))
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject ...
…
continue reading
Sectigo today announced the acquisition of the Entrust public CA business. Entrust will go forward as a Sectigo reseller. Join us to learn the details.Tim Callan and Jason Soroko
…
continue reading
In this episode we are joined by Dr. Michela Mosca. We discuss his pioneering work identifying the need for post-quantum cryptography, where PQC stands today, and what the future may hold.Tim Callan and Jason Soroko
…
continue reading
2024 set in motion major changes for certificate lifespans and DCV. In this episode we discuss the Apple 47-day proposal, stepping down certificate term, public versus private CA use cases, DCV reuse periods, MPIC, WHOIS, and other topics.Tim Callan and Jason Soroko
…
continue reading
Apple has added itself to the Entrust distrust and has extended this distrust to S/MIME and VMC. We explain.Tim Callan and Jason Soroko
…
continue reading
We had a remarkable year on the Root Causes podcast in terms of our guests. We look back at the extremely expert guests we were lucky to talk about in 2024.Tim Callan and Jason Soroko
…
continue reading
In this 2024 lookback episode, we give an overview of the firestorm of Bugzilla incidents that we refer to as the Bugzilla Bloodbath. The Bugzilla Bloodbath affected actions around the Entrust distrust, delayed revocation reform, 47-day SSL certificate maximum term, linting, and more.Tim Callan and Jason Soroko
…
continue reading
We talk with guest Sofia Celi of Brave Browser, who leads the IETF PQC standardization effort, about the process of setting standards for PQC-compatible digital certificates. We learn about expected timelines, hybrid strategies, the NIST PQC onramp's role, and more.Tim Callan and Jason Soroko
…
continue reading
2024 was an eventful year for post quantum cryptography (PQC). This includes FIPS standards, the PQC onramp, and the dawn of widespread interest among IT professionals.Tim Callan and Jason Soroko
…
continue reading
The old adage states that a monkey in front of a keyboard, given enough time, could randomly type the works of Shakespeare. Apparently, someone ran the numbers and said not so much. We break it down and explain why we're discussing this on a PKI podcast.Tim Callan and Jason Soroko
…
continue reading
We go over our predictions for 2024 and score our ability as prognosticators.Tim Callan and Jason Soroko
…
continue reading
It was a crazy year for CA/Browser Forum activity, with nearly three times the normal number of ballots. Guest Martijn Katerbarg goes over the 32 CABF ballots from 2024.Tim Callan and Jason Soroko
…
continue reading
We make our 2025 predictions. Topics include maximum certificate term, AI, post-quantum cryptography (PQC), deep fakes, and more.Tim Callan and Jason Soroko
…
continue reading
Repeat guest Bruno Coulliard of Crypto4A joins us to define a quantum-safe (or PQC enabled) hardware security module.Tim Callan and Jason Soroko
…
continue reading
We go over Tim's September 2024 keynote speech at ENISA CA Day, "The Privilege of Being a Public CA."Tim Callan and Jason Soroko
…
continue reading
As part of its post-quantum cryptography (PQC) initiative NIST has released a draft deprecating RSA-2048 and ECC 256 by 2030 and disallowing them by 2035. We get into the details.Tim Callan and Jason Soroko
…
continue reading
Tim has stepped into the position of vice-chair of the CA/Browse Forum, and Sectigo now holds five chair or vice-chair positions in that body. We explain how leadership is chosen, the offices Sectigo holds today, and some of our vision for CABF in the next two years.Tim Callan and Jason Soroko
…
continue reading
We take a deep dive into the seven reasons shorter certificate lifespans are better.Tim Callan and Jason Soroko
…
continue reading
We discuss how a potential break of Chrome from Google would affect the WebPKI. We look at product changes, resourcing, post-quantum cryptography (PQC), innovation, moonshot initiatives, and other public CAs.Tim Callan and Jason Soroko
…
continue reading
In this episode we discuss the challenges for enterprises using Microsoft Active Directory Certificate Services (ADCS).Tim Callan and Jason Soroko
…
continue reading
Apple has published an updated draft to its proposal for shortening the lifespan of SSL certificates, including a final maximum term of 47 rather than 45 days. We explain.Tim Callan and Jason Soroko
…
continue reading
A new White House initiative requires that federal agencies need to create plans to thwart BGP attacks. We discuss, including Resource PKI (RPKI) and Multi-Perspective Issuance Corroboration (MPIC).Tim Callan and Jason Soroko
…
continue reading
We talk about public key directories and complicating factors such as Tailscale, VPN, TOR, Cloudflare, and Zero Trust.Tim Callan and Jason Soroko
…
continue reading
NIST has narrowed its PQC onramp contest to 15 candidates. We go over who remains and the makeup of the remaining candidates.Tim Callan and Jason Soroko
…
continue reading
Repeat guest Bruno Couillard argues that cryptography is part of the foundational fabric of our lives and that the transition to PQC is an existential requirement.Tim Callan and Jason Soroko
…
continue reading
Linters are essential tools for maintaining quality of certificate issuance. Public open-source linters are available to help CAs assure compliance. As a result, CAs have begun attributing gaps in coverage by public linters as the root cause for misissuance events. We explain why this is faulty reasoning.…
…
continue reading
Formal proofs are critical to cryptography. We discuss how better processes and AI can accelerate formal proofs of cryptographic concepts.Tim Callan and Jason Soroko
…
continue reading
The PQC community likes to debate when crypto relevant quantum computers will be available, which is sometimes called "Q day." In this episode we explain how radically oversimplified this concept is and dive into the nuances of what a "cryptographically relevant quantum computer" really will be.Tim Callan and Jason Soroko
…
continue reading
News reports claim Chinese researchers broke AES with a quantum annealing computer. We clarify the details and talk about the implications of this reported discovery.Tim Callan and Jason Soroko
…
continue reading
We explore the question of whether or not we have enough electricity to fuel AI's expected growth.Tim Callan and Jason Soroko
…
continue reading
Apple recently floated a draft CABF ballot for commentary that steps down maximum term for SSL certificates starting next year and eventually landing at 45 days in 2027. We share the details.Tim Callan and Jason Soroko
…
continue reading
Deliberate delay of mandatory revocations has plagued the WebPKI in 2024. A new proposed policy from Mozilla stands to eliminate most of this behavior. In this episode we go over the proposal and explain its potential consequences.Tim Callan and Jason Soroko
…
continue reading
In this episode we give a high-level explanation of what happens in a TLS 1.3 handshake and then discuss what will happen when PQC is included.Tim Callan and Jason Soroko
…
continue reading
A ServiceNow private CA root expired, creating outages across hundreds of enterprises. We explain what appears to have gone on.Tim Callan and Jason Soroko
…
continue reading
White hat researchers managed to take over WHOIS for the .mobi TLD. Among other things, this discovery foretells the death of WHOIS as a valid email source for Domain Control Validation (DCV).Tim Callan and Jason Soroko
…
continue reading
In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.Tim Callan and Jason Soroko
…
continue reading
A certificate expiration is now known to have created July's outage of Bank of England. Join us as we shake our heads in amazement yet again.Tim Callan and Jason Soroko
…
continue reading
In honor of the upcoming US elections, we describe the six main requirements for a post-quantum voting system.Tim Callan and Jason Soroko
…
continue reading
In this episode we describe the LoRA protocol, which allows IoT devices to communicate securely without using a cellular network, and how it can be used for secret communications.Tim Callan and Jason Soroko
…
continue reading
In this episode we discuss the dual nature of a public certificate as both a file and part of a holistic service that lasts until its expiration. We discuss revocation checking, CT logging, GAAP accounting, linters, certificate tracking tools, Certificate Lifecycle Management, standards bodies, post-quantum cryptography, and subscription models.…
…
continue reading
The Chrome root program has changed the date for the Entrust distrust. Join us to get the details.Tim Callan and Jason Soroko
…
continue reading
White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.Tim Callan and Jason Soroko
…
continue reading
EUCLEAK, a newly revealed side channel vulnerability, can clone the contents of a YubiKey. We talk about the attack and its significance.Tim Callan and Jason Soroko
…
continue reading
1
Root Causes 419: What Happens to Vendors Who Don't Support ACME When 90-day Certificates Come?
16:14
Though it is the closest thing to an industry-standard API, there are still products and operating systems that don't support ACME. In this episode we explore what happens to these products once 90-day SSL certificates become the requirement.Tim Callan and Jason Soroko
…
continue reading
One seldom discussed consequence of quantum computers and PQC is the move from cryptographic homogeneity to cryptographic heterogeneity, with multiple KEMs and DSAs eventually expected as ongoing standards. We examine the consequences of this change.Tim Callan and Jason Soroko
…
continue reading
We introduce pkimetal, an open source project from Rob Stradling that allows CA to write to many popular linters with a single integration. We explain the importance and pitfalls of linters and how pkimetal improves linter implementation.Tim Callan and Jason Soroko
…
continue reading
An enterprise SSL subscriber recently used a Temporary Restraining Order to prevent the proper revocation of misissued certificates. We explain what happened, why it's deeply problematic, and how the industry might consider responding.Tim Callan and Jason Soroko
…
continue reading
NIST recently released PQC algorithmic standards in FIPS-203, FIPS-204, and FIPS-205 (ML-KEM, ML-DSA, and SLH-DSA). We describe what is necessary for enterprises to begin using these algorithms.Tim Callan and Jason Soroko
…
continue reading
In this episode we detail the mandatory revocation periods for leaf certificates and intermediates and explain when a 24-hour versus a 120-hour revocation deadline applies.Tim Callan and Jason Soroko
…
continue reading
On August 13, 2024, NIST released its first three standards for PQC algorithms, ML-KEM, ML-DSA, and SLH-DSA. We tell you where to find them and talk about what happens next.Tim Callan and Jason Soroko
…
continue reading
Cookies are incredibly useful but also pose grave privacy concerns. We have in the past covered Chrome's initiatives to replace cookies. Now Chrome has announced that for the foreseeable future cookies will remain. We explain.Tim Callan and Jason Soroko
…
continue reading
