Root Causes: A PKI and Security Podcast

Tim Callan and Jason Soroko

Digital certificate industry veterans Tim Callan …

  • 10 minutes 55 seconds
    Root Causes 587: AI Orchestration for Attackers
    Jason describes a recent intrusion almost entirely operated by off-the-shelf AI tools. This is an important milestone in security. We describe its potential consequences.
    2 March 2026, 5:47 pm
  • 8 minutes 39 seconds
    Root Causes 586: Beyond Harvest Now Decrypt Later
    We expand on the concept of trust-now-forge-later to list a whole bevy of additional attacks that eventually will be enabled by cryptographically relevant quantum computers.
    27 February 2026, 12:00 am
  • 8 minutes 54 seconds
    Root Causes 585: The Cryptographic Inventory Manifesto
    We all love a good manifesto! Jason spells out the ten principles of the Cryptographic Inventory Manifesto, and we discuss.
    25 February 2026, 12:00 am
  • 20 minutes 38 seconds
    Root Causes 584: Mapping DORA to CLM
    We look at the new European DORA and NIS2 regulations and how Certificate Lifecycle Management is a key requirement to meet these requirements. You will be surprised how explicit these requirements are.
    23 February 2026, 12:00 am
  • 10 minutes 51 seconds
    Root Causes 583: AI Versus ECC P 256

    Recorded in Ottawa Ontario.

    20 February 2026, 12:00 am
  • 14 minutes 11 seconds
    Root Causes 582: New Research Drastically Cuts Number of Qubits for Cryptographic Relevance

    New research indicates that the number of qubits necessary to achieve cryptographic relevance has reduced by two orders of magnitude. We cover this breaking news and its implications.

    17 February 2026, 12:00 am
  • 13 minutes 9 seconds
    Root Causes 581: A Timeline for Deprecation of Manual DCV Methods

    By CABF ballot all manual methods of Domain Control Validation (DCV) will be deprecated by 2028. We explain which methods are due for deprecation and when.

    15 February 2026, 12:00 am
  • 12 minutes 47 seconds
    Root Causes 580: Top Use Cases for Hybrid Certificates

    We go over the qualities in abstract of a use case that strongly invites the use of hybrid certificates and then run down a list of specific use cases that meet these criteria. This includes OT systems, code signing, secure boot, WiFi, enterprise S/MIME, and more.

    13 February 2026, 8:01 pm
  • 17 minutes 44 seconds
    Root Causes 579: Make Cryptography Boring Again

    In this episode Jason declares that we must make cryptography boring again. We get into what that means and why it matters.

    10 February 2026, 12:00 am
  • 10 minutes 10 seconds
    Root Causes 578: 200 Days Won't Actually Be 200 Days

    We have seen much talk of the upcoming drop of maximum TLS term to 200 days, followed by 100 days, and eventually down to 47 days. It happens that all those numbers are too large and the actual maxima will be less than that. We explain.

    9 February 2026, 12:00 am
  • 10 minutes 5 seconds
    Root Causes 577: All the Stuff That's Coming in March

    March 2026 is due to be the most eventful month in the history of the WebPKI. Join us as we go over all the many changes coming next month.

    6 February 2026, 12:00 am
  • More Episodes? Get the App