Root Causes: A PKI and Security Podcast
Technology
About
Podcast by Tim Callan and Jason Soroko
Episodes
- Root Causes 616: NIST and Merkle Tree Certificates
Dustin Moody from NIST joins Root Causes to discuss Merkle Tree Certificates (MTC) and the official NIST position on this topic.
- Root Causes 615: What Is IETF PLANTS?
Repeat guest Bas Westerbaan discusses the IETF PLANTS working group, focusing on standards for post-quantum cryptography and Merkle Tree Certificates. The episode covers the path to standardization and opportunities for involvement.
- Root Causes 614: MTC and Downgrade Attacks
This episode discusses Merkle Tree Certificates (MTC) and their co-existence with traditional RSA during the transition to post-quantum cryptography. Bas Westerbaan from Cloudflare joins to explore quantum downgrade attacks and possible co…
- Root Causes 613: Status of the NIST PQC Contests
Dustin Moody of NIST discusses the current status of post-quantum cryptography contests, including upcoming FIPS standards for Falcon and HQC, and other Round 4 algorithms. The episode also covers the digital signing algorithm (DSA) On Ram…
- Root Causes 612: What Do Subscribers Need for MTC?
Bas Westerbaan from Cloudflare explains Merkle Tree Certificate (MTC) requirements. The discussion covers TLS 1.3, PQC and RSA offerings, automation importance, and MTC production by 2027.
- Root Causes 611: Merkle Tree Certificates, What and Why
This episode explains Merkle Tree Certificates (MTC) for PQC TLS, featuring Cloudflare expert Bas Westerbaan. The discussion covers the new PKI architecture, including landmark certificates and log mirrors.
- Root Causes 610: Types of Logical Qubits
Root Causes 610 discusses the three types of logical qubits. The episode explores the strengths and weaknesses of each type.
- Root Causes 609: Side Channel Apocalypse
This episode covers the extreme danger of side channel attacks. It discusses these attacks within the context of the new post quantum cryptography (PQC) era.
- Root Causes 608: The Fragility of Formal Verification
This episode discusses the fragility of formal verification in cryptographic algorithms. It covers the difficulties in proving security due to implementation weaknesses and failure in randomness.
- Root Causes 607: PKI That's Hard to Discover
This episode of Root Causes focuses on the discovery aspect of Certificate Lifecycle Management (CLM). It specifically addresses PKI that is challenging to discover.
- Root Causes 606: What Is the UK Online Safety Act?
The episode discusses the UK Online Safety Act, which aims to compel hardware and software vendors to permit governmental scanning of end-to-end encrypted communications on devices. The hosts examine the government's approach to underminin…
- Root Causes 605: Chrome Declares Its Support for Merkle Tree Certificates (MTC)
Google Chrome has declared its support for Merkle Tree Certificates (MTC) for SSL/TLS. This episode of Root Causes unpacks this position from the WebPKI's most influential organization.
- Root Causes 604: Accelerated Timeline for Quantum Computers Breaking ECC in Crypto and Blockchain
This episode discusses a new paper from Google Quantum AI that describes a technique for breaking ECC. This development impacts cryptocurrencies, smart contracts, and blockchain, and accelerates post-quantum cryptography timelines.
- Root Causes 603: Cryptographically Relevant Quantum Computing (CRQC) with Only 10,000 Qubits
This episode discusses new research indicating that a cryptographically relevant quantum computer could be achieved with only 10,000 qubits. This research influenced Google's decision to move its Post-Quantum Cryptography target to 2029.
- Root Causes 602: Google Moves the PQC Date Forward to 2029
Google has announced a new target of 2029 for full Post-Quantum Cryptography (PQC) support. This update moves the timeline forward from the previously established 2030 target.
- Root Causes 601: The Zombie in the Server Room
This episode of Root Causes discusses how legacy PKI implementations in enterprise environments can impede technical progress and introduce security risks. The hosts explore the reasons behind these issues, their potential consequences, an…
- Root Causes 600: Cryptographic Design Is Not Neutral
This episode discusses how cryptographic design is not neutral, explaining that all cryptographic decisions reflect the social, political, and legal viewpoints of the designers. It builds on the previous episode's concept of cryptography a…
- Root Causes 599: Cryptography Is the New Geopolitics
This episode discusses how nations worldwide are increasingly using cryptography for their legal, economic, and military advantage. The hosts explore the concept of cryptography as a geopolitical tool.
- Root Causes 598: Why Johnny Can't authN in OT
This episode discusses a CISA report regarding the challenges of authentication and crypto agility within operational technology (OT) infrastructure. The hosts examine issues related to certificate management in OT environments.
- Root Causes 597: If You Don't Hold the Keys, You Don't Hold the Subpoenas
This episode discusses Microsoft's stated policy regarding handing over Bitlocker keys to US law enforcement agencies. It also covers options for users to hold their own keys instead of Microsoft.
- Root Causes 596: CLM and Operational Uptime
This episode discusses Certificate Lifecycle Management (CLM) not just as a security category, but also as an operations category. The hosts make a case for CLM enabling operational uptime.
- Root Causes 595: What Is a Digital Parasite?
This episode introduces the concept of a "digital parasite" and explains why this attack philosophy appears to be on the rise.
- Root Causes 594: Google's Five PQC Recommendations for Policy Makers
This episode of Root Causes discusses Google's five Post-Quantum Cryptography recommendations for policy makers, outlined in a recent blog post. The hosts walk through each of the recommendations.
- Root Causes 592: When a CAA Record Outlives the CA
This episode of Root Causes discusses the scenario where a CAA record outlives the Certificate Authority to which it restricts issuance, and its implications for PKI and security.
- Root Causes 593: New PQC Guidance from CISA
This episode of Root Causes covers new PQC guidance released by CISA.
- Root Causes 591: Client Authentication Deprecation Date Moves Out
This episode of Root Causes discusses the client authentication deprecation date moving out.
- Root Causes 590: The Size of the CA Is Not the Size of the Risk
This episode of Root Causes discusses the false belief that the size of a Certificate Authority (CA) correlates with the amount of risk it poses to the WebPKI. It explains that the number of active certificates a CA has does not indicate i…
- Root Causes 589: Is a Cryptographically Relevant Quantum Computer Economically Viable?
This episode of Root Causes discusses the economic viability of a cryptographically relevant quantum computer. The hosts explain their disagreement with the argument that such a development would be too expensive.
- Root Causes 588: It's Cryptographic Frogger from Here on Out
This episode discusses the transition to Post-Quantum Cryptography (PQC). It explores how this shift necessitates a fundamental change in cryptographic practices and requires IT systems to be crypto-agile.
- Root Causes 587: AI Orchestration for Attackers
This episode of Root Causes describes an intrusion operated by off-the-shelf AI tools. It discusses the security implications and potential consequences of such attacks.
- Root Causes 586: Beyond Harvest Now Decrypt Later
This episode of Root Causes expands on the concept of trust-now-forge-later. It discusses additional attacks that could be enabled by cryptographically relevant quantum computers.
- Root Causes 585: The Cryptographic Inventory Manifesto
In this episode, Jason outlines the ten principles of the Cryptographic Inventory Manifesto. The hosts discuss the manifesto's principles.
- Root Causes 585: The Cryptographic Inventory Manifesto
This episode of Root Causes discusses the Cryptographic Inventory Manifesto. Jason presents the ten principles of the manifesto, followed by a discussion.
- Root Causes 584: Mapping DORA to CLM
This episode discusses the new European DORA and NIS2 regulations. It explains how Certificate Lifecycle Management is a key requirement to meet these new regulations.
- Root Causes 584: Mapping DORA to CLM
This episode discusses the new European DORA and NIS2 regulations. It covers how Certificate Lifecycle Management (CLM) is a key requirement for meeting these regulations.
- Root Causes 583: AI Versus ECC P 256
This episode discusses an innovative application where AI has been used to find private keys for ECC P256. The hosts explain the methodology behind this development.
- Root Causes 583: AI Versus ECC P 256
This episode of Root Causes was recorded in Ottawa, Ontario. The topic of this episode is AI versus ECC P256.
- Root Causes 582: New Research Drastically Cuts Number of Qubits for Cryptographic Relevance
New research suggests that the number of qubits required for cryptographic relevance has been drastically reduced. This episode covers the implications of this breaking news.
- Root Causes 581: A Timeline for Deprecation of Manual DCV Methods
This episode discusses the upcoming deprecation of manual Domain Control Validation (DCV) methods. It details which methods will be deprecated and by when, following a CABF ballot.
- Root Causes 580: Top Use Cases for Hybrid Certificates
This episode of Root Causes discusses the qualities of use cases that benefit from hybrid certificates. It covers specific examples such as OT systems, code signing, secure boot, WiFi, and enterprise S/MIME.
- Root Causes 579: Make Cryptography Boring Again
In this episode, Jason explains the idea of making cryptography boring again and why it is important.
- Root Causes 578: 200 Days Won't Actually Be 200 Days
The episode discusses the upcoming reduction of maximum TLS certificate lifespans. It explains why the actual maximums will be less than the often-cited 200, 100, and 47 days.
- Root Causes 577: All the Stuff That's Coming in March
Root Causes 577 discusses the upcoming changes to WebPKI in March 2026. The episode outlines the many modifications expected in what is described as an eventful month for WebPKI.
- Root Causes 576: Jeffries Dumps Bitcoin Due to the Quantum Threat
This episode of Root Causes discusses Jeffries divesting from Bitcoin. The firm's decision is attributed to concerns about the quantum threat.
- Root Causes 575: Shortening Certificate Term - All the Dates
This episode of Root Causes discusses the reduction in maximum public TLS certificate term to 200 days, detailing all relevant dates. It goes beyond the commonly known March 15 date to cover additional key dates for this change.
- Root Causes 574: 2025 Predictions Scorecard - Part 2
This episode of Root Causes: A PKI and Security Podcast, titled "2025 Predictions Scorecard - Part 2," scores the podcast's 2025 predictions. This is the second part of a two-part series.
- Root Causes 573: 2025 Predictions Scorecard - Part 1
Root Causes: A PKI and Security Podcast reviews its predictions for 2025. This episode is part one of a two-part scorecard discussing how accurate their predictions were.
- Root Causes 572: Quality of Entropy
This episode discusses the concept that not all cryptographic entropy possesses equal randomness. It also covers the potential consequences arising from these differences.
- Root Causes 571: Will There Ever Be a Cryptographically Relevant Quantum Computer?
This episode explores the possibility of a cryptographically relevant quantum computer, discussing if such a machine can ever be created.
- Root Causes 570: PQC Readiness at the Boardroom Level
In this episode, Chris McGrath discusses enterprise preparations for the NIST Post-Quantum Cryptography (PQC) deadline in 2030, focusing on actions businesses should take now.