Root Causes: A PKI and Security Podcast

Root Causes: A PKI and Security Podcast

Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.

Episodes

Root Causes 543: AI Finds a Zero Day

November 4, 2025 17 mins
We have seen the first known instance of an AI tool discovering a zero-day vulnerability. This could have vast implications on vulnerability detection and bug bounty programs. We discuss the implications.
Mark as Played

Root Causes 542: Use Cases for HQC

November 1, 2025 10 mins
In this episode we go over some of the reasons one might choose HQC over ML-KEM as a PQC key exchange algorithm for specific circumstances. And we discuss the future diversity of cryptography.
Mark as Played

Root Causes 541: Introducing the HQC PQC Algorithm

October 30, 2025 6 mins
NIST recently selected a second Key Exchange Module (KEM) among the PQC algorithms, HQC. We explain this code-based algorithm.
Mark as Played

Root Causes 540: Contextual CBOM

October 26, 2025 11 mins
We define Cryptographic Bill of Materials (CBOM), which is more than a list of your cryptography and where it is. A CBOM need also include information about the PQC readiness of environments, availability of updates, and the importance of secrets.
Mark as Played

Root Causes 539: What Is the Two-QWAC Architecture?

October 21, 2025 20 mins
A new kind of eIDAS QWAC (Qualifieid Website Authentication Certificate) is on the way. The "two-QWAC architecture" introduces a second certificate containing organization information to be displayed by the browser, to sit alongside but independent of the certificate that authenticates a domain. We explain what's coming and why.
Mark as Played

Root Causes 538: What Is an Entropy Desert?

October 19, 2025 9 mins
An environment in which credentials are extremely predictable could be described as an entropy desert. There are occurring at a global scale. We discuss concepts like measurable entropy availability and entropy by design.
Mark as Played

Root Causes 537: The Thermodynamics of Privacy

October 16, 2025 13 mins
In this episode we build on our concept of entropy-aware guidance to explain how we might quantify privacy. We touch on GDPR, proof of work, and Landaur's principle.
Mark as Played

Root Causes 536: Patent Blocker on ML-KEM

October 14, 2025 11 mins
A patent dispute in 2024 nearly blocked ML-KEM. But emerging thinking raises concern that the 2024 resolution did not guarantee full, clear access to all ML-KEM implementations. We explain.
Mark as Played

Root Causes 535: The CPS Is a Superset of Actual Practices

October 11, 2025 10 mins
The CPS must always be a superset of actual practices in a properly running CA. We explain why this is a product of good design.
Mark as Played

Root Causes 534: Signing the Machines That Think

October 10, 2025 8 mins
Imagine what happens if you use the wrong LLM, including a malicious model placed there to create mischief or crime. How do you know? Jason proposes that, the same way we sign our code, we should be signing our AI models as well.
Mark as Played

Root Causes 533: Flexibility Through Multi-CA Trust Models

October 7, 2025 9 mins
We discuss how a static PKI structure can hurt corporate flexibility and resilience. Events like reorgs and M&A activity can cause intractable problems with the wrong PKI setup. Plus, Jason coins the term PKI archeology.
Mark as Played

Root Causes 532: Introducing Offline PKI

October 1, 2025 11 mins
In this episode, Jason describes how we might use the principles of PKI in a purely offline scenario.
Mark as Played

Root Causes 531: Benefits of Single-purpose Root Hierarchies

September 30, 2025 16 mins
Public certificates are transitioning from multi-purpose root hierarchies to single-purpose ones. We discuss why.
Mark as Played

Root Causes 530: Introducing the AI Iceberg

September 28, 2025 18 mins
We compare AI in 2025 to Internet in 1995 and describe the AI iceberg, including the majority of applications which are below the waterline.
Mark as Played

Root Causes 529: What Is a Common Mark Certificate?

September 24, 2025 7 mins
Verified Mark Certificates (VMC) now have a companion product for logos that are not registered trademarks, called a Common Mark Certificate (CMC). We explain the differences.
Mark as Played

Root Causes 528: Misissued SSL Certificate for 1.1.1.1

September 16, 2025 17 mins
A CA has incorrectly issued TLS certificates for the 1.1.1.1 and 2.2.2.2 IP addresses. We go into the details.
Mark as Played

Root Causes 527: Key Dates for the Deprecation of Public mTLS

September 14, 2025 10 mins
Client authentication using public TLS server certificates is on the deprecation path. In this episode we go through the key dates in this deprecation.
Mark as Played

Root Causes 526: Voice Biometrics Are Worthless

September 11, 2025 8 mins
Based on the ready availability of AI-based voice cloning, we declare voice biometric authentication to be utterly valueless.
Mark as Played

Root Causes 525: The End of Email-based DCV

September 9, 2025 10 mins
A new CABF ballot proposal will eliminate all email- and phone-based DCV over the next few years. We go into the details.
Mark as Played

Root Causes 524: How to Kill Three Birds with One Stone

September 7, 2025 12 mins
Three major changes are coming to the world of public certificates, all of which require major changes in how organizations deploy, renew, and manage their certificates. These are 47-day SSL, PQC, and the deprecation of mTLS. We describe the overlap between these efforts and how to combine them for better efficiency and project management.
Mark as Played

Popular Podcasts

    Las Culturistas with Matt Rogers and Bowen Yang

    Las Culturistas with Matt Rogers and Bowen Yang

    Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.

    The Joe Rogan Experience

    The Joe Rogan Experience

    The official podcast of comedian Joe Rogan.

    Stuff You Should Know

    Stuff You Should Know

    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

    The Bobby Bones Show

    The Bobby Bones Show

    Listen to 'The Bobby Bones Show' by downloading the daily full replay.

    Dateline NBC

    Dateline NBC

    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com

Advertise With Us
Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

Explore

iHeart

Live Radio

Podcasts

Artist Radio

Exclusives

News

Features

Events

Contests

Photos

Information

About

Advertise

Blog

Brand Guidelines

Contest Guidelines

Subscription Offers

Jobs

Get the App

Automotive

Home

Mobile

Wearables

© 2025 iHeartMedia, Inc.