Claim OwnershipRoot Causes: A PKI and Security Podcast
Subscribed: 62Played: 5,341
Subscribe
© All rights reserved
Description
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.
597 Episodes
Reverse
Microsoft has publicly stated that it will hand over Bitlocker keys to US law enforcement agencies without requiring a subpoena or court order. These keys can be held by users rather than Microsoft, at their option. We dive into this topic.
We usually think of Certificate Lifecycle Management (CLM) as a security category. But we could equally well categorize it as an operations category that enables uptime. In this episode we make our case.
We introduce the concept of a "digital parasite," explaining why this attack philosophy appears to be on the rise.
In a recent blog post Google made five recommendations for policy makers. We walk down the list.
CISA (Cybersecurity and Infrastructure Security Agency) has released new guidance about post-quantum cryptography in critical infrastructure, including some very sobering warnings. We go into the details.
CAA records exist to restrict issuing CAs for a given domain to as few as one CA. But what happens when the CAA record outlives the CA to which it restricts issuance? Join us to find out.
Chrome's deadline for deprecation of the clientAuth EKU and mTLS in public certificates has moved out. We give you the what, when, and why.
It would be easy to believe that the amount of risk posed to the WebPKI by any individual public CA is somehow proportional to the number of active certificates that CA has. This is false, however. In this episode we address this misconception.
We recently heard the argument that it's simply too expensive to develop a cryptographically relevant quantum computer. We vehemently disagree. In this episode we explain why.
In this episode Tim explains that the transition to PQC is not just a change in cryptographic algorithms but also a fundamental shift in how we treat our cryptography. From here on out, IT systems need to be fundamentally crypto agile in a way we've never had to be before. Cryptographic Agility is the key to solve this problem.
YouTube video version of this episode
https://youtu.be/-wMy3rPV1Lg
We expand on the concept of trust-now-forge-later to list a whole bevy of additional attacks that eventually will be enabled by cryptographically relevant quantum computers.
We all love a good manifesto! Jason spells out the ten principles of the Cryptographic Inventory Manifesto, and we discuss.
We look at the new European DORA and NIS2 regulations and how Certificate Lifecycle Management is a key requirement to meet these requirements. You will be surprised how explicit these requirements are.
Recorded in Ottawa Ontario.
New research indicates that the number of qubits necessary to achieve cryptographic relevance has reduced by two orders of magnitude. We cover this breaking news and its implications.
By CABF ballot all manual methods of Domain Control Validation (DCV) will be deprecated by 2028. We explain which methods are due for deprecation and when.
We go over the qualities in abstract of a use case that strongly invites the use of hybrid certificates and then run down a list of specific use cases that meet these criteria. This includes OT systems, code signing, secure boot, WiFi, enterprise S/MIME, and more.
In this episode Jason declares that we must make cryptography boring again. We get into what that means and why it matters.
We have seen much talk of the upcoming drop of maximum TLS term to 200 days, followed by 100 days, and eventually down to 47 days. It happens that all those numbers are too large and the actual maxima will be less than that. We explain.
Comments
Download from Google Play
Download from App Store
United States