From 9a4d5e8d7dca289ee5b283c9444989b8648c3f06 Mon Sep 17 00:00:00 2001 From: Suhas Date: Mon, 9 Feb 2026 14:35:54 -0800 Subject: [PATCH 1/5] Support Encryption Scheme --- draft-ietf-moq-msf.md | 136 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 135 insertions(+), 1 deletion(-) diff --git a/draft-ietf-moq-msf.md b/draft-ietf-moq-msf.md index 06a914d..5c646f9 100644 --- a/draft-ietf-moq-msf.md +++ b/draft-ietf-moq-msf.md @@ -32,6 +32,7 @@ author: normative: MoQTransport: I-D.draft-ietf-moq-transport-11 LOC: I-D.draft-mzanaty-moq-loc-05 + SecureObjects: I-D.draft-jennings-moq-secure-objects BASE64: RFC4648 JSON: RFC8259 LANG: RFC5646 @@ -156,7 +157,43 @@ cleanly switch between time-aligned media tracks at group boundaries. ## Content protection and encryption {#contentprotection} -ToDo - content protection for LOC-packaged content. +MSF supports end-to-end encryption of media content using MoQ Secure Objects +{{SecureObjects}}. When encryption is enabled, the payload of LOC-packaged +media objects is encrypted and authenticated, while relays can still route +content based on unencrypted header information. + +### Encryption scheme signaling + +The encryption scheme and parameters are signaled in the catalog using the +following track-level fields: + +* encryptionScheme {{encryptionscheme}} - identifies the encryption mechanism +* cipherSuite {{ciphersuite}} - specifies the AEAD algorithm +* keyId {{keyid}} - identifies the key material for decryption + +When the encryptionScheme field is present in a track definition, subscribers +MUST decrypt the object payload using the specified scheme before processing. + +### Default encryption scheme + +The default and RECOMMENDED encryption scheme for MSF is "moq-secure-objects". +Implementations supporting content encryption MUST implement the +"moq-secure-objects" scheme as defined in {{SecureObjects}}. + +When using the "moq-secure-objects" scheme: + +* The cipherSuite field MUST be present and set to a supported cipher suite value +* The keyId field SHOULD be present to identify the key material +* Key distribution and management are out of scope for this specification + +### Encrypted object structure + +For LOC-packaged tracks with encryption enabled: + +* The immutable header extensions (including Group ID and Object ID) remain + in plaintext and are authenticated +* The object payload is encrypted and authenticated using the specified cipher +* Private header extensions (type 0xA) are encrypted alongside the payload # Catalog {#catalog} A Catalog is an MOQT Track that provides information about the other tracks being @@ -227,6 +264,9 @@ Table 1 provides an overview of all fields defined by this document. | Language | lang | {{language}} | | Parent name | parentName | {{parentname}} | | Track duration | trackDuration | {{trackduration}} | +| Encryption scheme | encryptionScheme | {{encryptionscheme}} | +| Cipher suite | cipherSuite | {{ciphersuite}} | +| Key ID | keyId | {{keyid}} | Table 2 defines the allowed locations for these fields within the document @@ -516,6 +556,53 @@ Location: T Required: Optional JSON Type: Number The duration of the track expressed in integer milliseconds. This field MUST NOT be included if the isLive {{islive}} field value is true. +### Encryption scheme {#encryptionscheme} +Location: T Required: Optional JSON Type: String + +A string identifying the encryption scheme used to protect the track content. +The default and RECOMMENDED value is "moq-secure-objects" as defined in +{{SecureObjects}}. If this field is absent, the track content is unencrypted. + +Table 5: Registered encryption schemes + +| Name | Value | Reference | +|:====================|:=====================|:==================================| +| MoQ Secure Objects | moq-secure-objects | {{SecureObjects}} | + +Custom encryption schemes MAY be used. Custom scheme names SHOULD use Reverse +Domain Name Notation to avoid collisions (e.g., "com.example.custom-encryption"). + +### Cipher suite {#ciphersuite} +Location: T Required: Optional JSON Type: String + +A string identifying the AEAD cipher suite used for encryption. This field +MUST be present when encryptionScheme is specified. For the "moq-secure-objects" +scheme, the following cipher suites are defined: + +Table 6: Cipher suites for moq-secure-objects + +| Name | Value | Tag Size | +|:===========================|:=============================|:=========| +| AES-128-GCM-SHA256 | aes-128-gcm-sha256 | 128 bits | +| AES-256-GCM-SHA512 | aes-256-gcm-sha512 | 128 bits | +| AES-128-CTR-HMAC-SHA256-80 | aes-128-ctr-hmac-sha256-80 | 80 bits | + +Implementations MUST support "aes-128-gcm-sha256". Implementations SHOULD +support "aes-128-ctr-hmac-sha256-80" for scenarios requiring smaller +authentication tags. + +### Key ID {#keyid} +Location: T Required: Optional JSON Type: String + +A string identifying the key material used for encryption. This value is +transmitted in the Secure Object KID extension header (type 0x2) of each +encrypted object. The format and semantics of the Key ID are determined by +the key management system in use and are out of scope for this specification. + +When multiple tracks share the same Key ID, they MAY share the same base +key material, though per-track keys are derived using the track name as +defined in {{SecureObjects}}. + ## Delta updates {#deltaupdates} A catalog update might contain incremental changes. This is a useful property if many tracks may be initially declared but then there are small changes to a @@ -916,6 +1003,53 @@ and video tracks. ~~~ +### Encrypted Audio/Video Tracks + +This example shows a catalog for encrypted LOC-packaged audio and video +tracks using MoQ Secure Objects with AES-128-GCM. + +~~~json +{ + "version": 1, + "generatedAt": 1746104606044, + "tracks": [ + { + "name": "1080p-video", + "namespace": "conference.example.com/conference123/alice", + "packaging": "loc", + "isLive": true, + "targetLatency": 2000, + "role": "video", + "renderGroup": 1, + "codec": "av01.0.08M.10.0.110.09", + "width": 1920, + "height": 1080, + "framerate": 30, + "bitrate": 1500000, + "encryptionScheme": "moq-secure-objects", + "cipherSuite": "aes-128-gcm-sha256", + "keyId": "key-2024-q1-premium" + }, + { + "name": "audio", + "namespace": "conference.example.com/conference123/alice", + "packaging": "loc", + "isLive": true, + "targetLatency": 2000, + "role": "audio", + "renderGroup": 1, + "codec": "opus", + "samplerate": 48000, + "channelConfig": "2", + "bitrate": 32000, + "encryptionScheme": "moq-secure-objects", + "cipherSuite": "aes-128-gcm-sha256", + "keyId": "key-2024-q1-premium" + } + ] +} +~~~ + ### Media timeline and Event timeline This example shows a catalog for a media producer capable of sending LOC From aecc2ddab576f1b2787ad0d52f438f89994c983a Mon Sep 17 00:00:00 2001 From: Suhas Date: Thu, 12 Feb 2026 18:26:30 -0800 Subject: [PATCH 2/5] Add trackBaseKey field and key management documentation - Add trackBaseKey catalog field for base key material signaling - Add Key management subsection documenting out-of-scope nature - Add keyId scoping options (single track, session, or multiple) - Add informative reference to draft-jennings-moq-e2ee-mls - Add SecureObjects section references for keyId and trackBaseKey - Update encryption example with trackBaseKey --- draft-ietf-moq-msf.md | 60 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 50 insertions(+), 10 deletions(-) diff --git a/draft-ietf-moq-msf.md b/draft-ietf-moq-msf.md index 5c646f9..48011fa 100644 --- a/draft-ietf-moq-msf.md +++ b/draft-ietf-moq-msf.md @@ -54,7 +54,7 @@ normative: target: https://www.w3.org/TR/ttml-imsc1/ informative: - + E2EE-MLS: I-D.draft-jennings-moq-e2ee-mls --- abstract @@ -170,10 +170,27 @@ following track-level fields: * encryptionScheme {{encryptionscheme}} - identifies the encryption mechanism * cipherSuite {{ciphersuite}} - specifies the AEAD algorithm * keyId {{keyid}} - identifies the key material for decryption +* trackBaseKey {{trackbasekey}} - the base key material for this track When the encryptionScheme field is present in a track definition, subscribers MUST decrypt the object payload using the specified scheme before processing. +### Key management + +The keyId and trackBaseKey values are obtained from an external key management +system and the mechanism for obtaining these values is out of scope for this +specification. Examples of key management systems include MLS-based key +distribution {{E2EE-MLS}} or other out-of-band key exchange mechanisms. + +Depending on the key management mechanism in use, a keyId MAY be scoped to: + +* A single track +* A single MSF session +* Multiple tracks across one or more MSF sessions + +Publishers and subscribers MUST use the same key management system and agree +on the keyId scope semantics for interoperable operation. + ### Default encryption scheme The default and RECOMMENDED encryption scheme for MSF is "moq-secure-objects". @@ -184,7 +201,7 @@ When using the "moq-secure-objects" scheme: * The cipherSuite field MUST be present and set to a supported cipher suite value * The keyId field SHOULD be present to identify the key material -* Key distribution and management are out of scope for this specification +* The trackBaseKey field SHOULD be present to provide the base key material ### Encrypted object structure @@ -267,6 +284,7 @@ Table 1 provides an overview of all fields defined by this document. | Encryption scheme | encryptionScheme | {{encryptionscheme}} | | Cipher suite | cipherSuite | {{ciphersuite}} | | Key ID | keyId | {{keyid}} | +| Track Base Key | trackBaseKey | {{trackbasekey}} | Table 2 defines the allowed locations for these fields within the document @@ -595,13 +613,33 @@ authentication tags. Location: T Required: Optional JSON Type: String A string identifying the key material used for encryption. This value is -transmitted in the Secure Object KID extension header (type 0x2) of each -encrypted object. The format and semantics of the Key ID are determined by -the key management system in use and are out of scope for this specification. +transmitted in the Secure Object KID extension header as defined in +({{SecureObjects, Section 4.2}}) of each encrypted object. + +The keyId and associated trackBaseKey are obtained from an external key +management system. The mechanism for obtaining these values is out of scope +for this specification. Examples include MLS-based key distribution +{{E2EE-MLS}} or other out-of-band key exchange mechanisms. + +The scope of a keyId is determined by the key management system in use. A +keyId MAY be scoped to a single track, a single MSF session, or multiple +tracks and sessions. When multiple tracks share the same Key ID, they MAY +share the same base key material, though per-track keys are derived using +the track name as defined in ({{SecureObjects, Section 5}}). + +### Track Base Key {#trackbasekey} +Location: T Required: Optional JSON Type: String + +A base64-encoded {{BASE64}} string containing the base key material for this +track, as defined in ({{SecureObjects, Section 5}}). This field works in +conjunction with keyId to provide the cryptographic material needed for +decryption. The trackBaseKey is obtained from the same key management system +that provides the keyId. -When multiple tracks share the same Key ID, they MAY share the same base -key material, though per-track keys are derived using the track name as -defined in {{SecureObjects}}. +When present, this field contains the raw key material that, together with +the track name and other parameters defined in ({{SecureObjects, Section 5}}), +is used to derive the actual encryption keys. Publishers and subscribers MUST +use matching trackBaseKey values for successful decryption. ## Delta updates {#deltaupdates} A catalog update might contain incremental changes. This is a useful property if @@ -1028,7 +1066,8 @@ tracks using MoQ Secure Objects with AES-128-GCM. "bitrate": 1500000, "encryptionScheme": "moq-secure-objects", "cipherSuite": "aes-128-gcm-sha256", - "keyId": "key-2024-q1-premium" + "keyId": "key-2024-q1-premium", + "trackBaseKey": "dGhpc2lzYXNhbXBsZWJhc2VrZXk=" }, { "name": "audio", @@ -1044,7 +1083,8 @@ tracks using MoQ Secure Objects with AES-128-GCM. "bitrate": 32000, "encryptionScheme": "moq-secure-objects", "cipherSuite": "aes-128-gcm-sha256", - "keyId": "key-2024-q1-premium" + "keyId": "key-2024-q1-premium", + "trackBaseKey": "dGhpc2lzYXNhbXBsZWJhc2VrZXk=" } ] } From d61072a32aa374de4fe4e4cb63973799e61a5df2 Mon Sep 17 00:00:00 2001 From: Suhas Date: Thu, 12 Feb 2026 18:31:36 -0800 Subject: [PATCH 3/5] Change keyId and trackBaseKey from SHOULD to MUST for moq-secure-objects --- draft-ietf-moq-msf.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-moq-msf.md b/draft-ietf-moq-msf.md index 48011fa..4ea4515 100644 --- a/draft-ietf-moq-msf.md +++ b/draft-ietf-moq-msf.md @@ -200,8 +200,8 @@ Implementations supporting content encryption MUST implement the When using the "moq-secure-objects" scheme: * The cipherSuite field MUST be present and set to a supported cipher suite value -* The keyId field SHOULD be present to identify the key material -* The trackBaseKey field SHOULD be present to provide the base key material +* The keyId field MUST be present to identify the key material +* The trackBaseKey field MUST be present to provide the base key material ### Encrypted object structure From 8cbd26ad981164f250debe50b89b6eee9bf8c2a1 Mon Sep 17 00:00:00 2001 From: Suhas Date: Thu, 12 Feb 2026 18:32:51 -0800 Subject: [PATCH 4/5] Add SecureObjects section reference to encrypted object structure --- draft-ietf-moq-msf.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-moq-msf.md b/draft-ietf-moq-msf.md index 4ea4515..8228596 100644 --- a/draft-ietf-moq-msf.md +++ b/draft-ietf-moq-msf.md @@ -205,7 +205,7 @@ When using the "moq-secure-objects" scheme: ### Encrypted object structure -For LOC-packaged tracks with encryption enabled: +For LOC-packaged tracks with encryption enabled (see {{SecureObjects, Section 4}}): * The immutable header extensions (including Group ID and Object ID) remain in plaintext and are authenticated From 5a16392ccc74e59ffdbf93b661ae409851fb4b77 Mon Sep 17 00:00:00 2001 From: Suhas Nandakumar Date: Fri, 13 Feb 2026 06:55:17 -0800 Subject: [PATCH 5/5] Apply suggestions from code review Co-authored-by: Will Law <2762250+wilaw@users.noreply.github.com> --- draft-ietf-moq-msf.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/draft-ietf-moq-msf.md b/draft-ietf-moq-msf.md index 8228596..f57bbb9 100644 --- a/draft-ietf-moq-msf.md +++ b/draft-ietf-moq-msf.md @@ -185,15 +185,15 @@ distribution {{E2EE-MLS}} or other out-of-band key exchange mechanisms. Depending on the key management mechanism in use, a keyId MAY be scoped to: * A single track -* A single MSF session -* Multiple tracks across one or more MSF sessions +* A single MoQ Session +* Multiple tracks across one or more MoQ sessions Publishers and subscribers MUST use the same key management system and agree on the keyId scope semantics for interoperable operation. -### Default encryption scheme +### Recommended encryption scheme -The default and RECOMMENDED encryption scheme for MSF is "moq-secure-objects". +The RECOMMENDED encryption scheme for MSF is "moq-secure-objects". Implementations supporting content encryption MUST implement the "moq-secure-objects" scheme as defined in {{SecureObjects}}.