It's reasonable to believe that Merkle Tree Certificates (MTC) and traditional RSA will co-exist on the same servers for years, if not decades, during the transition to post quantum cryptography (PQC). Bas Westerbaan of Cloudflare joins us in this episode to explore the possibility of quantum downgrade attacks and what we can do about them.
Jason Soroko
Fellow
Jason has 20 years of experience researching, innovating, educating markets, developing intellectual property, and contributing to national-level guidance and consortium standards. He works closely with enterprise companies daily to synthesize managed PKI security solutions that meet real-world operational needs.
Jason Soroko is a seasoned security technology innovator and Senior Fellow at Sectigo, where he leads customer-facing engagements, drives research, and spearheads strategic initiatives at both organizational and national levels. He also contributes to the development of intellectual property and consortium standards. As co-host of the award-winning “Root Causes” podcast, Jason educates professionals on the latest trends in PKI and cybersecurity twice a week. His core strength is bridging cutting-edge security methods with real-world operational needs, ensuring that businesses are equipped with practical, forward-thinking solutions.
Recent posts by Jason Soroko
We are joined by Dustin Moody of NIST to go over the current state of the various post quantum cryptography (PQC) contests, including upcoming FIPS standards for Falcon (FN-DSA) and HQC, other Round 4 algorithms, the digital signing algorithm (DSA) On Ramp, isogeny, and future cryptographic exploration.
We are joined by Bas Westerbaan of Cloudflare to explain considerations and requirements for use of Merkle Tree Certificates (MTC). This includes full adoption of TLS 1.3, offering PQC and RSA at the same time, the imperative value of automation, and running production MTC in 2027.
There are strong reasons to believe that the architecture of PQC TLS will take the form of Merkle Tree Certificates (MTC). Post quantum cryptography expert Bas Westerbaan of Cloudflare explains this new PKI architecture, how it works, and why we need it.
We describe three different kinds of logical qubits with their relative strengths and weaknesses.
Jason explains the extreme danger of side channel attacks in the new post quantum cryptography (PQC) era.
The reliability of cryptographic algorithms is largely a matter of conjecture based on track record. Proving security is impaired by the difficulty of formal verification, implementation weaknesses, and failure in randomness.
The first of the five pillars of Certificate Lifecycle Management (CLM) is discovery. While many of your certificates are easily discoverable, some difficult PKI remains.
The UK Online Safety Act intends to force vendors who sell hardware and software to allow the government to scan end-to-end encrypted communication on end devices.