Shows
Root Causes: A PKI and Security PodcastRoot Causes 551: PKI in a Swarm at 50 mphJason explores the role cryptography and trust systems play in the command and control of groups of autonomous drone systems.
2025-11-2409 minRoot Causes: A PKI and Security PodcastRoot Causes 545: What Is MOSH?The MOSH tool aids the use of SSH-secured sessions, especially across different systems. Jason unpacks the security of this system and how it uses encryption and shared secrets.
2025-11-1008 minRoot Causes: A PKI and Security PodcastRoot Causes 544: What Is Chain of Lure?Chain of lure is an attack method used to circumvent restrictions and boundaries placed on AIs. Jason explains this attack and its implications.
2025-11-0510 minRoot Causes: A PKI and Security PodcastRoot Causes 534: Signing the Machines That ThinkImagine what happens if you use the wrong LLM, including a malicious model placed there to create mischief or crime. How do you know? Jason proposes that, the same way we sign our code, we should be signing our AI models as well.
2025-10-1008 minRoot Causes: A PKI and Security PodcastRoot Causes 533: Flexibility Through Multi-CA Trust ModelsWe discuss how a static PKI structure can hurt corporate flexibility and resilience. Events like reorgs and M&A activity can cause intractable problems with the wrong PKI setup. Plus, Jason coins the term PKI archeology.
2025-10-0709 minRoot Causes: A PKI and Security PodcastRoot Causes 532: Introducing Offline PKIIn this episode, Jason describes how we might use the principles of PKI in a purely offline scenario.
2025-10-0211 minRoot Causes: A PKI and Security PodcastRoot Causes 519: AI Is the RoomAI is not the elephant in the room. It is the room itself. Jason explains what he means by that.
2025-08-1818 min
Root Causes: A PKI and Security PodcastRoot Causes 517: The Cost of Quantum FactoringJason walks us through an important recent paper from Google tracking the cost of quantum factoring.
2025-07-2505 minRoot Causes: A PKI and Security PodcastRoot Causes 515: What Is Entropy-aware Governance?Jason coins the term "entropy-aware governance" to describe the idea of using the degree of entropy it contains to measure the strength of any given secret. This could be an objective, consistent metric that could be applied to standard practices and requirements.
2025-07-1814 minRoot Causes: A PKI and Security PodcastRoot Causes 514: Diary of an Online FirestormTim describes how the addition of an item to the CABF face-to-face meeting agenda blew up into a panicked and outraged online thread. We discuss what a more functional response would have looked like.
2025-07-1612 minRoot Causes: A PKI and Security PodcastRoot Causes 511: The GoML Root StoreWe follow up on our discussion of the Get off My Lawn (GoTM) browser with Jason's adventure in creating his own custom root store.
2025-07-0515 minRoot Causes: A PKI and Security PodcastRoot Causes 510: Introducing the GoML BrowserWe discuss Jason's code vibing journey to create the Get Off My Lawn! (GoTM) browser. We discuss SSL certificate information, EV indicators, and cookie handling.
2025-06-2610 minRoot Causes: A PKI and Security PodcastRoot Causes 508: What Is Code Vibing?"Code vibing" is using generative AI to create or improve working code. We share Jason's adventure using code vibing to create his own web browser.
2025-06-2317 minRoot Causes: A PKI and Security PodcastRoot Causes 506: Recap of CABF Face-to-face #65For the first time ever, Jason and I record an episode from the floor of the CA/Browser Forum face-to-face meeting. We recap the themes of this meeting, and Jason gives his first impressions of a CABF Face-to-face.
2025-06-1708 minRoot Causes: A PKI and Security PodcastRoot Causes 504: Jason Programs a Quantum ComputerJason describes his recent experience using Amazon Braket.
2025-06-1017 minRoot Causes: A PKI and Security PodcastRoot Causes 502: The PQC Game of ChickenIn this episode Jason explains the fallacy of "playing chicken" with the Quantum Apocalypse. We discuss stack ranking and "eyes open" PQC risk decisions.
2025-06-0410 minRoot Causes: A PKI and Security PodcastRoot Causes 500: OMG! 500 Episodes of Root Causes!Wow. It's episode 500 of Root Causes. Jason and Tim talk about how the podcast has evolved in the past six years, how it remains consistent, and the updates we're making to keep being a valuable resource for our listeners.
2025-05-2920 minRoot Causes: A PKI and Security PodcastRoot Causes 487: Security 2030Jason and I take a peek forward at what we imagine IT security looks like in 2030. Topics include PQC, ZTNA, "green zones," deep fakes, IoT, connected cars, agentic AI, blockchain, and CLM.
2025-04-1646 minRoot Causes: A PKI and Security PodcastRoot Causes 476: The Need for Security KPIsJason recounts a 2024 Black Hat talk about the need for objective measurements of our IT defenses and whether the good guys or bad guys are winning. Jason breaks down how to define and measure the impact of security measures.
2025-03-1016 minRoot Causes: A PKI and Security PodcastRoot Causes 474: Explaining Shor's AlgorithmWe talk a lot about Shor's Algorithm in our discussion of post quantum cryptography (PQC). In this episode Jason explains Shor's algorithm for non-quantum physicists.
2025-03-0221 minRoot Causes: A PKI and Security PodcastRoot Causes 473: Does Security Software Lack Creativity?Jason reports on a 2024 Black Hat keynote about how modern software development practices inhibit innovation and invention.
2025-02-2810 min
Root Causes: A PKI and Security PodcastRoot Causes 448: The Privilege of Being a Public CAWe go over Tim's September 2024 keynote speech at ENISA CA Day, "The Privilege of Being a Public CA."
2024-12-1725 minRoot Causes: A PKI and Security PodcastRoot Causes 446: Sectigo Assumes Five CABF OfficesTim has stepped into the position of vice-chair of the CA/Browse Forum, and Sectigo now holds five chair or vice-chair positions in that body. We explain how leadership is chosen, the offices Sectigo holds today, and some of our vision for CABF in the next two years.
2024-12-1213 minRoot Causes: A PKI and Security PodcastRoot Causes 389: 2024 RSA Conference Wrap UpJason and I do our annual RSA wrap-up. Trending segments include AI, Trust Centers, MFA, PQC, and more.
2024-05-2827 minRoot Causes: A PKI and Security PodcastRoot Causes 384: So What Is a Senior Fellow Anyway?Jason has a new title, Senior Fellow. In this episode Jason explains what his new focus will be and how this will be good for Root Causes.
2024-05-0707 minRoot Causes: A PKI and Security PodcastRoot Causes 351: 2024 PredictionsWe look forward to 2024 and predict trends for PKI, certificates, and digital identity. We discuss shortening certificate lifespans, Multi-perspective Domain Validation (MPDV), eIDAS 2.0, OCSP, post-quantum cryptography (PQC), Certificate Lifecycle Management (CLM), passwords, root stores, and government versus encryption. Plus, will Jason be sent to the gulag for not being Canadian enough?
2023-12-2718 minRoot Causes: A PKI and Security PodcastRoot Causes 299: 2023 RSA RecapThe 2023 RSA Conference just concluded. This week Tim recaps what he saw at the show and how it reflects on security industry trends. Our hosts discuss Zero Trust, PQC, blockchain, artificial intelligence, post-COVID tradeshow behavior, and more.
2023-05-0231 min
Root Causes: A PKI and Security PodcastRoot Causes 294: Root Causes Honored by Webby AwardsThe Root Causes podcast has received a Webby Honoree award. Jason and Tim briefly celebrate and discuss the challenge of operating a niche, homemade podcast while being directly compared to professionally produced podcasts on mainstream topics from media companies. Plus, Tim's new Root Causes t-shirt.
2023-04-1309 min
Root Causes: A PKI and Security PodcastRoot Causes 250: 250 Episodes of Root Causes!It's Root Causes episode 250! In this episode Tim and Jason indulge themselves in podcasting about podcasting. Hear about setting up a podcast, choosing topics, why we don't rehearse, why we have so few guests, and how we reacted the first time someone asked us for a media kit.
2022-10-2626 minRoot Causes: A PKI and Security PodcastRoot Causes 238: Tim's Big Phishing AdventureIn a personally unprecedented occurrence, Tim's identity as a Sectigo executive is being used in a "waterholing" phishing scam intended to raid job seekers' bank accounts. We describe what is going on, how we found out, and the challenges in combatting such an attack.
2022-08-1516 minRoot Causes: A PKI and Security PodcastRoot Causes 205: Anatomy of an Encrypted Peer-to-Peer Mesh NetworkSecure online collaboration poses logistical and technical challenges under the best of circumstances. Now imagine you have no designated IT staff, no designated hardware, a small budget, and remote participants who are not deeply technical. In this episode Jason Soroko explains how he was able to quickly and easily create an encrypted communications mesh for use by him and his collaboration team.
2022-02-0912 minRoot Causes: A PKI and Security PodcastRoot Causes 197: Tim's Digital HaircutIn this episode our hosts describe the extreme degree to which all business has become digital business, even the most offline businesses you can think of, including food delivery, in-restaurant dining, bricks-and-mortar retail, and naturally, haircuts. We discuss the disparate, interconnected systems required to make this happen and the fragility of this new digital world.
2022-01-0711 min
Root Causes: A PKI and Security PodcastRoot Causes 162: What Is Sideloading?In a recent interview Tim Cook took a strong stance against application sideloading as a danger to mobile devices. In this episode we explain sideloading, its potential dangers, and the underlying motivators behind the sideloading debate.
2021-04-2113 min
Root Causes: A PKI and Security PodcastRoot Causes 127: What Does a Chief Compliance Officer at a Public CA Do?Our co-host Tim Callan has changed his title to Chief Compliance Officer. Join him and co-host Jason Soroko as they discuss what compliance means at a public Certificate Authority (CA) like Sectigo and what the Chief Compliance Officer does.
2020-11-0514 minRoot Causes: A PKI and Security PodcastRoot Causes 127: What Does a Chief Compliance Officer at a Public CA Do?Our co-host Tim Callan has changed his title to Chief Compliance Officer. Join him and co-host Jason Soroko as they discuss what compliance means at a public Certificate Authority (CA) like Sectigo and what the Chief Compliance Officer does.
2020-11-0514 minRoot Causes: A PKI and Security PodcastRoot Causes 118: Quantum Apocalypse - What Is a Hybrid Certificate?As part of its quantum safe initiative, Sectigo is now offering its Quantum Safe Kit, which enables the creation of hybrid TLS certificates. In this episode our hosts are joined by guest Alan Grau to explain what hybrid certificates are, how they are essential to transitioning to quantum-safe crypto, and the ways enterprises can begin using them today.
2020-09-0723 minRoot Causes: A PKI and Security PodcastRoot Causes 117: Why Default Deny Matters to the CA/Browser ForumThis year the CA/Browser Forum has put considerable discussion into the concept of "default deny." It's a philosophy for how to interpret potential ambiguities in existing guidelines for public certificates, and how you land on the default-deny question can have a significant impact on how you interpret the rules. Join our hosts as they describe this debate and its potential impact on public certificates.
2020-09-0419 minRoot Causes: A PKI and Security PodcastRoot Causes 116: Ripple20 Exposes TCP/IP Vulnerabilities for IoTRipple20 is a recently announced set of documented vulnerabilities in the early Treck TCP/IP stack, a popular choice for early IoT devices. Our hosts are joined by guest Alan Grau, who explains the significance of these vulnerabilities, the difficulties in dealing with them, and how we can improve to avoid these problems in the future.
2020-08-3014 minRoot Causes: A PKI and Security PodcastRoot Causes 115: Signed HTTP Exchange (SXG) CertificatesAccelerated Mobile Pages, or AMP, is a Google standard for packaging web content for consistent and usable display on mobile devices. SXG certificates enable the display of the original publisher's authenticated URL in the mobile reader. Join us as we explain the potential benefits of SXG to readers and content publishers.
2020-08-2711 minRoot Causes: A PKI and Security PodcastRoot Causes 114: Is Quantum Computing a Threat to SHA-2?Quantum computers' threat to standardized encryption algorithms RSA and ECC has been much discussed. But what about our hashing algorithms? Do quantum computers pose a similar threat to SHA-2? Join our hosts as they discuss the difference between Shor's Algorithms and Grover's Algorithm, which applies to each part of cryptography, and how significant quantum computing will be for each.
2020-08-2111 minRoot Causes: A PKI and Security PodcastRoot Causes 113: What Is Certificate Pinning?Certificate pinning is the practice of coding software to demand the presence of a specific certificate brand or root in order to function correctly. Though once considered a legitimate security option, certificate pinning is widely discredited because it carries unacceptable certificate agility costs. Join our hosts as they explain what certificate pinning is, how it came about, and why nearly all developers should avoid certificate pinning today.
2020-08-1817 minRoot Causes: A PKI and Security PodcastRoot Causes 112: Introducing Sectigo Quantum LabsFor more than a year Sectigo has been providing the market with information to understand what we all must do to change our cryptography to prepare for quantum computers. Now Sectigo has announced Sectigo Quantum Labs, a destination for education on quantum-safe certificates (QSC) and our Quantum-Safe Kit, which allows enterprises to create their own hybrid quantum-safe certs. Join us as we articulate what Sectigo Quantum Labs has to offer you.
2020-08-1313 minRoot Causes: A PKI and Security PodcastRoot Causes 111: Secure Data InterconnectsDistributed data centers are extremely common in today's computing environments. Unencrypted replication of data across these centers leaves data open to theft. Nonetheless, existing systems and software leave that possibility open, and sometimes data replication occurs in the clear. Our hosts explain how this situation can come about and what to do about it.
2020-08-1012 minRoot Causes: A PKI and Security PodcastRoot Causes 110: Single-domain, Multi-domain, and Wildcard SSL CertificatesWhen you obtain an SSL certificate, you can choose between single-domain, multi-domain, and wildcard certificates. Join our hosts as they explain the different domain spaces available with TLS certificates and the pros and cons of each approach.
2020-08-0623 minRoot Causes: A PKI and Security PodcastRoot Causes 109: Examining MFA Through Phone-based SMSSMS-based one time password (OTP) is a very commonly used form of multi-factor authentication (MFA). That's because it's fast and inexpensive to roll out to users. Unfortunately it is deeply vulnerable to a set of well-defined attacks. In this episode our hosts explain why SMS MFA became so popular and how this outdated MFA scheme fails to provide the security expected by those who use it.
2020-07-2915 minRoot Causes: A PKI and Security PodcastRoot Causes 108: Why Do Certificates Expire?Root expirations occasionally make headlines by breaking systems, but it's a fact that certificates are expiring every day, each a potential outage waiting to happen. So why do certificates expire in the first place? Join our hosts as they discuss the reasons for expiration, its advantages over other mechanisms like revocation, and the right amount of time for a certificate to last.
2020-07-2419 minRoot Causes: A PKI and Security PodcastRoot Causes 107: IoT Security Baseline Requirements from ETSIETSI has published its new Baseline Requirements for consumer IoT device security, which includes a number of provisions directly related to encryption, strong identity, and device software integrity. Join our hosts as they describe the PKI-related portions of the new ETSI requirements and why they are valuable for security.
2020-07-2020 minRoot Causes: A PKI and Security PodcastRoot Causes 106: Massive Intermediate Certificate Distrust Is on the WayA recently identified and widespread configuration error has created a situation where, with the wrong attack on certain public roots, certificates could become essentially unrevokable. As a consequence, 14 public CAs will have to revoke their OCSP certificates, many of which are also intermediates, and permanently discontinue use of their keys. That leaves millions of active TLS, S/MIME, code signing, and document signing certificates in need of immediate replacement or they will be distrusted. Join our hosts as they explain what the problem is and what messy cleanup will be required to address these problems.
2020-07-1426 minRoot Causes: A PKI and Security PodcastRoot Causes 105: TOR, How and WhyMany people know that TOR is a browser used for anonymous online activity, but most of us don't know much more than that. In this episode our hosts explain how the TOR network operates, what its potential value is, and how TOR compares to a VPN.
2020-07-0820 minRoot Causes: A PKI and Security PodcastRoot Causes 104: 21 PKI Pitfalls to AvoidOur hosts often discuss the idea of errors in PKI implementations and the potential negative consequences for organizations. In this episode they categorize twenty-one PKI pitfalls to avoid according to five main categories of error: certificate problems, deployment problems, systemic security problems, governance problems, and visibility problems. Join us for a crisp description of these twenty-one pitfalls so you can be on the lookout for them.
2020-07-0628 minRoot Causes: A PKI and Security PodcastRoot Causes 103: Work-from-Home IT Impact StudyThe need to suddenly enable nearly 100% of information workers for secure, productive work-from-home was a curve ball for IT departments to deal with around the world. Sectigo recently released the results of a commissioned survey of 500 IT professionals about the impact of widespread WFH requirements on IT departments, roadmaps, security, and employee productivity. In this episode our hosts go over the biggest findings from this study.
2020-06-2916 minRoot Causes: A PKI and Security PodcastRoot Causes 102: Lawful Access to Encrypted Data ActA newly proposed US Senate bill called the Lawful Access to Encrypted Data Act would require service providers and device manufacturers to provide access to encrypted data based on a valid warrant. In this episode our hosts explain the bill's contents and some of the opportunities and pitfalls it presents.
2020-06-2615 minRoot Causes: A PKI and Security PodcastRoot Causes 101: Google RCS Chat with End-to-End EncryptionGoogle has just announced the coming availability of end-to-end encryption for its chat service. In this episode our hosts describe the spectrum of potential protection within the capabilities we call end-to-end encryption, including forward secrecy and durability of keys.
2020-06-2114 minRoot Causes: A PKI and Security PodcastRoot Causes 100: OpenSSH Deprecates SHA-1Once widely used, SHA-1 is considered insecure today and has been deprecated from the most common PKI use cases. OpenSSH recently provided a roadmap to its eventual deprecation of SHA-1. Join our hosts as they discuss the long, complex process of sunsetting a widely used cryptographic practice, the factors that contribute to these practices continuing beyond their secure lifespans, and the importance of crypto agility.
2020-06-1511 minRoot Causes: A PKI and Security PodcastRoot Causes 99: AddTrust Root Expiration ExplainedThe recent expiration of Sectigo's AddTrust legacy root caused some systems to stop working and forced some admins to keep working over the weekend until all was fixed. In this episode we explain roots, root expirations, why they are a non event for most users, and why sometimes an expiration can be more impactful.
2020-06-1228 minRoot Causes: A PKI and Security PodcastRoot Causes 98: DMARC and Verified Mark Certificates for EmailA new kind of identity certificate is coming that will enable businesses to include their logos in official email they send in order to improve customer confidence and protect against phishing. It is called a Verified Mark Certificate (VMC) and is built upon the DMARC standard, which controls which senders are allowed to send email using any given From address. In this episode our hosts explain VMCs and DMARC and how they will be used and then discuss where they fit in with S/MIME email certificates.
2020-06-0812 minRoot Causes: A PKI and Security PodcastRoot Causes 97: Firefox to Deprecate Support for FTPMozilla has announced its intention to remove support for FTP from the Firefox browser, citing concerns about security and the degree of effort required to keep this functionality current. Join our hosts as they discuss this announcement and its potential effects as well as the considerations that go into choosing when to drop support for outdated, unpopular, or sub-optimal capabilities in technology products.
2020-06-0411 minRoot Causes: A PKI and Security PodcastRoot Causes 96: Signal May Leave the USA to Protect Its End-to-End EncryptionCongress's proposed EARN IT act has many industry observers worried about its potential effect on the integrity of encrypted communication. In recent news, secure communication app Signal has floated the idea of relocating outside the United States if that's what's required to retain its ability to offer end-to-end encryption without spying eyes interfering.
In this week's episode, we discuss this announcement and related issues surrounding the keeping of digital secrets and encryption.
2020-06-0117 minRoot Causes: A PKI and Security PodcastRoot Causes 95: Cryptographic Key VaultingFor PKI to be secure, private keys need to remain private. In this episode we explain "vaulting" for keys or other shared secrets. We touch on the vulnerabilities that secrets vaulting fights against and the common use cases for vaulting.
2020-05-2812 minRoot Causes: A PKI and Security PodcastRoot Causes 94: Revocation Checking Through OCSP and CRLOne essential portion of the certificate lifecycle is the ability to revoke certificates. Public SSL certificates use a pair of mechanisms to communicate this revocation status to client machines, CRL and OCSP. In this episode we explain how these mechanisms work and some of their strengths and challenges.
2020-05-2623 minRoot Causes: A PKI and Security PodcastRoot Causes 93: Videoconferencing PhishingWith the global workforce's massive shift to work-from-home, a clever new set of opportunistic social engineering attacks has sprung up to take advantage of our unfamiliarity with our new communication and collaboration applications and processes. In this episode our hosts describe these new attacks and what IT departments can do to combat them.
2020-05-2114 minRoot Causes: A PKI and Security PodcastRoot Causes 92: COVID-19 Immunity PassportsAs we plan our societal return to normalcy, a number of people and groups are discussing the concept of an electronic "immunity passport" that individuals can possess if they are known to be immune to COVID-19 (possibly through vaccination or prior infection). Today our hosts discuss the requirements for such an immunity passport, some of the opportunities and challenges in putting this kind of system in place, and how existing schemes and systems may fit into an immunity passport initiative.
2020-05-1821 minRoot Causes: A PKI and Security PodcastRoot Causes 91: Rabobank Banking App OutageAustralia's Rabobank recently experienced an outage preventing its Android banking app from connecting to its servers. The root cause? An expired certificate. In this episode our hosts explain what happened and how it could have been avoided. They also discuss certificate pinning, how it came to be used with apps like this one, and its disadvantages.
2020-05-1312 minRoot Causes: A PKI and Security PodcastRoot Causes 90: An Analysis of Distributed PKIDistributed PKI is a new approach, with advocates saying it will eliminate many weaknesses they perceive with traditional, hierarchical PKI architecture. Guest Alan Grau joins our hosts at they explain how distributed PKI works, describe its proclaimed benefits, and take a hard look at whether or not these claims hold up.
2020-05-1024 minRoot Causes: A PKI and Security PodcastRoot Causes 89: PKI's Role in Zero Trust"Zero Trust" is an IT security philosophy that maximizes protection from threats by tightly controlling access and permissions for every individual, device, and process in the organization's environment. Learn how digital identity and certificates play a key role in operating a secure Zero Trust strategy.
2020-05-0720 minRoot Causes: A PKI and Security PodcastRoot Causes 88: PKI and BlockchainMany observers notice similarities between PKI and blockchain, including their applicability to secure digital systems and their ability to enable authentic information and non-repudiation in an electronic environment. Join our hosts and expert guest Alan Grau as they go over the similarities and differences between PKI and blockchain, explain the qualities of a good use case for each, and describe how they can complement each other.
2020-05-0413 minRoot Causes: A PKI and Security PodcastRoot Causes 87: Zoom's (Not) End-to-End EncryptionWith lockdowns and working from home the norm, a great deal of attention has been paid to video conferencing technology. In particular, Zoom has claimed to offer end-to-end encryption while in fact it does not, making headlines across media of all sorts. In this episode our hosts explain what end-to-end encryption is and why the distinction is important for a service like Zoom.
2020-04-3017 minRoot Causes: A PKI and Security PodcastRoot Causes 86: SSH KeysSSH keys are essential for controlling access to production infrastructure. Our hosts are joined by repeat guest David Colon to discuss how SSH keys are used in contemporary computing environments, what risks they carry with them, and tips for IT professionals to use SSH keys easily and securely.
2020-04-2718 minRoot Causes: A PKI and Security PodcastRoot Causes 85: Automotive Key Fobs and CryptographyRecent headlines have unveiled high profile attacks against automobile key fobs. Such an attack is potentially huge since successfully mimicking these fobs can yield complete access to an automobile's capabilities. Our hosts are joined by repeat guest Alan Grau as they describe the cryptographic architecture of a modern automotive key fob, how these attacks take place, and what automobile manufacturers can do about it.
2020-04-2316 minRoot Causes: A PKI and Security PodcastRoot Causes 84: What Is DNS over HTTPS?DNS over HTTPS is a capability whereby DNS lookups can be encrypted to defend against certain man-in-the-middle attacks as well as protecting information about web usage from being revealed to third parties. In this episode our hosts explain DNS over HTTPS, it potential uses, and how it works. They also explain some of the controversy and potential concerns that have been raised with this approach.
2020-04-2008 minRoot Causes: A PKI and Security PodcastRoot Causes 83: Quantum Apocalypse - Does COVID-19 Change the Z DateLock downs and work-from-home requirements have disrupted the efficiency of operations in all walks of industry, including academics and advanced computing research. In this episode our hosts debate if and how the pandemic's disruptive nature might change the date on which quantum computers are able to defeat today's encryption.
2020-04-1625 minRoot Causes: A PKI and Security PodcastRoot Causes 82: The Death of the Hard TokenPeople are working from home in unprecedented numbers, which means that companies need to find ways for them to connect securely. Some will consider hard tokens as an option. In this episode our hosts give a frank assessment of the difficulty that hard tokens present for the modern remote workforce, along with some of the other available options that are likely to serve the enterprise better.
2020-04-1316 minRoot Causes: A PKI and Security PodcastRoot Causes 81: What Is Embedded Firewall?Security for IoT devices depends not only on establishing strong identity mechanisms for devices and the services they connect to but also in ensuring the ongoing integrity of device operations. In this episode our hosts are joined by guest Alan Grau to explain what an embedded firewall is and how it aids security for connected devices.
2020-04-0614 minRoot Causes: A PKI and Security PodcastRoot Causes 80: The Pros and Cons of VPNsWith the sudden, meteoric increase in remote workers, many IT professionals are looking at VPN as a method of keeping them secure. Join our hosts as they discuss the advantages and disadvantages of VPNs, and what to look out for.
2020-04-0216 minRoot Causes: A PKI and Security PodcastRoot Causes 79: Firefox Reinstates Support for Deprecated TLS VersionsTo enable broadest possible access to valuable information about the COVID-19 epidemic, Firefox has chosen to reinstate support for web sites using TLS 1.0 and 1.1. Join us to learn about this move, why Firefox has made it, and what that says about the state of web site security today.
2020-03-3011 minRoot Causes: A PKI and Security PodcastRoot Causes 78: Extended Validation Certificates and the Dark WebNew research presented at RSA Security Expo indicates that at least one party is using online criminal marketplaces to sell a package of a newly-created business and at least one Extended Validation SSL certificate to go with it. Join our hosts as they explain what the research says and talk about the potential criminal use cases for a bundle like this one.
2020-03-2614 minRoot Causes: A PKI and Security PodcastRoot Causes 77: Certificates for Public CloudAs a convenience to customers and a competitive differentiator, public cloud services such as AWS offer TLS certificates for use in their environments. Join our hosts as they explain this practice, how these certificates can be used, and which use cases and environments will not work with TLS certificates from public cloud vendors.
2020-03-2309 minRoot Causes: A PKI and Security PodcastRoot Causes 76: Implications of COVID-19 for PKICOVID-19 is rocking all aspects of our daily and business lives. So what are the implications of lock-downs, office closures, and high employee absenteeism on the PKI world? Our hosts explore the implications of our new post-pandemic work culture on business continuity and security, and how PKI fits into this new way of working
2020-03-2026 minRoot Causes: A PKI and Security PodcastRoot Causes 75: Sectigo's COVID-19 ReadinessAs measures move into place throughout society to flatten the curve of COVID-19's spread, it is important to understand the potential effects of lock downs, school closures, and work-from-home mandates on the critical systems that keep our digital world running. Sectigo has conducted an internal audit of its business continuity and disaster recovery plans in light of the specifics of the ongoing pandemic, and we remain confident in our ongoing operation without material disruption through the present crisis. In this episode our hosts go over the results of Sectigo's COVID-19 readiness audit and what customers can expect in the...
2020-03-1804 minRoot Causes: A PKI and Security PodcastRoot Causes 74: Device and Network AccessCertificates can play a critical role in enabling and controlling access for users and devices to our sensitive business processes and data. Our hosts are joined once again by David Colon as we explore the role certificates play in providing network access and permissions, including some best practices.
2020-03-1714 minRoot Causes: A PKI and Security PodcastRoot Causes 73: Apple to Drop Support for Two-year SSL CertificatesAt the most recent Face-to-Face meeting of the CA/Browser Forum, Apple announced that as of September 1 it will distrust public TLS certificates issued with terms longer than thirteen months for all its technology products. Join our hosts as they discuss this change, its affect on the ecosystem, and what you need to do to prepare for one-year SSL certificates.
2020-03-1320 minRoot Causes: A PKI and Security PodcastRoot Causes 72: Future-proofing Your PKIFormer CableLabs CIO and Kyrio President and General Manager Mitch Ashley joins our hosts to discuss how to set up a PKI system that will meet your needs for many years to come. Mitch is now CEO of Accelerated Strategies Group, a disruptive analyst firm focused on cybersecurity, devops and cloud. We discuss the differing attitudes, pain points, and processes of device manufacturers versus service providers. Mitch explains how the overall qualities of the ecosystem affect PKI, ensuring extensibility and auditability, and how to project your PKI needs into the future ten or twenty years from today.
2020-03-0934 minRoot Causes: A PKI and Security PodcastRoot Causes 71: Short Lived DevOps CertificatesRepeat guest and DevOps expert David Colon joins us again to discuss identity for microservices, including the use of very short-lived TLS certificates. David and our hosts explore the unique properties of PKI in these environments and describe how to find the optimal term for a container certificate.
2020-03-0621 minRoot Causes: A PKI and Security PodcastRoot Causes 70: Identity Is the New PerimeterModern architectures and development processes have shattered the old concept of an IT perimeter for the enterprise. In this world, attaching strong identity to every device, user, and process is essential to security. In this episode our hosts describe this challenge and discuss the pros and cons of various identity schemes.
2020-03-0427 minRoot Causes: A PKI and Security PodcastRoot Causes 69: Fundamentals of DevOps and PKIIn our ongoing series on DevOps and PKI, DevOps practitioner David Colon joins us to help describe the intersection of DevOps security and PKI. We explore how PKI fits in with orchestration engines like Kubernetes and some of the practical considerations in securely using keys in such environments.
2020-02-2822 minRoot Causes: A PKI and Security PodcastRoot Causes 68: Why SHA-1 Is No Longer SecureSHA-1 was a cornerstone of the early secure web. Now, 25 years later, this hashing function is no longer secure. Join our hosts to hear the history of SHA-1, its common use cases, and the properties of an effective hashing function. Learn about collision attacks and why they matter. Find out the reasons SHA-1 is still in use and why it is no longer secure in today's computing world.
2020-02-2331 minRoot Causes: A PKI and Security PodcastRoot Causes 67: Definition of DevOps and DevSecOpsOur hosts are joined by senior DevOps engineer David Colon to explore what DevOps means in today's enterprise. They cover diverse aspects of the DevOps phenomenon, including cultural implications, "configuration drift," definition of release velocity, and DevSecOps. Plus of course how DevSecOps intersects with PKI.
2020-02-2122 minRoot Causes: A PKI and Security PodcastRoot Causes 66: Functional Versus Homomorphic EncryptionTraditionally, file encryption is an all-or-nothing affair where data cannot be gleaned from the encrypted file without fully decrypting its contents. A new brand of cryptography called homomorphic encryption makes it possible for specific types of data to be read from a file while the rest of it remains encrypted. Join our hosts as they explain this new technology approach and its possible implications and use cases.
2020-02-1815 minRoot Causes: A PKI and Security PodcastRoot Causes 65: Quantum Key DistributionQuantum key distribution is a new technology that uses the principles of quantum physics to generate and distribute truly random keys for encrypted communication. Join us as we explain how quantum key distribution works, why it is not the same as quantum safe cryptography, and which cases it may be useful for.
2020-02-1018 minRoot Causes: A PKI and Security PodcastRoot Causes 64: What Is Digital Identity?The phrase "identity is the new perimeter" has gained in use of late, reflecting the reality that today's modern enterprise architecture is a mix of traditional and cloud, owned and rented and BYOD, all together in a complex mix. Under those circumstances identity is key to determine which digital entities have which permissions. But what do we mean when we say identity? Join our hosts as they explain the concepts behind digital identity, how they compare to our offline ideas around identity, and how these ideas shape computer security.
2020-02-0429 min
Root Causes: A PKI and Security PodcastRoot Causes 63: What Is CAA?CAA, which stands for CA Authentication, is the capability for the domain name owner to specify in DNS which CAs are allowed to issue SSL certificates for a specific domain. Join us to learn more about CAA, including how it works and its potential benefits to businesses.
2020-01-2709 min
Root Causes: A PKI and Security PodcastRoot Causes 62: Windows CryptoAPI Spoofing Vulnerability ExplainedOn January 14 Microsoft announced a sweeping vulnerability that makes it possible to defeat the authentication of Elliptic Curve Cryptography (ECC) on Windows 10 and Windows Server systems, making it possible to create fake certificates on trusted roots that will fool these systems. Join our hosts and guest Nick France, CTO of SSL at Sectigo, as we explain this vulnerability, how it could be used in exploits, and what must be done to address it.
2020-01-2218 min
Root Causes: A PKI and Security PodcastRoot Causes 61: Anatomy of a CryptocurrencyIn our ongoing series about blockchain, we explore the technology, process, and ecosystem needs for a successful cryptocurrency. Join our hosts along with expert guest Alan Grau as we discuss the technology and ecosystem specifics of cryptocurrencies, including blockchain and PKI.
2020-01-1031 min
Root Causes: A PKI and Security PodcastRoot Causes 60: Fundamentals of BlockchainWidely understood to be the technology behind popular crypto currencies, blockchain has become a household word. But what it blockchain really, and how does it work? Join our hosts and returning guest Alan Grau as they explain how blockchain functions, its strengths and weaknesses, and some of the other potential applications for this technology.
2020-01-0621 min
Root Causes: A PKI and Security PodcastRoot Causes 59: What Is Certificate Transparency?Certificate Transparency (CT) is a recent and important development in the world of SSL certificates. Popular browsers require trusted CAs to log all SSL certificates to publicly available CT Logs. Join our hosts to find out how various parties are using CT Logs to learn about CA behavior and SSL usage patterns and to improve the overall quality of public trust.
2019-12-2821 min
Root Causes: A PKI and Security PodcastRoot Causes 58: 2019 Lookback - One Year of PodcastingNearly a year ago our hosts launched Root Causes to provide a forum for discussion of the issues surrounding the critically important PKI technology. Now at the end of 2019 we discuss how this podcast has taken shape, how that compares to our original expectations, and what we are looking forward to in 2020.
2019-12-1413 min
Root Causes: A PKI and Security PodcastRoot Causes 57: Quantum Random Number GenerationRandom number generation is an essential part of successful cryptography. Quantum computers offer to improve this niche technology industry. Join our hosts to learn what quantum random number generators (qRNGs) are, how they stand to improve cryptography and other computing functions, and how they tie into post-quantum cryptography (or don't).
2019-12-1018 min
Root Causes: A PKI and Security PodcastRoot Causes 56: 2019 Lookback - Evolving Cryptography2019 saw important changes in the world's cryptographic standards, including changes in browser treatment of SSL certificates, the removal of a public CA from trusted root stores, widespread serial number entropy problems across many CAs, and progress in building quantum-resistant PKI. Join our hosts as they detail these going-on and others and talk about what 2020 may hold in terms of evolving cryptography.
2019-12-0823 min
Root Causes: A PKI and Security PodcastRoot Causes 55: California's New IoT Security LawCalifornia Senate Bill 327 (SB-327) goes into effect January 1, 2020. This groundbreaking ordinance requires basic security measures for devices deployed in California. Join us to learn what SB-327 requires from device manufacturers, which threats it protects against, and how this ordinance is leading the way toward stronger IoT security practices.
2019-12-0422 min
Root Causes: A PKI and Security PodcastRoot Causes 35: Quantum Apocalypse - Mosca's Inequality, Mad Max, and MohawksQuantum computers have the potential to defeat the RSA and ECC encryption underlying our digital world. We must swap out these algorithms before quantum computers reach that stage of maturity. But how long to we have? Join our hosts Tim Callan and Jason Soroko as they explain how to calculate the ominously named "Z date," the possible consequences of missing that deadline, and potential hairstyles for a post-apocalyptic world.
2019-08-2719 min