Claim OwnershipRoot Causes: A PKI and Security Podcast
Subscribed: 57Played: 4,829
Subscribe
© All rights reserved
Description
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject matter expert) will help you stay current on developments in this essential technology platform and to understand the whys and wherefores of popular Public Key Infrastructures.
551 Episodes
Reverse
Jason explores the role cryptography and trust systems play in the command and control of groups of autonomous drone systems.
Certificate maximum term is shrinking. In this episode we examine exactly how short they could get.
In our ongoing series on AI in 1000 days, we describe the inevitable, complete distrust of voice printing as an authentication method, including why and what we think will happen.
We begin a new series about what we expect from AI in the next three years. In this episode we discuss AI emulating emotional intelligence and its benefits.
In this episode we discuss the value for enterprises in running mass revocation drills and compare the merits of tabletop exercises versus voluntary revocation events.
We are joined by guests Pol Holzmer and Johannes Sedlmeir to describe their recent research that documents and organizes public arguments made about QWAC certificates. You can find this research at https://orbilu.uni.lu/handle/10993/66334.
The MOSH tool aids the use of SSH-secured sessions, especially across different systems. Jason unpacks the security of this system and how it uses encryption and shared secrets.
Chain of lure is an attack method used to circumvent restrictions and boundaries placed on AIs. Jason explains this attack and its implications.
We have seen the first known instance of an AI tool discovering a zero-day vulnerability. This could have vast implications on vulnerability detection and bug bounty programs. We discuss the implications.
In this episode we go over some of the reasons one might choose HQC over ML-KEM as a PQC key exchange algorithm for specific circumstances. And we discuss the future diversity of cryptography.
NIST recently selected a second Key Exchange Module (KEM) among the PQC algorithms, HQC. We explain this code-based algorithm.
We define Cryptographic Bill of Materials (CBOM), which is more than a list of your cryptography and where it is. A CBOM need also include information about the PQC readiness of environments, availability of updates, and the importance of secrets.
A new kind of eIDAS QWAC (Qualifieid Website Authentication Certificate) is on the way. The "two-QWAC architecture" introduces a second certificate containing organization information to be displayed by the browser, to sit alongside but independent of the certificate that authenticates a domain. We explain what's coming and why.
An environment in which credentials are extremely predictable could be described as an entropy desert. There are occurring at a global scale. We discuss concepts like measurable entropy availability and entropy by design.
In this episode we build on our concept of entropy-aware guidance to explain how we might quantify privacy. We touch on GDPR, proof of work, and Landaur's principle.
A patent dispute in 2024 nearly blocked ML-KEM. But emerging thinking raises concern that the 2024 resolution did not guarantee full, clear access to all ML-KEM implementations. We explain.
The CPS must always be a superset of actual practices in a properly running CA. We explain why this is a product of good design.
Imagine what happens if you use the wrong LLM, including a malicious model placed there to create mischief or crime. How do you know? Jason proposes that, the same way we sign our code, we should be signing our AI models as well.
We discuss how a static PKI structure can hurt corporate flexibility and resilience. Events like reorgs and M&A activity can cause intractable problems with the wrong PKI setup. Plus, Jason coins the term PKI archeology.
In this episode, Jason describes how we might use the principles of PKI in a purely offline scenario.
Comments
Download from Google Play
Download from App Store
United States