Listen Now

In this episode our hosts explain the Four Pillars of Certificate Automation: deploy, discover, revoke/replace, and renew. They detail what these pillars entail and why they're important. They also discuss the umbrella capability of visibility, which affects all four pillars.

On March 1 Sectigo will remove street address and postal/zip code information from its public certificates of all types. Our hosts explain the reasons for and advantages of this upcoming change, along with answers to some of the common questions we receive.

Recent years have seen multiple reductions in the maximum term for public SSL certificates. Our hosts are joined by guest Nick France to discuss the benefits of shorter certificate lifespans for both public and private CAs.

BGP, or Border Gateway Protocol, controls traffic routing on the internet. Real and theoretical attacks over the years have been revealed against BGP with varying levels of success, including recent research on how BGP attacks can be used to improperly obtain DV certificates. Our hosts explain them along with recent industry actions intended to thwart such attacks.

Public CAs recently have discovered a repeated error whereby certificate subscribers accidentally include the private key along with CSR submissions. Our hosts break down this phenomenon and its implications.

A new US law called the IoT Cybersecurity Improvement Act of 2020 creates security requirements for IoT devices sold into the US government. Join us as we explain these new requirements and why this law's reach is likely to extend further than the US governmental procurement process.

The SolarWinds Orion supply chain attack is making headlines throughout the tech press. This sophisticated attack includes some unusual manipulations of digital identity and certificates. In this episode we explain how certificates, keys, and identity play into the SolarWinds exploit.

In the third of our year-end lookback episodes, we discuss 2020's progress in the quest for quantum-safe encryption. This includes narrowing the NIST candidate list down to fifteen algorithms, the availability of test hybrid certificates, and the trouble with long-lived IoT devices. Our hosts predict what 2021 will look like for quantum-safe certificates.

In April 2014 a software vulnerability called Heartbleed was discovered in OpenSSL. Heartbleed made it possible for attackers to send commands to web servers and steal their private keys. Certificate subscribers around the world had to scramble to patch their servers and replace certificates by the millions. Guest Nick France joins us to explain this vulnerability, its consequences, and whether or not a Heartbleed-like vulnerability could occur today.

2020 was a big year for SASE (Secure Access Service Edge). Our hosts define SASE, ZTNA (Zero Trust Network Architecture), and SDP (Software Defined Perimeter). Our hosts discuss how these technology principles gained momentum in 2020 and why they are poised for continued growth in 2021.

In 2020 the COVID-19 pandemic changed the way we work. IT departments had to gear up for near-ubiquitous work-from-home (WFH) requirements while maintaining productivity and security. Our hosts talk about the pandemic's affect on employee authentication and access, Zero Trust, IT enablement of retail, immunity passports, and more.

In our ongoing examination of MFA, our hosts examine authentication through soft-token OTP (one-time passcode). They go over the potential benefits and pitfalls of soft tokens, and compare them to SMS tokens and hard tokens.

The recent release of Apple's Big Sur OS appears to have driven a temporary slowdown in the company's OCSP responders, affecting code updates across all Apple operating systems. Guest Nick France joins us to explain what appears to have happened and why.

Massive password breeches have been so repeatedly prevalent for so many years that as an industry and a society we've just started to accept them as a fact of life. In this episode we discuss the weaknesses of passwords as a strategy and why they nonetheless are so common even today. We describe the roadmap for eventually weeding out passwords from most systems.

Hard tokens are one of the oldest multi-factor authentication (MFA) form factors there is, and still in use today. In the latest in our series of explorations of MFA strategies, we examine the strengths and weaknesses of hard tokens as an MFA strategy.

First we had crypto agility, which is how we ensure our cryptography stays current with the needs of security. Expanding on this concept, industry leaders are now looking at certificate agility, which is building our systems so that all certificates are known, current, and immediately replaceable. Our hosts explain certificate agility, why it's important, and what you need to do to achieve it.

Our co-host Tim Callan has changed his title to Chief Compliance Officer. Join him and co-host Jason Soroko as they discuss what compliance means at a public Certificate Authority (CA) like Sectigo and what the Chief Compliance Officer does.

New research shows how ransomware attacks could be launched against IoT devices. Our hosts are joined by Alan Grau to understand these attacks and what can be done to defend against them, including technical controls such as strong identity and embedded firewalls.

Digital certificates and PKI provide digital identity and access. Identity and Access Management (IAM) is a huge technology category featuring major players like Okta, DUO, and Ping Identity. And despite the fact that they feature a lot of the same words in their descriptions, these two categories are entirely different spaces that do entirely different things. In this episode we explain the difference between digital identity certificates and IAM platforms and how they fit in together.

As part of our ongoing series on the pros and cons of various forms of multi-factor authentication (MFA) in this episode we explore biometrics. Our hosts discuss their strengths and weaknesses and the idea that biometrics are more about proof of possession than identity authentication.