The Baseline Requirements, CT logs, the Bugzilla Bloodbath, shortening certificate lifespans, all these trends serve to enforce a high level of quality and predictability across WebPKI certificates. Nearly twenty years after the introduction of EV SSL, we ask if it has served its purpose and should be retired.
Podcasts
Nach Produkt filtern
Tags
Dustin Moody of NIST joins us to talk about the evolution of standardized cryptography beyond the current PQC efforts. Topics include maintaining visibility on cryptography presently in use, 50 years of RSA, and cryptographic heterogeny.
Bas Westerbaan of Cloudflare joins us to discuss recent information that heightens concerns about Elliptic Curve Cryptography (ECC) and its vulnerability to a cryptographically relevant quantum computer (CRQC). We pose the question do we need to deprecate ECC in advance of our migration to ML-DSA and other PQC algorithms.
We are freshly returned from the 2026 ETSI PQC Conference. We give a debrief on the conference, including the difference between post quantum cryptography (PQC) and quantum key distribution (QKD), the algorithmic zoo, PQC for blockchain, the Dunning Kruger Effect, and cryptographic Frogger.
We recently attended the Gartner Risk and Security conference for 2026, where we observed a great deal of attention on not only AI but also post quantum cryptography (PQC). Join us as we share the key takeaways.
2024 saw a flurry of high profile incidents for public CA, which we named the Bugzilla Bloodbath. We look back to see how the WebPKI has changed as a consequence.
Resource-constrained devices may need to address PQC through real-time, seed-based, key generation. Unfortunately, this leaves the full key exposed very briefly in RAM. The potential consequences of this are far-reaching and scary. We go into the details.
Sam Jaques of the University of Waterloo returns to discuss his tracking of progress in quantum computers and offer a perspective on moving our PQC deadlines up to 2029.
An emerging attack against AIs is to create a significantly complex and recursive prompt that will occupy the AI indefinitely or for a sufficiently long time that it acts as a Denial-of-Service (DoS) attack. We describe how this works.
In the latest in our coverage of government versus encryption, the UK issued secret orders to Apple to give it a cryptographic backdoor to Apple's advanced data protection capability for iCloud. Apple responded by eliminating encryption entirely for UK users. We break it down.
TLS 1.3 is required to take advantage of post quantum cryptography (PQC) algorithms. Yes, we still see a lot of TLS 1.2 or earlier in deployment. We examine why this is the case and what to do about it.
Recent revelations about Mythos and its ability to expose vulnerabilities have forced us to rethink basic assumptions about cyber defense. In our "AI in 1000 Days" series, Jason Soroko and I examine the implications of these revelations three years from now. This includes upping the overall pace of attack and changes to best practices in cyber security defense.