Root Causes: A PKI and Security Podcast

About

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.

Episodes

• Root Causes 615: What Is IETF PLANTS? 2026-05-08

  Bas Westerbaan from Cloudflare joins the podcast to discuss the IETF PLANTS working group. The episode covers the group's work on post-quantum cryptography, Merkle Tree Certificates, the standardization process, and how to participate.

• Root Causes 614: MTC and Downgrade Attacks 2026-05-06

  This episode of Root Causes explores Merkle Tree Certificates (MTC) and the potential for quantum downgrade attacks. Bas Westerbaan of Cloudflare joins the discussion to examine the co-existence of MTC and RSA during the transition to post…

• Root Causes 613: Status of the NIST PQC Contests 2026-05-04

  Dustin Moody from NIST provides an update on the post-quantum cryptography (PQC) contests. He covers upcoming FIPS standards for Falcon (FN-DSA) and HQC, other Round 4 algorithms, the digital signing algorithm (DSA) On Ramp, and future cry…

• Root Causes 612: What Do Subscribers Need for MTC? 2026-05-01

  Bas Westerbaan of Cloudflare explains considerations for Merkle Tree Certificates (MTC), covering TLS 1.3, PQC and RSA, automation, and MTC production timelines.

• Root Causes 611: Merkle Tree Certificates, What and Why 2026-04-29

  This episode explores Merkle Tree Certificates (MTC) as a potential architecture for PQC TLS. Post-quantum cryptography expert Bas Westerbaan explains how this new PKI architecture works and why it is necessary, including concepts like lan…

• Root Causes 610: Types of Logical Qubits 2026-04-27

  This episode of Root Causes: A PKI and Security Podcast describes three types of logical qubits. It also covers their relative strengths and weaknesses.

• Root Causes 609: Side Channel Apocalypse 2026-04-24

  This episode discusses side channel attacks and their danger in the post quantum cryptography (PQC) era.

• Root Causes 608: The Fragility of Formal Verification 2026-04-22

  This episode discusses the fragility of formal verification in cryptography. It covers the challenges in proving security due to difficulties in formal verification, implementation weaknesses, and failures in randomness.

• Root Causes 607: PKI That's Hard to Discover 2026-04-20

  This episode, titled "PKI That's Hard to Discover," addresses the initial pillar of Certificate Lifecycle Management (CLM): discovery. It focuses on the challenges posed by difficult-to-discover PKI, contrasting it with more easily discove…

• Root Causes 606: What Is the UK Online Safety Act? 2026-04-17

  The episode discusses the UK Online Safety Act, an initiative that would require hardware and software vendors to allow government access to end-to-end encrypted communications. The hosts consider the implications of governments potentiall…

• Root Causes 605: Chrome Declares Its Support for Merkle Tree Certificates (MTC) 2026-04-15

  Google has announced its support for Merkle Tree Certificates (MTC) as the PQC-enabled future for SSL/TLS. This episode discusses the implications of this decision from Chrome, a significant organization in the WebPKI.

• Root Causes 604: Accelerated Timeline for Quantum Computers Breaking ECC in Crypto and Blockchain 2026-04-13

  A new paper from Google Quantum AI and collaborators describes a technique that allows quantum computers to break ECC, which protects cryptocurrencies, smart contracts, and blockchain. This development accelerates post-quantum cryptography…

• Root Causes 603: Cryptographically Relevant Quantum Computing (CRQC) with Only 10,000 Qubits 2026-04-10

  New research indicates that a cryptographically relevant quantum computer (CRQC) could be achieved with 10,000 qubits. This research is a factor in Google's adjusted PQC target of 2029.

• Root Causes 602: Google Moves the PQC Date Forward to 2029 2026-04-08

  Google has announced that it is moving its target for full PQC support to 2029, a year earlier than the previously established 2030 goal. This decision reflects Google's view that the original target was too late.

• Root Causes 601: The Zombie in the Server Room 2026-04-06

  This episode discusses how legacy PKI implementations in enterprise environments can hinder technical progress and introduce security risks, exploring the reasons, consequences, and solutions for these issues.

• Root Causes 600: Cryptographic Design Is Not Neutral 2026-04-03

  This episode discusses how cryptographic design is not neutral. It explores how cryptographic decisions reflect the social, political, and legal viewpoints of the designers.

• Root Causes 599: Cryptography Is the New Geopolitics 2026-04-01

  Root Causes discusses how nations around the world are increasingly using cryptography for their own legal, economic, and military advantage. The episode explores this concept in detail.

• Root Causes 598: Why Johnny Can't authN in OT 2026-03-30

  This episode discusses a CISA report that found the nation's OT infrastructure is not equipped to handle current crypto agility and certificate management demands. The hosts delve into the implications of these findings.

• Root Causes 597: If You Don't Hold the Keys, You Don't Hold the Subpoenas 2026-03-27

  This episode discusses Microsoft's policy of providing Bitlocker keys to US law enforcement without a subpoena or court order. It also covers the option for users to manage their own keys instead of Microsoft.

• Root Causes 596: CLM and Operational Uptime 2026-03-25

  This episode of Root Causes discusses Certificate Lifecycle Management (CLM). The hosts explore CLM as an operations category that enables uptime, rather than solely a security category.

• Root Causes 595: What Is a Digital Parasite? 2026-03-23

  Root Causes episode 595 discusses the concept of a "digital parasite." The hosts explain why this attack philosophy appears to be on the rise.

• Root Causes 594: Google's Five PQC Recommendations for Policy Makers 2026-03-18

  Root Causes discusses Google's five recommendations for policymakers regarding PQC. The episode walks through the list of recommendations presented in a recent Google blog post.

• Root Causes 593: New PQC Guidance from CISA 2026-03-16

  CISA has released new guidance regarding post-quantum cryptography in critical infrastructure. This episode discusses the details and warnings from CISA.

• Root Causes 592: When a CAA Record Outlives the CA 2026-03-13

  This episode of Root Causes discusses the scenario where a CAA record outlives the Certificate Authority it was intended to restrict. The hosts explore the potential consequences of such an event for domain security and certificate issuanc…

• Root Causes 591: Client Authentication Deprecation Date Moves Out 2026-03-11

  This episode of Root Causes discusses Chrome's new deprecation date for clientAuth EKU and mTLS in public certificates. The hosts explain the details of this change.

• Root Causes 590: The Size of the CA Is Not the Size of the Risk 2026-03-10

  This episode discusses the misconception that the risk a public Certificate Authority (CA) poses to the WebPKI is related to the number of active certificates it has. It clarifies that this belief is false.

• Root Causes 589: Is a Cryptographically Relevant Quantum Computer Economically Viable? 2026-03-06

  This episode of Root Causes examines the economic viability of developing a cryptographically relevant quantum computer. The hosts disagree with the argument that such development is cost-prohibitive, and they explain their reasoning.

• Root Causes 588: It's Cryptographic Frogger from Here on Out 2026-03-04

  This episode of Root Causes explains that the transition to Post-Quantum Cryptography (PQC) requires IT systems to become crypto agile. The discussion focuses on cryptographic agility as a solution to this new challenge.

• Root Causes 587: AI Orchestration for Attackers 2026-03-02

  This episode of Root Causes discusses AI orchestration for attackers. The episode explores the topic of how artificial intelligence can be used to coordinate and enhance cyber attacks.

• Root Causes 586: Beyond Harvest Now Decrypt Later 2026-02-27

  This episode discusses potential attacks enabled by cryptographically relevant quantum computers. It expands on the concept of "trust-now-forge-later" and "Harvest Now, Decrypt Later."

• Root Causes 585: The Cryptographic Inventory Manifesto 2026-02-25

  This episode of Root Causes features a discussion about the Cryptographic Inventory Manifesto. Jason presents and discusses its ten principles.

• Root Causes 584: Mapping DORA to CLM 2026-02-23

  This episode of Root Causes examines the new European DORA and NIS2 regulations. It discusses how Certificate Lifecycle Management is a key requirement for meeting these regulations.

• Root Causes 583: AI Versus ECC P 256 2026-02-20

  This episode of Root Causes discusses AI versus ECC P 256. It was recorded in Ottawa, Ontario.

• Root Causes 582: New Research Drastically Cuts Number of Qubits for Cryptographic Relevance 2026-02-17

  New research indicates that the number of qubits necessary to achieve cryptographic relevance has been drastically reduced. This episode covers the implications of this breaking news.

• Root Causes 581: A Timeline for Deprecation of Manual DCV Methods 2026-02-15

  This episode discusses the upcoming deprecation of manual Domain Control Validation (DCV) methods by 2028, as per CABF ballot. It explains which methods are slated for deprecation and their timelines.

• Root Causes 580: Top Use Cases for Hybrid Certificates 2026-02-13

  This episode of Root Causes discusses the qualities of use cases that strongly invite the use of hybrid certificates. It then lists specific use cases that meet these criteria, such as OT systems, code signing, secure boot, WiFi, and enter…

• Root Causes 579: Make Cryptography Boring Again 2026-02-10

  In this episode, Jason advocates for making cryptography boring again. The discussion covers what this concept entails and its importance.

• Root Causes 578: 200 Days Won't Actually Be 200 Days 2026-02-09

  The episode clarifies changes to TLS certificate lifespans. It explains why the actual maximum durations will be shorter than 200, 100, or 47 days, as often discussed.

• Root Causes 577: All the Stuff That's Coming in March 2026-02-06

  This episode of Root Causes discusses the upcoming changes to WebPKI in March 2026. The hosts review the many developments expected next month.

• Root Causes 576: Jeffries Dumps Bitcoin Due to the Quantum Threat 2026-02-04

  This episode of Root Causes discusses an investment firm divesting from Bitcoin. The decision was made due to concerns regarding the quantum threat.

• Root Causes 575: Shortening Certificate Term - All the Dates 2026-02-02

  This episode discusses the reduction of the maximum public TLS certificate term to 200 days. It also covers other important dates related to TLS maximum term reduction.

• Root Causes 574: 2025 Predictions Scorecard - Part 2 2026-01-30

  Root Causes Podcast evaluates its 2025 predictions in this episode, which is the second of two parts.

• Root Causes 573: 2025 Predictions Scorecard - Part 1 2026-01-28

  This episode of Root Causes: A PKI and Security Podcast features a review of predictions made for the year 2025. It is the first part of a two-part series evaluating these predictions.

• Root Causes 572: Quality of Entropy 2026-01-26

  This episode discusses the concept that not all cryptographic entropy is equally "random" and explores the potential consequences of this phenomenon.

• Root Causes 571: Will There Ever Be a Cryptographically Relevant Quantum Computer? 2026-01-23

  This episode of Root Causes discusses the idea that it might be impossible to actually create a cryptographically relevant quantum computer. The hosts weigh in on this concept.

• Root Causes 570: PQC Readiness at the Boardroom Level 2026-01-21

  In this episode, Chris McGrath discusses enterprise readiness for the NIST PQC deadline in 2030, outlining the steps companies should take now.

• Root Causes 569: New Regulations Are Changing the PKI Landscape 2026-01-19

  This episode features repeat guest Chris McGrath, who discusses how new regulations are impacting enterprise digital certificates and PKI. The conversation covers increased rigor, visibility, and auditability requirements.

• Root Causes 568: Upping Your Certificate Game for Better Security 2026-01-16

  Chris McGrath discusses redefining digital certificates and their role in organizational security. The episode also covers increasing regulation of certificates and how enterprises can improve their certificate game.

• Root Causes 567: Top 10 PQC Laggards in the Enterprise 2026-01-14

  This episode discusses the top ten enterprise environments and use cases that are predicted to be late in adopting post-quantum cryptography (PQC).

• Root Causes 566: Time Is a Security Primitive 2026-01-12

  This episode discusses the foundational importance of time in PKI and security. It covers when and in what order things happen, time-spoofing attacks, certificates, roots, timestamping, Certificate Transparency, patching, audits, and PQC.