Yaroslav Rosomakho
Yaroslav Rosomakho is Chief Scientist at Zscaler, where he leads research and innovation in secure networking, infrastructure resiliency, protocol design, and post-quantum cryptography. He is an active contributor to the IETF, currently chairing the HPKE Working Group and contributing to TLS, QUIC, MASQUE, and HTTP. Yaroslav has authored and co-authored several Internet-Drafts focused on enhancing the security of long-lived encrypted sessions and enabling scalable identity frameworks. Prior to Zscaler, he served as Field CTO at Netskope and held various technical leadership roles at Arbor Networks. His current focus is on building cryptographically resilient systems for the next generation of cloud and zero-trust architectures.
Session
TLS 1.3 and QUIC lack native mechanisms for refreshing cryptographic keys or certificates during long-lived sessions which creates challenges for applications like always-on VPNs, IoT, or real-time streaming. This talk explores the security risks of long-lived sessions and reviews recent IETF work (Extended Key Update and Certificate Update) that aim to address these gaps. We’ll compare with TLS 1.2 renegotiation, highlight how other protocols like Wireguard, SSH and IKEv2 approach key rotation, and examine existing workarounds used in practice. The session is targeted at implementers, protocol designers, and security practitioners interested in evolving TLS and QUIC for modern use cases.