The RSA Roundup: Email, Certificates, and Code Signing in the AI Era
April 23, 2026
In this special episode of Trust.ID Talk: The Digital Certificate and Identity Security Podcast, host Michelle Davidson hands the mic to Matthew Dorrington and John Murray as they roam the RSA Conference show floor, capturing insights on email security, certificate lifecycle management, and code signing with security leaders from Red Sift, AppViewX, Thinkst Canary, Pangolin, and SignPath.
In this special episode of Trust.ID Talk: The Digital Certificate and Identity Security Podcast, host Michelle Davidson hands the mic to Matthew Dorrington and John Murray as they roam the RSA Conference show floor, capturing insights on email security, certificate lifecycle management, and code signing with security leaders from Red Sift, AppViewX, Thinkst Canary, Pangolin, and SignPath.
What You’ll Learn:
- How to transition email security from perimeter defense to identity-centric strategy
- Why certificate lifetime compression demands immediate automation
- How post-quantum cryptography readiness begins today
- The critical relationship between code signing and supply chain security
- Why AI introduces both trust and uncertainty in security operations
If you enjoyed this episode, make sure to subscribe, rate, and review on Apple Podcasts, Spotify, and YouTube Podcasts, instructions on how to do this are here.
YouTube Chapters:
- [00:00] Intro
- [00:39] Email as a Zero-Trust Channel
- [02:48] Automating Thousands of Certificates
- [04:02] Getting Started with ACME
- [04:41] Shrinking Certificate Lifetimes
- [06:31] Preparing Infrastructure for Post-Quantum
- [07:14] Code Signing in the Supply Chain Era
- [08:21] Michelle’s Closing Thoughts
Episode Resources:
- Matthew Dorrington on LinkedIn
- John Murray on LinkedIn
- Red Sift Website
- Thinkst Canary Website
- AppViewX Website
- ACME Website
- Pangolin Website
- SignPath Website
- Michelle Davidson on LinkedIn
- GlobalSign Website
Key Takeaways:
- [00:39] Email as a Zero-Trust Channel
Email has fundamentally evolved, and security leaders can no longer treat it as a filtering problem solved at the network edge. It’s now core to identity and zero-trust strategy, backed by modern standards that hyperscalers, regulators, and thousands of organizations have already adopted, bringing visible benefits like verified logos in consumer inboxes. Leaders who haven’t benchmarked themselves against their peers or kept up with current email standards should act now, because most real-world breaches still begin with a phishing email that escalates into lateral movement.
- [02:48] Automating Thousands of Certificates
As SSL certificate lifespans shrink, dropping from 200 days in 2026 to just 47 days by 2028, manual management has become untenable. Industry leaders managing thousands of certificates are unanimous: automation via protocols like ACME is the only viable path forward. With renewal frequency set to increase nearly eightfold and machine identities growing exponentially, spreadsheet-based tracking invites the kind of systemic failures that bring entire systems down from a single missed renewal. Businesses should rethink certificate management holistically, adopt ACME-compatible tooling, and begin preparing for post-quantum cryptography now, as quantum-relevant threats to RSA and ECC move from theoretical to imminent.
- [07:14] Code Signing in the Supply Chain Era
The code signing industry faces two converging pressures: the probabilistic nature of AI-driven security, which undermines the deterministic guarantees enterprises depend on, and the looming transition to post-quantum cryptography. Equally critical is a mindset shift. Incidents like SolarWinds showed that a compromised signature amplifies rather than contains damage, making it essential to position code signing within a holistic view of the entire software development and delivery pipeline as one piece of a broader supply chain security strategy.
Quotes:
- “Email security's transitioning from this filtering black box set at the edge of the network to something that's quite fundamental to their identity and zero trust plus strategy.”
- “Certificates validity is growing shorter year over year, with public CA vendors forced to issue 200-day certificates in 2026, going down to 100 days in 2027, and 47 days in the following year.”
- “You want to reimagine the way that you are doing certificate management across your landscape. The number of machine identities using certificates and keys are growing exponentially. With new compliance mandated, you cannot truly grow this manually, The only way to innovate and scale to these newer standards is to basically automate.”
- “The biggest challenge to everything right now seems to be AI. It's helping a lot, but it's also worrying people a lot. One of the challenges is to get deterministic security over all the heuristics that AI basically makes us face.”
- “Code signing is no longer an isolated thing that everybody is considering in isolation. It's part of a larger supply chain problem and solution.”
Trust.ID Talk: The Digital Certificate and Identity Security Podcast is handcrafted by our friends over at: fame.so