Dmitry Sharkov joins us to describe Open MPIC, the open-source project to help public CAs support MPIC.

Root Causes 484: Multi Good Factor Authentication

09 Apr 2025

Contributed by Lukas

We define multi good factor authentication, which is the idea that not all authentication factors are equal. We discuss the importance of considering ...

Root Causes 483: Introducing the PQC Sandbox

07 Apr 2025

Contributed by Lukas

We are joined by repeat guest Bruno Coulliard of Crypto4A to introduce Sectigo's new post quantum cryptography (PQC) sandbox. The PQC sandbox allows ...

Root Causes 482: Microsoft and PQC

02 Apr 2025

Contributed by Lukas

In this episode we explore the potential PQC future for Microsoft Active Directory Certificate Services, aka MSCA. We discuss potential paths for Mic...

Root Causes 481: What Is Protocol Ossification?

31 Mar 2025

Contributed by Lukas

Protocol ossification is the phenomenon whereby ecosystems fail to work correctly with the full range of options included in a protocol. This occurs ...

Root Causes 480: White House PQC Executive Order

24 Mar 2025

Contributed by Lukas

Many people believe that the Trump White House rescinded an important cybersecurity executive order from late days of the Biden administration. We se...

Root Causes 479: AI Adversarial Machine Learning

21 Mar 2025

Contributed by Lukas

In this episode we discuss the thinking on how adversaries can exploit the flaws in AI models to achieve unexpected and dangerous results. We explore...

Root Causes 478: Should We All Switch from RSA to ECC?

17 Mar 2025

Contributed by Lukas

RSA is under attack. Even without the quantum threat, we face the possibility of smart new exploits reducing the viable RSA key space and rendering i...

Root Causes 477: Comparative Security Philosophies

12 Mar 2025

Contributed by Lukas

We discuss how various popular computing platforms approach security and highlight the differences between them.

Root Causes 476: The Need for Security KPIs

10 Mar 2025

Contributed by Lukas

Jason recounts a 2024 Black Hat talk about the need for objective measurements of our IT defenses and whether the good guys or bad guys are winning. J...

Root Causes 475: Can Your AI Scheme Against You?

05 Mar 2025

Contributed by Lukas

It's the stuff of science fiction! Interesting research shows how today's AI technology is capable of lying to and scheming against its human owners i...

Root Causes 474: Explaining Shor's Algorithm

02 Mar 2025

Contributed by Lukas

We talk a lot about Shor's Algorithm in our discussion of post quantum cryptography (PQC). In this episode Jason explains Shor's algorithm for non-qua...

Root Causes 473: Does Security Software Lack Creativity?

28 Feb 2025

Contributed by Lukas

Jason reports on a 2024 Black Hat keynote about how modern software development practices inhibit innovation and invention.

Root Causes 472: AI Offensive Modeling

26 Feb 2025

Contributed by Lukas

AI tools are now available to perform red-teaming activity for DevSecOps. Such tools are soon to be table stakes in the constantly escalating IT secur...

Root Causes 471: ACME for PQC

23 Feb 2025

Contributed by Lukas

In this episode, guest Alexandre Giron explains what is needed to support post quantum cryptography (PQC) with ACME.

Root Causes 470: The MFA False Equivalency Fallacy

19 Feb 2025

Contributed by Lukas

Not all forms of MFA are equally secure. In this episode we describe the differences between the more secure and less secure forms of MFA.

Root Causes 469: The All or Nothing Fallacy in Cybersecurity

17 Feb 2025

Contributed by Lukas

In this episode we explain the all-or-nothing fallacy in cybersecurity and how it's affecting debate in the WebPKI right now.

Root Causes 468: UK Demands New Backdoor from Apple

14 Feb 2025

Contributed by Lukas

A new demand from the UK seeks complete access to all Apple cloud data housed in the UK, regardless of the data owners' citizenship and residency. We ...

Root Causes 467: Decoupling Public from Private Use Cases

12 Feb 2025

Contributed by Lukas

The past year has seen a great deal of focus on the use of public TLS certificates where private root certificates are actually the appropriate soluti...

Root Causes 466: Apple Moves 47-day Ballot to CABF Vote

09 Feb 2025

Contributed by Lukas

Apple is proceeding with a ballot that eventually will shorten SSL certificate maximum term to 47 days. Accompanying the ballot, Apple released a sta...

Root Causes 465: Twelve Bugzilla Sins for CAs to Avoid

07 Feb 2025

Contributed by Lukas

In the wake of the Bugzilla Bloodbath, we list and describe twelve sins CAs commit on Bugzilla and its like, why they're detrimental, and how CAs shou...

Root Causes 464: Defending Against Harvest and Decrypt

05 Feb 2025

Contributed by Lukas

Harvest and decrypt is a well-known attack vector against traditional cryptography prior to PQC. In this episode, we discuss what enterprises should b...

Root Causes 463: Cellular Networks Are Insecure

03 Feb 2025

Contributed by Lukas

In this episode we explain that all cellular networks, contrary to popular belief, are fundamentally insecure.

Root Causes 462: Crypto War 3.0

31 Jan 2025

Contributed by Lukas

In this episode we walk through the evolution of the war on cryptography, from the beginning up through today, terminating in what we call Crypto War ...

Root Causes 461: Sectigo Acquires Entrust Public CA Business

29 Jan 2025

Contributed by Lukas

Sectigo today announced the acquisition of the Entrust public CA business. Entrust will go forward as a Sectigo reseller. Join us to learn the details...

Root Causes 460: The State of PQC with Michele Mosca

28 Jan 2025

Contributed by Lukas

In this episode we are joined by Dr. Michela Mosca. We discuss his pioneering work identifying the need for post-quantum cryptography, where PQC stand...

Root Causes 459: 2024 Lookback - Shortening Certificate Lifespans & DCV

24 Jan 2025

Contributed by Lukas

2024 set in motion major changes for certificate lifespans and DCV. In this episode we discuss the Apple 47-day proposal, stepping down certificate t...

Root Causes 458: Apple Extends Entrust Distrust to SMIME and VMC

19 Jan 2025

Contributed by Lukas

Apple has added itself to the Entrust distrust and has extended this distrust to S/MIME and VMC. We explain.

Root Causes 457: 2024 Lookback - Guests

17 Jan 2025

Contributed by Lukas

We had a remarkable year on the Root Causes podcast in terms of our guests. We look back at the extremely expert guests we were lucky to talk about in...

Root Causes 456: 2024 Lookback - Bugzilla Bloodbath

14 Jan 2025

Contributed by Lukas

In this 2024 lookback episode, we give an overview of the firestorm of Bugzilla incidents that we refer to as the Bugzilla Bloodbath. The Bugzilla Blo...

Root Causes 455: PQC Standardization in IETF

08 Jan 2025

Contributed by Lukas

We talk with guest Sofia Celi of Brave Browser, who leads the IETF PQC standardization effort, about the process of setting standards for PQC-compatib...

Root Causes 454: 2024 Lookback - Post quantum cryptography (PQC)

02 Jan 2025

Contributed by Lukas

2024 was an eventful year for post quantum cryptography (PQC). This includes FIPS standards, the PQC onramp, and the dawn of widespread interest among...

Root Causes 453: It Turns Out Monkeys Couldn't Type Shakespeare After All

02 Jan 2025

Contributed by Lukas

The old adage states that a monkey in front of a keyboard, given enough time, could randomly type the works of Shakespeare. Apparently, someone ran th...

Root Causes 452: 2024 Predictions Scorecard

26 Dec 2024

Contributed by Lukas

We go over our predictions for 2024 and score our ability as prognosticators.

Root Causes 451: A Year in CABF Ballots

26 Dec 2024

Contributed by Lukas

It was a crazy year for CA/Browser Forum activity, with nearly three times the normal number of ballots. Guest Martijn Katerbarg goes over the 32 CAB...

Root Causes 450: 2025 Predictions

23 Dec 2024

Contributed by Lukas

We make our 2025 predictions. Topics include maximum certificate term, AI, post-quantum cryptography (PQC), deep fakes, and more.

Root Causes 449: What Is a Quantum-safe HSM?

18 Dec 2024

Contributed by Lukas

Repeat guest Bruno Coulliard of Crypto4A joins us to define a quantum-safe (or PQC enabled) hardware security module.

Root Causes 448: The Privilege of Being a Public CA

17 Dec 2024

Contributed by Lukas

We go over Tim's September 2024 keynote speech at ENISA CA Day, "The Privilege of Being a Public CA."

Root Causes 447: NIST Deprecates RSA-2048 and ECC 256

13 Dec 2024

Contributed by Lukas

As part of its post-quantum cryptography (PQC) initiative NIST has released a draft deprecating RSA-2048 and ECC 256 by 2030 and disallowing them by 2...

Root Causes 446: Sectigo Assumes Five CABF Offices

12 Dec 2024

Contributed by Lukas

Tim has stepped into the position of vice-chair of the CA/Browse Forum, and Sectigo now holds five chair or vice-chair positions in that body. We exp...

Root Causes 445: Seven Reasons to Shorten Certificate Lifespans

09 Dec 2024

Contributed by Lukas

We take a deep dive into the seven reasons shorter certificate lifespans are better.

Root Causes 444: What Happens to the WebPKI if Google Sells Chrome?

05 Dec 2024

Contributed by Lukas

We discuss how a potential break of Chrome from Google would affect the WebPKI. We look at product changes, resourcing, post-quantum cryptography (PQ...

Root Causes 443: Is MSCA Going Away?

01 Dec 2024

Contributed by Lukas

In this episode we discuss the challenges for enterprises using Microsoft Active Directory Certificate Services (ADCS).

Root Causes 442: Apple Proposal to Reduce SSL Lifespan Updated

25 Nov 2024

Contributed by Lukas

Apple has published an updated draft to its proposal for shortening the lifespan of SSL certificates, including a final maximum term of 47 rather than...

Root Causes 441: New White House Initiative Targets BGP

22 Nov 2024

Contributed by Lukas

A new White House initiative requires that federal agencies need to create plans to thwart BGP attacks. We discuss, including Resource PKI (RPKI) and ...

Root Causes 440: Public Key Directories

18 Nov 2024

Contributed by Lukas

We talk about public key directories and complicating factors such as Tailscale, VPN, TOR, Cloudflare, and Zero Trust.

Root Causes 439: PQC Onramp Narrowed Down to 15 Candidates

15 Nov 2024

Contributed by Lukas

NIST has narrowed its PQC onramp contest to 15 candidates. We go over who remains and the makeup of the remaining candidates.

Root Causes 438: PQC Is an Existential Requirement

12 Nov 2024

Contributed by Lukas

Repeat guest Bruno Couillard argues that cryptography is part of the foundational fabric of our lives and that the transition to PQC is an existential...

Root Causes 437: Don't Blame the Linter

05 Nov 2024

Contributed by Lukas

Linters are essential tools for maintaining quality of certificate issuance. Public open-source linters are available to help CAs assure compliance. A...

Root Causes 436: Formal Proofs

29 Oct 2024

Contributed by Lukas

Formal proofs are critical to cryptography. We discuss how better processes and AI can accelerate formal proofs of cryptographic concepts.

Root Causes 435: The PQC "Q Day" Is Not That Simple

25 Oct 2024

Contributed by Lukas

The PQC community likes to debate when crypto relevant quantum computers will be available, which is sometimes called "Q day." In this episode we expl...

Root Causes 434: Did Researchers Break AES Using Quantum Annealing?

22 Oct 2024

Contributed by Lukas

News reports claim Chinese researchers broke AES with a quantum annealing computer. We clarify the details and talk about the implications of this rep...

Root Causes 433: Will AI Eat All the Electricity?

17 Oct 2024

Contributed by Lukas

We explore the question of whether or not we have enough electricity to fuel AI's expected growth.

Root Causes 432: Apple Floats New Short-lived Certificate Proposal

14 Oct 2024

Contributed by Lukas

Apple recently floated a draft CABF ballot for commentary that steps down maximum term for SSL certificates starting next year and eventually landing ...

Root Causes 431: New Mozilla Proposal to Combat Delayed Revocation

11 Oct 2024

Contributed by Lukas

Deliberate delay of mandatory revocations has plagued the WebPKI in 2024. A new proposed policy from Mozilla stands to eliminate most of this behavior...

Root Causes 430: How Does a TLS Handshake Work?

09 Oct 2024

Contributed by Lukas

In this episode we give a high-level explanation of what happens in a TLS 1.3 handshake and then discuss what will happen when PQC is included.

Root Causes 429: ServiceNow Outage Due to Expired Root Certificate

08 Oct 2024

Contributed by Lukas

A ServiceNow private CA root expired, creating outages across hundreds of enterprises. We explain what appears to have gone on.

Root Causes 428: .MOBI Attack Puts WHOIS-based DCV into Question

04 Oct 2024

Contributed by Lukas

White hat researchers managed to take over WHOIS for the .mobi TLD. Among other things, this discovery foretells the death of WHOIS as a valid email s...

Root Causes 427: Mapping CLM to NIST CSF 2.0

01 Oct 2024

Contributed by Lukas

In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.

Root Causes 426: Expired Certificate Takes Down Bank of England

30 Sep 2024

Contributed by Lukas

A certificate expiration is now known to have created July's outage of Bank of England. Join us as we shake our heads in amazement yet again.

Root Causes 425: PQC Requirements for Voting Systems

27 Sep 2024

Contributed by Lukas

In honor of the upcoming US elections, we describe the six main requirements for a post-quantum voting system.

Root Causes 424: Using LoRA IoT Protocol for Clandestine Communications

25 Sep 2024

Contributed by Lukas

In this episode we describe the LoRA protocol, which allows IoT devices to communicate securely without using a cellular network, and how it can be us...

Root Causes 423: Is a Certificate Software or a Service?

20 Sep 2024

Contributed by Lukas

In this episode we discuss the dual nature of a public certificate as both a file and part of a holistic service that lasts until its expiration. We d...

Root Causes 422: New Date for Entrust Distrust

19 Sep 2024

Contributed by Lukas

The Chrome root program has changed the date for the Entrust distrust. Join us to get the details.

Root Causes 421: FIDO 2 Implementation Problems

16 Sep 2024

Contributed by Lukas

White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.

Root Causes 420: New Side Channel Attack Against YubiKeys

13 Sep 2024

Contributed by Lukas

EUCLEAK, a newly revealed side channel vulnerability, can clone the contents of a YubiKey. We talk about the attack and its significance.

Root Causes 419: What Happens to Vendors Who Don't Support ACME When 90-day Certificates Come?

08 Sep 2024

Contributed by Lukas

Though it is the closest thing to an industry-standard API, there are still products and operating systems that don't support ACME. In this episode we...

Root Causes 418: Moving from Cryptographic Homogeneity to Cryptographic Heterogeneity

06 Sep 2024

Contributed by Lukas

One seldom discussed consequence of quantum computers and PQC is the move from cryptographic homogeneity to cryptographic heterogeneity, with multiple...

Root Causes 417: Introducing pkimetal, the PKI Meta-linter

02 Sep 2024

Contributed by Lukas

We introduce pkimetal, an open source project from Rob Stradling that allows CA to write to many popular linters with a single integration. We explai...

Root Causes 416: SSL Subscriber Uses a Restraining Order to Prevent Revocation

29 Aug 2024

Contributed by Lukas

An enterprise SSL subscriber recently used a Temporary Restraining Order to prevent the proper revocation of misissued certificates. We explain what h...

Root Causes 415: What Can I Do with These New FIPS PQC Standards?

27 Aug 2024

Contributed by Lukas

NIST recently released PQC algorithmic standards in FIPS-203, FIPS-204, and FIPS-205 (ML-KEM, ML-DSA, and SLH-DSA). We describe what is necessary for ...

Root Causes 414: What Are the Revocation Periods for Public Certificates?

23 Aug 2024

Contributed by Lukas

In this episode we detail the mandatory revocation periods for leaf certificates and intermediates and explain when a 24-hour versus a 120-hour revoca...

Root Causes 413: NIST Releases Standards for First Three PQC Algorithms

16 Aug 2024

Contributed by Lukas

On August 13, 2024, NIST released its first three standards for PQC algorithms, ML-KEM, ML-DSA, and SLH-DSA. We tell you where to find them and talk ...

Root Causes 412: Google Throws in the Towel on Eliminating Cookies

13 Aug 2024

Contributed by Lukas

Cookies are incredibly useful but also pose grave privacy concerns. We have in the past covered Chrome's initiatives to replace cookies. Now Chrome h...

Root Causes 411: PQC Security Levels

09 Aug 2024

Contributed by Lukas

A popular belief is that Grover's algorithm will require that we double our AES key sizes. Repeat guest Bas Westerbaan of Cloudflare explains why thi...

Root Causes 410: CrowdStrike, Automatic Updates, and Walled Gardens

06 Aug 2024

Contributed by Lukas

We examine one specific aspect of the recent CrowdStrike flaw. Microsoft blames the problem on the fact that it must, by European law, allow kernel up...

Root Causes 409: Mozilla Distrusts Entrust

02 Aug 2024

Contributed by Lukas

This week Mozilla chose to follow Chrome in deprecating the Entrust trusted roots. We give you the details and explain why this action matters.
«« ← Prev Page 2 of 7 Next → »»