Aculab presents How to's, news and Q&As for all things telecommunications, from a company with over 40 years in the industry.
…
continue reading
Voice Biometrics Podcasts
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject ...
…
continue reading

1
Root Causes 526: Voice Biometrics Are Worthless
8:32
8:32
Play later
Play later
Lists
Like
Liked
8:32Based on the ready availability of AI-based voice cloning, we declare voice biometric authentication to be utterly valueless.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 528: Misissued SSL Certificate for 1.1.1.1
17:31
17:31
Play later
Play later
Lists
Like
Liked
17:31A CA has incorrectly issued TLS certificates for the 1.1.1.1 and 2.2.2.2 IP addresses. We go into the details.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 527: Key Dates for the Deprecation of Public mTLS
10:25
10:25
Play later
Play later
Lists
Like
Liked
10:25Client authentication using public TLS server certificates is on the deprecation path. In this episode we go through the key dates in this deprecation.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 525: The End of Email-based DCV
10:03
10:03
Play later
Play later
Lists
Like
Liked
10:03A new CABF ballot proposal will eliminate all email- and phone-based DCV over the next few years. We go into the details.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 524: How to Kill Three Birds with One Stone
12:42
12:42
Play later
Play later
Lists
Like
Liked
12:42Three major changes are coming to the world of public certificates, all of which require major changes in how organizations deploy, renew, and manage their certificates. These are 47-day SSL, PQC, and the deprecation of mTLS. We describe the overlap between these efforts and how to combine them for better efficiency and project management.…
…
continue reading

1
Root Causes 523: Will Your Configuration Block MPIC DCV?
11:16
11:16
Play later
Play later
Lists
Like
Liked
11:16MPIC (Multi-perspective Issuance Corroboration) is soon to move into enforcement phase. In this episode we describe three configuration decisions that can force Domain Control Validation (DCV) to fail and tell you what to do about them before you have a problem.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 522: How Prepared Are Enterprises for PQC? (Part 2)
33:28
33:28
Play later
Play later
Lists
Like
Liked
33:28We complete our description and commentary on the results of Sectigo's survey of enterprise preparedness for Post Quantum Cryptography (PQC).By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 521: How Prepared Are Enterprises for PQC? (Part 1)
32:22
32:22
Play later
Play later
Lists
Like
Liked
32:22We begin to go over the results of Sectigo's recent survey of enterprises and their preparedness and plans for adopting Post Quantum Cryptography (PQC).By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 520: How Prepared Are IT Teams for 47-day Certificates?
45:05
45:05
Play later
Play later
Lists
Like
Liked
45:05Sectigo has released the results of its survey of IT professionals in charge of certificates to measure their readiness and preparation for 47-day maximum certificate term. We go over the results.By Tim Callan and Jason Soroko
…
continue reading
AI is not the elephant in the room. It is the room itself. Jason explains what he means by that.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 518: NCSC Lukewarm on FIDO WebAuthn
16:31
16:31
Play later
Play later
Lists
Like
Liked
16:31Britain's National Cyber Security Centre recently issued a lukewarm verdict on passkeys as an authentication solution. We explore the problems with WebAuthn, including account recovery, spotty availability, inconsistent implementation, and lack of Linux support.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 517: The Cost of Quantum Factoring
5:20
5:20
Play later
Play later
Lists
Like
Liked
5:20Jason walks us through an important recent paper from Google tracking the cost of quantum factoring.By Tim Callan and Jason Soroko
…
continue reading
Microsoft has finally announced that it will offer an update to Active Directory Certificate Services (ADCS, formerly MSCA) to support post quantum cryptography. We discuss Microsoft's checkered support for ADCS and offer some questions users should be asking.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 515: What Is Entropy-aware Governance?
14:51
14:51
Play later
Play later
Lists
Like
Liked
14:51Jason coins the term "entropy-aware governance" to describe the idea of using the degree of entropy it contains to measure the strength of any given secret. This could be an objective, consistent metric that could be applied to standard practices and requirements.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 514: Diary of an Online Firestorm
12:45
12:45
Play later
Play later
Lists
Like
Liked
12:45Tim describes how the addition of an item to the CABF face-to-face meeting agenda blew up into a panicked and outraged online thread. We discuss what a more functional response would have looked like.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 513: Is Revocation the Best Remedy for CPS Misalignment?
12:21
12:21
Play later
Play later
Lists
Like
Liked
12:21We continue our discussion of CPS misalignment by discussing the reasons for revocation as a remedy, its disadvantages, and the possibility of another solution that provides the same benefits at less cost.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 512: CPS Versus Practices Misalignment
12:41
12:41
Play later
Play later
Lists
Like
Liked
12:41We examine the circumstance where otherwise allowed practices are out of alignment with the stated practices in the relevant CPS. We discuss CA transparency and accountability, increased scrutiny of the CPS, and mass revocation.By Tim Callan and Jason Soroko
…
continue reading
We follow up on our discussion of the Get off My Lawn (GoTM) browser with Jason's adventure in creating his own custom root store.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 510: Introducing the GoML Browser
10:18
10:18
Play later
Play later
Lists
Like
Liked
10:18We discuss Jason's code vibing journey to create the Get Off My Lawn! (GoTM) browser. We discuss SSL certificate information, EV indicators, and cookie handling.By Tim Callan and Jason Soroko
…
continue reading
We define CPS (Certificate Practices Statement) and explain the role it plays in both the WebPKI and private CAs.By Tim Callan and Jason Soroko
…
continue reading
"Code vibing" is using generative AI to create or improve working code. We share Jason's adventure using code vibing to create his own web browser.By Tim Callan and Jason Soroko
…
continue reading
The first CA distrust event of 2025 comes with two simultaneous CA distrusts. We give you the details.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 506: Recap of CABF Face-to-face #65
8:53
8:53
Play later
Play later
Lists
Like
Liked
8:53For the first time ever, Jason and I record an episode from the floor of the CA/Browser Forum face-to-face meeting. We recap the themes of this meeting, and Jason gives his first impressions of a CABF Face-to-face.By Tim Callan and Jason Soroko
…
continue reading
In this episode we explain the potential for future quantum computers to break files signed today with RSA or ECC, called "Trust now, forge later."By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 504: Jason Programs a Quantum Computer
17:48
17:48
Play later
Play later
Lists
Like
Liked
17:48Jason describes his recent experience using Amazon Braket.By Tim Callan and Jason Soroko
…
continue reading
In this episode Jason explains the fallacy of "playing chicken" with the Quantum Apocalypse. We discuss stack ranking and "eyes open" PQC risk decisions.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 501: Why Increasing RSA Key Size Won't Solve the Quantum Problem
3:35
3:35
Play later
Play later
Lists
Like
Liked
3:35In this brief episode we explain why the problem that Shor's Algorithm poses to RSA and ECC can't be solved simply by increasing key size.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 500: OMG! 500 Episodes of Root Causes!
20:46
20:46
Play later
Play later
Lists
Like
Liked
20:46Wow. It's episode 500 of Root Causes. Jason and Tim talk about how the podcast has evolved in the past six years, how it remains consistent, and the updates we're making to keep being a valuable resource for our listeners.By Tim Callan and Jason Soroko
…
continue reading
The recent Signal controversy highlights the importance of understanding what protections an E2EE messaging app provides, and what it does not.By Tim Callan and Jason Soroko
…
continue reading
The UK National Cyber Security Centre (NCSC) has released new PQC guidance. We take exception to the dates it gives and explain why.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 497: PQC Update with Sofia Celi
19:50
19:50
Play later
Play later
Lists
Like
Liked
19:50Guest Sofia Celi (IETF, Brave) returns to talk about important developments in post quantum cryptography. Sofia tells us about her candidate algorithm MAYO and what is happening with the NIST PQC onramp. We learn about KEM TLS and the status of PQC initiatives in IETF.By Tim Callan and Jason Soroko
…
continue reading
Gmail is now end-to-end encrypted for all recipients, regardless of the receiving client. We explain how Gmail accomplishes this trick.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 495: Trust Models and Post Quantum Cryptography
7:00
7:00
Play later
Play later
Lists
Like
Liked
7:00We build on our Trust Models discussion to explore how organizations can structure their PKI for the transition to post quantum cryptography (PQC).By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 494: Introduction to Trust Models
21:09
21:09
Play later
Play later
Lists
Like
Liked
21:09We explain the basics of trust models and compare various models including WebPKI, private CA, and consortium models.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 493: Disentangling Public and Private Certificate Use Cases
12:10
12:10
Play later
Play later
Lists
Like
Liked
12:10Changing root store requirements mean CAs must separate their root hierarchies for different certificate types. We explain why enterprises should consider private CA for some use cases.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 492: When Mandatory Security Training Sucks
19:36
19:36
Play later
Play later
Lists
Like
Liked
19:36In this episode we get excited about errors we see in mandatory security trainings.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 491: RSA's Non-quantum Threat
31:41
31:41
Play later
Play later
Lists
Like
Liked
31:41We are rejoined by Dr. Michele Mosca to explore the potential threat of RSA being broken even in the absence of a quantum computing attack.By Tim Callan and Jason Soroko
…
continue reading
We define Chrome versus Chromium, explaining what each is and the difference between the two.By Tim Callan and Jason Soroko
…
continue reading
Does AI kill end-to-end encryption? There is a contention that the presence of AI agents in the workstream will render your confidential information visible outside the encrypted communication channels and therefore that E2EE is pointless. We explore this argument.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 488: CABF Face-to-Face Meeting Update
5:37
5:37
Play later
Play later
Lists
Like
Liked
5:37We explain the major news items from the most recent CA/Browser Forum face-to-face meeting in Tokyo. Topics include MPIC, 47-day certificate term, and Temporary Restraining Orders.By Tim Callan and Jason Soroko
…
continue reading
Jason and I take a peek forward at what we imagine IT security looks like in 2030. Topics include PQC, ZTNA, "green zones," deep fakes, IoT, connected cars, agentic AI, blockchain, and CLM.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 486: 47-day Maximum Term Ballot Passes CABF
11:11
11:11
Play later
Play later
Lists
Like
Liked
11:11Apple's ballot to step the maximum term for public SSL certificates down to 47 days has passed in the CA/Browser Forum. We explain.By Tim Callan and Jason Soroko
…
continue reading
Guest Dmitry Sharkov joins us to describe Open MPIC, the open-source project to help public CAs support MPIC.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 484: Multi Good Factor Authentication
12:46
12:46
Play later
Play later
Lists
Like
Liked
12:46We define multi good factor authentication, which is the idea that not all authentication factors are equal. We discuss the importance of considering authentication strength and the contextual nature of trust.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 483: Introducing the PQC Sandbox
22:40
22:40
Play later
Play later
Lists
Like
Liked
22:40We are joined by repeat guest Bruno Coulliard of Crypto4A to introduce Sectigo's new post quantum cryptography (PQC) sandbox. The PQC sandbox allows you to get quantum resistant certificates in your hands to understand how they work with your systems.By Tim Callan and Jason Soroko
…
continue reading
In this episode we explore the potential PQC future for Microsoft Active Directory Certificate Services, aka MSCA. We discuss potential paths for Microsoft to take and their consequences.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 481: What Is Protocol Ossification?
11:49
11:49
Play later
Play later
Lists
Like
Liked
11:49Protocol ossification is the phenomenon whereby ecosystems fail to work correctly with the full range of options included in a protocol. This occurs when individual software components only partially support the capabilities that should be available. We define protocol ossification, explain how and why it occurs, give real world examples, and talk …
…
continue reading

1
Root Causes 480: White House PQC Executive Order
10:22
10:22
Play later
Play later
Lists
Like
Liked
10:22Many people believe that the Trump White House rescinded an important cybersecurity executive order from late days of the Biden administration. We set the record straight.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 479: AI Adversarial Machine Learning
13:10
13:10
Play later
Play later
Lists
Like
Liked
13:10In this episode we discuss the thinking on how adversaries can exploit the flaws in AI models to achieve unexpected and dangerous results. We explore some potential paths of defense against attacks of this sort.By Tim Callan and Jason Soroko
…
continue reading

1
Root Causes 478: Should We All Switch from RSA to ECC?
16:01
16:01
Play later
Play later
Lists
Like
Liked
16:01RSA is under attack. Even without the quantum threat, we face the possibility of smart new exploits reducing the viable RSA key space and rendering it unsafe. In this episode we discuss the merits of choosing ECC over RSA as soon as today.By Tim Callan and Jason Soroko
…
continue reading