Pki สาธารณะ
[search 0]
เพิ่มเติม
ดาวน์โหลดแอปเลย!
show episodes
 
Artwork

1
Root Causes: A PKI and Security Podcast

Tim Callan and Jason Soroko

icon
Unsubscribe
icon
Unsubscribe
รายสัปดาห์+
 
Digital certificate industry veterans Tim Callan and Jason Soroko explore the issues surrounding digital identity, PKI, and cryptographic connections in today's dynamic and evolving computing world. Best practices in digital certificates are continually under pressure from technology trends, new laws and regulations, cryptographic advances, and the evolution of our computing architectures to be more virtual, agile, ubiquitous, and cloud-based. Jason and Tim (and the occasional guest subject ...
  continue reading
 
Loading …
show series
 
AI tools are now available to perform red-teaming activity for DevSecOps. Such tools are soon to be table stakes in the constantly escalating IT security arms race. Join us to learn more.โดย Tim Callan and Jason Soroko
  continue reading
 
A new demand from the UK seeks complete access to all Apple cloud data housed in the UK, regardless of the data owners' citizenship and residency. We unpack this latest development in Government versus Encryption.โดย Tim Callan and Jason Soroko
  continue reading
 
The past year has seen a great deal of focus on the use of public TLS certificates where private root certificates are actually the appropriate solution. In this episode we discuss the differences between these two use cases and what IT organizations can do about it.โดย Tim Callan and Jason Soroko
  continue reading
 
Apple is proceeding with a ballot that eventually will shorten SSL certificate maximum term to 47 days. Accompanying the ballot, Apple released a statement explaining its intent with the ballot. In this episode we unpack its statements.โดย Tim Callan and Jason Soroko
  continue reading
 
In the wake of the Bugzilla Bloodbath, we list and describe twelve sins CAs commit on Bugzilla and its like, why they're detrimental, and how CAs should avoid them.โดย Tim Callan and Jason Soroko
  continue reading
 
Harvest and decrypt is a well-known attack vector against traditional cryptography prior to PQC. In this episode, we discuss what enterprises should be doing today to defend themselves against harvest and decrypt.โดย Tim Callan and Jason Soroko
  continue reading
 
In this episode we are joined by Dr. Michela Mosca. We discuss his pioneering work identifying the need for post-quantum cryptography, where PQC stands today, and what the future may hold.โดย Tim Callan and Jason Soroko
  continue reading
 
2024 set in motion major changes for certificate lifespans and DCV. In this episode we discuss the Apple 47-day proposal, stepping down certificate term, public versus private CA use cases, DCV reuse periods, MPIC, WHOIS, and other topics.โดย Tim Callan and Jason Soroko
  continue reading
 
In this 2024 lookback episode, we give an overview of the firestorm of Bugzilla incidents that we refer to as the Bugzilla Bloodbath. The Bugzilla Bloodbath affected actions around the Entrust distrust, delayed revocation reform, 47-day SSL certificate maximum term, linting, and more.โดย Tim Callan and Jason Soroko
  continue reading
 
We talk with guest Sofia Celi of Brave Browser, who leads the IETF PQC standardization effort, about the process of setting standards for PQC-compatible digital certificates. We learn about expected timelines, hybrid strategies, the NIST PQC onramp's role, and more.โดย Tim Callan and Jason Soroko
  continue reading
 
2024 was an eventful year for post quantum cryptography (PQC). This includes FIPS standards, the PQC onramp, and the dawn of widespread interest among IT professionals.โดย Tim Callan and Jason Soroko
  continue reading
 
The old adage states that a monkey in front of a keyboard, given enough time, could randomly type the works of Shakespeare. Apparently, someone ran the numbers and said not so much. We break it down and explain why we're discussing this on a PKI podcast.โดย Tim Callan and Jason Soroko
  continue reading
 
As part of its post-quantum cryptography (PQC) initiative NIST has released a draft deprecating RSA-2048 and ECC 256 by 2030 and disallowing them by 2035. We get into the details.โดย Tim Callan and Jason Soroko
  continue reading
 
Tim has stepped into the position of vice-chair of the CA/Browse Forum, and Sectigo now holds five chair or vice-chair positions in that body. We explain how leadership is chosen, the offices Sectigo holds today, and some of our vision for CABF in the next two years.โดย Tim Callan and Jason Soroko
  continue reading
 
We discuss how a potential break of Chrome from Google would affect the WebPKI. We look at product changes, resourcing, post-quantum cryptography (PQC), innovation, moonshot initiatives, and other public CAs.โดย Tim Callan and Jason Soroko
  continue reading
 
Apple has published an updated draft to its proposal for shortening the lifespan of SSL certificates, including a final maximum term of 47 rather than 45 days. We explain.โดย Tim Callan and Jason Soroko
  continue reading
 
A new White House initiative requires that federal agencies need to create plans to thwart BGP attacks. We discuss, including Resource PKI (RPKI) and Multi-Perspective Issuance Corroboration (MPIC).โดย Tim Callan and Jason Soroko
  continue reading
 
Linters are essential tools for maintaining quality of certificate issuance. Public open-source linters are available to help CAs assure compliance. As a result, CAs have begun attributing gaps in coverage by public linters as the root cause for misissuance events. We explain why this is faulty reasoning.…
  continue reading
 
The PQC community likes to debate when crypto relevant quantum computers will be available, which is sometimes called "Q day." In this episode we explain how radically oversimplified this concept is and dive into the nuances of what a "cryptographically relevant quantum computer" really will be.โดย Tim Callan and Jason Soroko
  continue reading
 
News reports claim Chinese researchers broke AES with a quantum annealing computer. We clarify the details and talk about the implications of this reported discovery.โดย Tim Callan and Jason Soroko
  continue reading
 
Apple recently floated a draft CABF ballot for commentary that steps down maximum term for SSL certificates starting next year and eventually landing at 45 days in 2027. We share the details.โดย Tim Callan and Jason Soroko
  continue reading
 
Deliberate delay of mandatory revocations has plagued the WebPKI in 2024. A new proposed policy from Mozilla stands to eliminate most of this behavior. In this episode we go over the proposal and explain its potential consequences.โดย Tim Callan and Jason Soroko
  continue reading
 
White hat researchers managed to take over WHOIS for the .mobi TLD. Among other things, this discovery foretells the death of WHOIS as a valid email source for Domain Control Validation (DCV).โดย Tim Callan and Jason Soroko
  continue reading
 
In this episode we describe the LoRA protocol, which allows IoT devices to communicate securely without using a cellular network, and how it can be used for secret communications.โดย Tim Callan and Jason Soroko
  continue reading
 
In this episode we discuss the dual nature of a public certificate as both a file and part of a holistic service that lasts until its expiration. We discuss revocation checking, CT logging, GAAP accounting, linters, certificate tracking tools, Certificate Lifecycle Management, standards bodies, post-quantum cryptography, and subscription models.…
  continue reading
 
Loading …

คู่มืออ้างอิงด่วน

ฟังรายการนี้ในขณะที่คุณสำรวจ
เล่น