Claim OwnershipRoot Causes: A PKI and Security Podcast
Subscribed: 37Played: 2,839
Subscribe
© All rights reserved
Description
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.
394 Episodes
Reverse
Chrome's recent 124 release supports PQC algorithms from NIST. This has led to the discovery of software and systems that break under these circumstances. We explain what happened, why, and what to do about it.
In the most recent CA/Browser Forum face-to-face meeting, the Google Chrome root program gave a presentation clearly defining its expectations for quality of incident reporting from CAs with an eye to where many CAs have been failing. We relate Chromium's statements and their significance.
Cloudflare research engineer Bas Westerbaan joins us to share his observations about post-quantum cryptography and what it does in the real world. We talk about the pragmatic needs of moving the internet for PQC and speculate about timelines for availability of PQC certificates.
A root trust deprecation highlights new Chrome functionality that enables more agile and less disruptive distrust events. We explain the significant of this event.
Jason and I do our annual RSA wrap-up. Trending segments include AI, Trust Centers, MFA, PQC, and more.
These days we frequently discuss "the WebPKI." But what does that really mean? In this episode we define the term and explain how this definition evolved over time. We give an inventory of a main components of the WebPKI and discuss what's required to become a CA.
We take a deep dive with return guest Bruno Coulliard on HSMs and the role they play in post-quantum cryptography (PQC).
Recent court documents reveal that in 2016 Meta (then Facebook) set up a system to get around encryption and spy on traffic between its users and competing social media platforms. We explain what happened.
We discuss misuse of wildcard certificates, failure to revoke on time, and how these two failures magnify each other.
Jason has a new title, Senior Fellow. In this episode Jason explains what his new focus will be and how this will be good for Root Causes.
An epidemic of delayed revocations has infected the public CA community. We track delayed revocations since the beginning of 2021, examine the trend line, and discuss root causes.
New malware photographs users' faces to defeat authentication mechanisms. We explain the that biometrics are not "secrets" and discuss the continuing progression of attacks to steal biometrics.
A newly revealed side channel attack enables theft of private keys from M-series Apple chips. We explain.
Repeat guest Bruno Coulliard gives us an update on the US government's migration to post-quantum cryptography (PQC). We talk about the challenges to migration, the possibility of a black swan event in achieving quantum supremacy, and what happens if we all respond by pressing the "panic button" at the same time.
Inexpensive and easily obtained deepfake photographs of IDs, generated by AI, are available online. These pose a problem for KYC initiatives.
In the latest in our ongoing series of discussions of the Bugzilla Bloodbath, we delve deep into the problem of failure to revoke on time and the multiple causes that lead to this ongoing failure. And what to do about them.
If you issue public certificates that are fully compliant except that they do not reflect what your CPS says, are they misissued? Do they require revocation? This is a question with real stakes as we see multiple current instances of a CA denying revocation for that reason. In this episode we explore this issue.
Gartner has released a new framework for Certificate Lifecycle Management, called the Seven Core Functions of Certificate Automation. We walk through this framework and answer how it fits in with our own Five Pillars of CLM.
In this guest episode we discuss name space hygiene with Geir Rasmussen, founder of NodeZro. CNAMEs, SPF, DMARC, name server entries, and other DNS identifiers, left unattended, can expose companies to identity-based attacks. We lay out the steps in addressing name space cleanup.
NIST Cyber Security Framework version 2.0 is released. It includes guidance on identity management and authentication. In this first episode of a series, we describe this framework's basic structure and its effect on industry.
Comments
Download from Google Play
Download from App Store
United States