Best Voice Biometrics Podcasts (2025)

1
Root Causes 526: Voice Biometrics Are Worthless 8:32

Play Pause

22h ago8:32

8:32

Based on the ready availability of AI-based voice cloning, we declare voice biometric authentication to be utterly valueless.By Tim Callan and Jason Soroko

1
Root Causes 528: Misissued SSL Certificate for 1.1.1.1 17:31

2d ago17:31

17:31

A CA has incorrectly issued TLS certificates for the 1.1.1.1 and 2.2.2.2 IP addresses. We go into the details.By Tim Callan and Jason Soroko

1
Root Causes 527: Key Dates for the Deprecation of Public mTLS 10:25

17h ago10:25

10:25

Client authentication using public TLS server certificates is on the deprecation path. In this episode we go through the key dates in this deprecation.By Tim Callan and Jason Soroko

1
Root Causes 525: The End of Email-based DCV 10:03

23h ago10:03

10:03

A new CABF ballot proposal will eliminate all email- and phone-based DCV over the next few years. We go into the details.By Tim Callan and Jason Soroko

1
Root Causes 524: How to Kill Three Birds with One Stone 12:42

1d ago12:42

12:42

Three major changes are coming to the world of public certificates, all of which require major changes in how organizations deploy, renew, and manage their certificates. These are 47-day SSL, PQC, and the deprecation of mTLS. We describe the overlap between these efforts and how to combine them for better efficiency and project management.…

1
Root Causes 523: Will Your Configuration Block MPIC DCV? 11:16

16d ago11:16

11:16

MPIC (Multi-perspective Issuance Corroboration) is soon to move into enforcement phase. In this episode we describe three configuration decisions that can force Domain Control Validation (DCV) to fail and tell you what to do about them before you have a problem.By Tim Callan and Jason Soroko

1
Root Causes 522: How Prepared Are Enterprises for PQC? (Part 2) 33:28

27d ago33:28

33:28

We complete our description and commentary on the results of Sectigo's survey of enterprise preparedness for Post Quantum Cryptography (PQC).By Tim Callan and Jason Soroko

1
Root Causes 521: How Prepared Are Enterprises for PQC? (Part 1) 32:22

1M ago32:22

32:22

We begin to go over the results of Sectigo's recent survey of enterprises and their preparedness and plans for adopting Post Quantum Cryptography (PQC).By Tim Callan and Jason Soroko

1
Root Causes 520: How Prepared Are IT Teams for 47-day Certificates? 45:05

1M ago45:05

45:05

Sectigo has released the results of its survey of IT professionals in charge of certificates to measure their readiness and preparation for 47-day maximum certificate term. We go over the results.By Tim Callan and Jason Soroko

1
Root Causes 519: AI Is the Room 18:25

1M ago18:25

18:25

AI is not the elephant in the room. It is the room itself. Jason explains what he means by that.By Tim Callan and Jason Soroko

1
Root Causes 518: NCSC Lukewarm on FIDO WebAuthn 16:31

1M ago16:31

16:31

Britain's National Cyber Security Centre recently issued a lukewarm verdict on passkeys as an authentication solution. We explore the problems with WebAuthn, including account recovery, spotty availability, inconsistent implementation, and lack of Linux support.By Tim Callan and Jason Soroko

1
Root Causes 517: The Cost of Quantum Factoring 5:20

2M ago5:20

5:20

Jason walks us through an important recent paper from Google tracking the cost of quantum factoring.By Tim Callan and Jason Soroko

1
Root Causes 516: PQC for ADCS 13:39

2M ago13:39

13:39

Microsoft has finally announced that it will offer an update to Active Directory Certificate Services (ADCS, formerly MSCA) to support post quantum cryptography. We discuss Microsoft's checkered support for ADCS and offer some questions users should be asking.By Tim Callan and Jason Soroko

1
Root Causes 515: What Is Entropy-aware Governance? 14:51

2M ago14:51

14:51

Jason coins the term "entropy-aware governance" to describe the idea of using the degree of entropy it contains to measure the strength of any given secret. This could be an objective, consistent metric that could be applied to standard practices and requirements.By Tim Callan and Jason Soroko

1
Root Causes 514: Diary of an Online Firestorm 12:45

2M ago12:45

12:45

Tim describes how the addition of an item to the CABF face-to-face meeting agenda blew up into a panicked and outraged online thread. We discuss what a more functional response would have looked like.By Tim Callan and Jason Soroko

1
Root Causes 513: Is Revocation the Best Remedy for CPS Misalignment? 12:21

2M ago12:21

12:21

We continue our discussion of CPS misalignment by discussing the reasons for revocation as a remedy, its disadvantages, and the possibility of another solution that provides the same benefits at less cost.By Tim Callan and Jason Soroko

1
Root Causes 512: CPS Versus Practices Misalignment 12:41

3M ago12:41

12:41

We examine the circumstance where otherwise allowed practices are out of alignment with the stated practices in the relevant CPS. We discuss CA transparency and accountability, increased scrutiny of the CPS, and mass revocation.By Tim Callan and Jason Soroko

1
Root Causes 511: The GoML Root Store 15:41

3M ago15:41

15:41

We follow up on our discussion of the Get off My Lawn (GoTM) browser with Jason's adventure in creating his own custom root store.By Tim Callan and Jason Soroko

1
Root Causes 510: Introducing the GoML Browser 10:18

3M ago10:18

10:18

We discuss Jason's code vibing journey to create the Get Off My Lawn! (GoTM) browser. We discuss SSL certificate information, EV indicators, and cookie handling.By Tim Callan and Jason Soroko

1
Root Causes 509: What Is a CPS? 7:30

3M ago7:30

7:30

We define CPS (Certificate Practices Statement) and explain the role it plays in both the WebPKI and private CAs.By Tim Callan and Jason Soroko

1
Root Causes 508: What Is Code Vibing? 17:43

3M ago17:43

17:43

"Code vibing" is using generative AI to create or improve working code. We share Jason's adventure using code vibing to create his own web browser.By Tim Callan and Jason Soroko

1
Root Causes 507: First Distrust of 2025 9:32

3M ago9:32

9:32

The first CA distrust event of 2025 comes with two simultaneous CA distrusts. We give you the details.By Tim Callan and Jason Soroko

1
Root Causes 506: Recap of CABF Face-to-face #65 8:53

3M ago8:53

8:53

For the first time ever, Jason and I record an episode from the floor of the CA/Browser Forum face-to-face meeting. We recap the themes of this meeting, and Jason gives his first impressions of a CABF Face-to-face.By Tim Callan and Jason Soroko

1
Root Causes 505: Trust Now, Forge Later 10:33

3M ago10:33

10:33

In this episode we explain the potential for future quantum computers to break files signed today with RSA or ECC, called "Trust now, forge later."By Tim Callan and Jason Soroko

1
Root Causes 504: Jason Programs a Quantum Computer 17:48

4M ago17:48

17:48

Jason describes his recent experience using Amazon Braket.By Tim Callan and Jason Soroko

1
Root Causes 502: The PQC Game of Chicken 10:59

4M ago10:59

10:59

In this episode Jason explains the fallacy of "playing chicken" with the Quantum Apocalypse. We discuss stack ranking and "eyes open" PQC risk decisions.By Tim Callan and Jason Soroko

1
Root Causes 501: Why Increasing RSA Key Size Won't Solve the Quantum Problem 3:35

4M ago3:35

3:35

In this brief episode we explain why the problem that Shor's Algorithm poses to RSA and ECC can't be solved simply by increasing key size.By Tim Callan and Jason Soroko

1
Root Causes 500: OMG! 500 Episodes of Root Causes! 20:46

4M ago20:46

20:46

Wow. It's episode 500 of Root Causes. Jason and Tim talk about how the podcast has evolved in the past six years, how it remains consistent, and the updates we're making to keep being a valuable resource for our listeners.By Tim Callan and Jason Soroko

1
Root Causes 499: Don't Blame Signal 8:37

4M ago8:37

8:37

The recent Signal controversy highlights the importance of understanding what protections an E2EE messaging app provides, and what it does not.By Tim Callan and Jason Soroko

1
Root Causes 498: UK NCSC PQC Guidance 15:31

4M ago15:31

15:31

The UK National Cyber Security Centre (NCSC) has released new PQC guidance. We take exception to the dates it gives and explain why.By Tim Callan and Jason Soroko

1
Root Causes 497: PQC Update with Sofia Celi 19:50

4M ago19:50

19:50

Guest Sofia Celi (IETF, Brave) returns to talk about important developments in post quantum cryptography. Sofia tells us about her candidate algorithm MAYO and what is happening with the NIST PQC onramp. We learn about KEM TLS and the status of PQC initiatives in IETF.By Tim Callan and Jason Soroko

1
Root Causes 496: E2EE Gmail 12:26

4M ago12:26

12:26

Gmail is now end-to-end encrypted for all recipients, regardless of the receiving client. We explain how Gmail accomplishes this trick.By Tim Callan and Jason Soroko

1
Root Causes 495: Trust Models and Post Quantum Cryptography 7:00

4M ago7:00

7:00

We build on our Trust Models discussion to explore how organizations can structure their PKI for the transition to post quantum cryptography (PQC).By Tim Callan and Jason Soroko

1
Root Causes 494: Introduction to Trust Models 21:09

4M ago21:09

21:09

We explain the basics of trust models and compare various models including WebPKI, private CA, and consortium models.By Tim Callan and Jason Soroko

1
Root Causes 493: Disentangling Public and Private Certificate Use Cases 12:10

5M ago12:10

12:10

Changing root store requirements mean CAs must separate their root hierarchies for different certificate types. We explain why enterprises should consider private CA for some use cases.By Tim Callan and Jason Soroko

1
Root Causes 492: When Mandatory Security Training Sucks 19:36

5M ago19:36

19:36

In this episode we get excited about errors we see in mandatory security trainings.By Tim Callan and Jason Soroko

1
Root Causes 491: RSA's Non-quantum Threat 31:41

5M ago31:41

31:41

We are rejoined by Dr. Michele Mosca to explore the potential threat of RSA being broken even in the absence of a quantum computing attack.By Tim Callan and Jason Soroko

1
Root Causes 490: Chrome and Chromium 10:02

5M ago10:02

10:02

We define Chrome versus Chromium, explaining what each is and the difference between the two.By Tim Callan and Jason Soroko

1
Root Causes 489: Does AI Nullify E2EE? 12:04

5M ago12:04

12:04

Does AI kill end-to-end encryption? There is a contention that the presence of AI agents in the workstream will render your confidential information visible outside the encrypted communication channels and therefore that E2EE is pointless. We explore this argument.By Tim Callan and Jason Soroko

1
Root Causes 488: CABF Face-to-Face Meeting Update 5:37

5M ago5:37

5:37

We explain the major news items from the most recent CA/Browser Forum face-to-face meeting in Tokyo. Topics include MPIC, 47-day certificate term, and Temporary Restraining Orders.By Tim Callan and Jason Soroko

1
Root Causes 487: Security 2030 46:40

5M ago46:40

46:40

Jason and I take a peek forward at what we imagine IT security looks like in 2030. Topics include PQC, ZTNA, "green zones," deep fakes, IoT, connected cars, agentic AI, blockchain, and CLM.By Tim Callan and Jason Soroko

1
Root Causes 486: 47-day Maximum Term Ballot Passes CABF 11:11

5M ago11:11

11:11

Apple's ballot to step the maximum term for public SSL certificates down to 47 days has passed in the CA/Browser Forum. We explain.By Tim Callan and Jason Soroko

1
Root Causes 485: What Is Open MPIC? 20:28

5M ago20:28

20:28

Guest Dmitry Sharkov joins us to describe Open MPIC, the open-source project to help public CAs support MPIC.By Tim Callan and Jason Soroko

1
Root Causes 484: Multi Good Factor Authentication 12:46

6M ago12:46

12:46

We define multi good factor authentication, which is the idea that not all authentication factors are equal. We discuss the importance of considering authentication strength and the contextual nature of trust.By Tim Callan and Jason Soroko

1
Root Causes 483: Introducing the PQC Sandbox 22:40

6M ago22:40

22:40

We are joined by repeat guest Bruno Coulliard of Crypto4A to introduce Sectigo's new post quantum cryptography (PQC) sandbox. The PQC sandbox allows you to get quantum resistant certificates in your hands to understand how they work with your systems.By Tim Callan and Jason Soroko

1
Root Causes 482: Microsoft and PQC 14:38

6M ago14:38

14:38

In this episode we explore the potential PQC future for Microsoft Active Directory Certificate Services, aka MSCA. We discuss potential paths for Microsoft to take and their consequences.By Tim Callan and Jason Soroko

1
Root Causes 481: What Is Protocol Ossification? 11:49

6M ago11:49

11:49

Protocol ossification is the phenomenon whereby ecosystems fail to work correctly with the full range of options included in a protocol. This occurs when individual software components only partially support the capabilities that should be available. We define protocol ossification, explain how and why it occurs, give real world examples, and talk …

1
Root Causes 480: White House PQC Executive Order 10:22

6M ago10:22

10:22

Many people believe that the Trump White House rescinded an important cybersecurity executive order from late days of the Biden administration. We set the record straight.By Tim Callan and Jason Soroko

1
Root Causes 479: AI Adversarial Machine Learning 13:10

6M ago13:10

13:10

In this episode we discuss the thinking on how adversaries can exploit the flaws in AI models to achieve unexpected and dangerous results. We explore some potential paths of defense against attacks of this sort.By Tim Callan and Jason Soroko

1
Root Causes 478: Should We All Switch from RSA to ECC? 16:01

6M ago16:01

16:01

RSA is under attack. Even without the quantum threat, we face the possibility of smart new exploits reducing the viable RSA key space and rendering it unsafe. In this episode we discuss the merits of choosing ECC over RSA as soon as today.By Tim Callan and Jason Soroko