Root Causes: A PKI and Security Podcast

Epizody

• Root Causes 623: Are PQC Key Sized Big Enough? 01.06.2026 8min

  We discuss the possibility that our standardized ML-DSA keys turn out to be too short for true confidence, why that might occur, and the implications for private PKI certificates.
• Root Causes 622: Modeling the Time to CRQC 29.05.2026 15min

  Sam Jaques joins us to explain his much-referenced chart mapping progress toward cryptographically relevant quantum computing (CRQC).
• Root Causes 621: Simplicity at Scale 26.05.2026 5min

  We break down the phrase "Simplicity at Scale" to see what it means to us in the context of CAs and CLM.
• Root Causes 620: Will NIST Update Its PQC Timelines? 22.05.2026 9min

  A few years ago NIST proposed deadlines for PQC deployment at 2030 and 2035. But recent announcements from Google and Cloudflare suggest 2029 as a better deprecation target. We are joined by Dustin Moody to get the NIST perspective on these announcements.
• Root Causes 619: Do We All Need to Adopt PQC by 2029? 18.05.2026 17min

  Recent announcements from Google and Cloudflare have declared new 2029 deadlines for full post quantum cryptography (PQC) migration. Bas Westerbaan explains the rationale behind Cloudflare's decision and discusses implications for other enterprises, asking "Are you a gambler?"
• Root Causes 618: MTC and Private PKI 15.05.2026 16min

  Repeat guest Bas Westerbaan of Cloudflare joins us to explore the role of Merkle Tree Certificates in private CA scenarios with an eye toward where they will be needed and where traditional PKI will be better suited.
• Root Causes 617: What Are X9 Certificates? 13.05.2026 21min

  The US-based X9 financial industry consortium has created a server certificate. We explain what X9 certificates are and suitable use cases for this certificate type.
• Root Causes 616: NIST and Merkle Tree Certificates 11.05.2026 6min

  Dustin Moody of NIST joins us to discuss Merkle Tree Certificates (MTC) and the NIST position on them.
• Root Causes 615: What Is IETF PLANTS? 08.05.2026 6min

  Repeat guest Bas Westerbaan of Cloudflare joins us to explain the PLANTS working group in IETF, which is driving standards around post quantum cryptography (PQC) and Merkle Tree Certificates (MTC). Bas explains the path to becoming a final standard, where we are in this process, and how you can get involved.
• Root Causes 614: MTC and Downgrade Attacks 06.05.2026 12min

  It's reasonable to believe that Merkle Tree Certificates (MTC) and traditional RSA will co-exist on the same servers for years, if not decades, during the transition to post quantum cryptography (PQC). Bas Westerbaan of Cloudflare joins us in this episode to explore the possibility of quantum downgrade attacks and what we can do about them.
• Root Causes 613: Status of the NIST PQC Contests 04.05.2026 22min

  We are joined by Dustin Moody of NIST to go over the current state of the various post quantum cryptography (PQC) contests, including upcoming FIPS standards for Falcon (FN-DSA) and HQC, other Round 4 algorithms, the digital signing algorithm (DSA) On Ramp, isogeny, and future cryptographic exploration.
• Root Causes 612: What Do Subscribers Need for MTC? 01.05.2026 12min

  We are joined by Bas Westerbaan of Cloudflare to explain considerations and requirements for use of Merkle Tree Certificates (MTC). This includes full adoption of TLS 1.3, offering PQC and RSA at the same time, the imperative value of automation, and running production MTC in 2027.
• Root Causes 611: Merkle Tree Certificates, What and Why 29.04.2026 23min

  There are strong reasons to believe that the architecture of PQC TLS will take the form of Merkle Tree Certificates (MTC). We are joined by post quantum cryptography expert Bas Westerbaan of Cloudflare as he explains this new PKI architecture, how it works, and why we need it. We define new concepts like landmark certificates and log mirrors and discuss what's necessary to move to this new architecture.
• Root Causes 610: Types of Logical Qubits 27.04.2026 10min

  We describe three different kinds of logical qubits with their relative strengths and weaknesses.
• Root Causes 609: Side Channel Apocalypse 24.04.2026 6min

  Jason explains the extreme danger of side channel attacks in the new post quantum cryptography (PQC) era.
• Root Causes 608: The Fragility of Formal Verification 22.04.2026 7min

  The reliability of cryptographic algorithms is largely a matter of conjecture based on track record. Proving security is impaired by the difficulty of formal verification, implementation weaknesses, and failure in randomness.
• Root Causes 607: PKI That's Hard to Discover 20.04.2026 7min

  The first of the five pillars of Certificate Lifecycle Management (CLM) is discovery. While many of your certificates are easily discoverable, some difficult PKI remains.
• Root Causes 606: What Is the UK Online Safety Act? 17.04.2026 6min

  The UK Online Safety Act intends to force vendors who sell hardware and software to allow the government to scan end-to-end encrypted communication on end devices. We once again marvel at governments seeking to undermine the security of their own citizens.
• Root Causes 605: Chrome Declares Its Support for Merkle Tree Certificates (MTC) 15.04.2026 9min

  Google has taken a strong position supporting Merkle Tree Certificates (MTC) as the PQC-enabled future for SSL / TLS. We unpack this extremely important position from the WebPKI's most influential organization.
• Root Causes 604: Accelerated Timeline for Quantum Computers Breaking ECC in Crypto and Blockchain 13.04.2026 11min

  A new paper from Google Quantum AI and others documents a new technique for breaking ECC, particularly the curve protecting crypto currencies, smart contracts, and blockchain. This accelerates post quantum cryptography (PQC) timelines.