Tim Callan

CAA records exist to restrict issuing CAs for a given domain to as few as one CA. But what happens when the CAA record outlives the CA to which it restricts issuance? Join us to find out. youtube.com/watch?v=WbI3p2…

Chrome's deadline for deprecation of the clientAuth EKU and mTLS in public certificates has moved out. We give you the what, when, and why. …i-and-security-podcast.simplecast.com/episodes/root-…

It would be easy to believe that the amount of risk posed to the WebPKI by any individual public CA is somehow proportional to the number of active certificates that CA has. This is false, however. In this episode we address this misconception. …i-and-security-podcast.simplecast.com/episodes/root-…

We recently heard the argument that it's simply too expensive to develop a cryptographically relevant quantum computer. We vehemently disagree. In this episode we explain why. …i-and-security-podcast.simplecast.com/episodes/root-…

It's cryptographic Frogger from here on out. The transition to PQC is not just a change in cryptographic algorithms but also a fundamental shift in how we treat our cryptography. IT systems need to be fundamentally crypto agile as never before. …i-and-security-podcast.simplecast.com/episodes/root-…

Jason describes a recent intrusion almost entirely operated by off-the-shelf AI tools. This is an important milestone in security. We describe its potential consequences. …i-and-security-podcast.simplecast.com/episodes/root-…

We expand on the concept of trust-now-forge-later to list a whole bevy of additional attacks that eventually will be enabled by cryptographically relevant quantum computers. youtube.com/watch?v=CRI8Bz…

We all love a good manifesto! Jason spells out the ten principles of the Cryptographic Inventory Manifesto, and we discuss. soundcloud.com/tim-callan/roo…

We look at the new European DORA and NIS2 regulations and how Certificate Lifecycle Management is a key requirement to meet these requirements. You will be surprised how explicit these requirements are. soundcloud.com/tim-callan/roo…

In an innovative application, an AI has been used to find private keys for ECC (Elliptic Curve Cryptography) P 256. We explain how. soundcloud.com/tim-callan/roo…

New research indicates that the number of qubits necessary to achieve cryptographic relevance has reduced by two orders of magnitude. We cover this breaking news and its implications. soundcloud.com/tim-callan/roo…

By CABF ballot all manual methods of Domain Control Validation (DCV) will be deprecated by 2028. We explain which methods are due for deprecation and when. soundcloud.com/tim-callan/roo…

We go over the qualities in abstract of a use case that strongly invites the use of hybrid certificates and then run down a list of specific use cases. This includes OT systems, code signing, secure boot, WiFi, enterprise S/MIME, and more. soundcloud.com/tim-callan/roo…

In this episode Jason declares that we must make cryptography boring again. We get into what that means and why it matters. soundcloud.com/tim-callan/roo…

We have seen much talk of the upcoming drop of maximum TLS term to 200 days, followed by 100 days, and eventually down to 47 days. It happens that all those numbers are too large and the actual maxima will be less than that. We explain. soundcloud.com/tim-callan/roo…

March 2026 is due to be the most eventful month in the history of the WebPKI. Join us as we go over all the many changes coming next month. soundcloud.com/tim-callan/roo…

A large investment firm divests from Bitcoin for fear of the quantum threat. soundcloud.com/tim-callan/roo…

Everybody knows about March 15 and the drop in maximum public TLS certificate term to 200 days. But that only scratches the surface on key dates with this maximum term reduction. Join us as we go over "all the dates" for TLS maximum term reduction. soundcloud.com/tim-callan/roo…

Every new year on the Root Causes Podcast we make predictions for the year to come, and every year we go back and see how we did. This is the first of two parts scoring our 2025 predictions. youtube.com/watch?v=tpV_70…

We discuss the idea that not all cryptographic entropy is equally "random" and potential consequences. soundcloud.com/tim-callan/roo…