Root Causes Podcast

An emerging attack against AIs is to create a significantly complex and recursive prompt that will occupy the AI indefinitely or for a sufficiently long time that it acts as a Denial-of-Service (DoS) attack. We describe how this works.

TLS 1.3 is required to take advantage of post quantum cryptography (PQC) algorithms. Yes, we still see a lot of TLS 1.2 or earlier in deployment. We examine why this is the case and what to do about it.

Recent revelations about Mythos and its ability to expose vulnerabilities have forced us to rethink basic assumptions about cyber defense. In our "AI in 1000 Days" series, Jason Soroko and I examine the implications of these revelations three years from now.  This includes upping the overall pace of attack and changes to best practices in cyber security defense.

Anthropic has delayed its widespread release of Mythos to give major software providers a chance to close off the many vulnerabilities it has discovered. We dig into the vast implications of Mythos and other AI models for the future of cybersecurity.

We discuss the possibility that our standardized ML-DSA keys turn out to be too short for true confidence, why that might occur, and the implications for private PKI certificates.

Sam Jaques joins us to explain his much-referenced chart mapping progress toward cryptographically relevant quantum computing (CRQC).

We break down the phrase "Simplicity at Scale" to see what it means to us in the context of CAs and CLM.

A few years ago NIST proposed deadlines for PQC deployment at 2030 and 2035. But recent announcements from Google and Cloudflare suggest 2029 as a better deprecation target. We are joined by Dustin Moody to get the NIST perspective on these announcements.

Recent announcements from Google and Cloudflare have declared new 2029 deadlines for full post quantum cryptography (PQC) migration. Bas Westerbaan explains the rationale behind Cloudflare's decision and discusses implications for other enterprises., asking "Are you a gambler?"

Repeat guest Bas Westerbaan of Cloudflare joins us to explore the role of Merkle Tree Certificates (MTCs) in private CA scenarios with an eye toward where they will be needed and where traditional PKI will be better suited.

The US-based X9 financial industry consortium has created a server certificate. We explain what X9 certificates are and suitable use cases for this certificate type.

Dustin Moody of NIST joins us to discuss Merkle Tree Certificates (MTCs) and the NIST position on them.

Repeat guest Bas Westerbaan of Cloudflare joins us to explain the PLANTS working group in IETF, which is driving standards around post quantum cryptography (PQC) and Merkle Tree Certificates (MTC). Bas explains the path to becoming a final standard, where we are in this process, and how you can get involved.

It's reasonable to believe that Merkle Tree Certificates (MTC) and traditional RSA will co-exist on the same servers for years, if not decades, during the transition to post quantum cryptography (PQC). Bas Westerbaan of Cloudflare joins us in this episode to explore the possibility of quantum downgrade attacks and what we can do about them.

We are joined by Dustin Moody of NIST to go over the current state of the various post quantum cryptography (PQC) contests, including upcoming FIPS standards for Falcon (FN-DSA) and HQC, other Round 4 algorithms, the digital signing algorithm (DSA) On Ramp, isogeny, and future cryptographic exploration.

We are joined by Bas Westerbaan of Cloudflare to explain considerations and requirements for use of Merkle Tree Certificates (MTCs). This includes full adoption of TLS 1.3, offering PQC and RSA at the same time, the imperative value of automation, and running production MTC in 2027.

There are strong reasons to believe that the architecture of PQC TLS will take the form of Merkle Tree Certificates (MTC). Post quantum cryptography expert Bas Westerbaan of Cloudflare explains this new PKI architecture, how it works, and why we need it.