MOQT uses secure transports that provide confidentiality and integrity protection. However, media objects are accessible to relays, and are subject to both intentional and accidental modification, unless they are additionally end-to-end protected.
The media objects transported by MOQT in various tracks from various original publishers are subject to several considerations. The first is source authenticity, i.e. to know that the received media objects are what the original publisher actually published. In addition to the media objects, it can also be important to authenticate some Track and Object Properties. For example, timestamps are crucial to understand where on the timeline this media fragment belongs.
The second aspect is content confidentiality. Beyond direct relay access to media objects, object sizes and traffic patterns enable analysis of content. Track namespace and track name can also be analyzed and correlated between end subscribers by relays.
The end-to-end media security is handled by mechanisms external to this specification. They need to provide source authenticity and confidentiality. MOQT's object model does enable both the object data itself as well as Object Properties to be confidentiality and integrity protected. MOQT also supports Object Properties being integrity protected but not encrypted.
Current proposals for media security include: - An E2EE scheme based on SFRAME: [I-D.ietf-moq-secure-objects].
Secure key distribution for end-to-end encryption is specific to the encryption system and deployment, and outside the scope of this document.