33 lines
1.2 KiB
Markdown
33 lines
1.2 KiB
Markdown
# ECP-0011: stream encryption keys
|
|
|
|
Status: Draft
|
|
|
|
## Problem
|
|
|
|
We need a consistent encryption model so streams can be protected in transit while remaining discoverable by stream id.
|
|
|
|
## Decision
|
|
|
|
Derive a symmetric stream key deterministically from the stream id, with an optional network secret:
|
|
|
|
- `stream_key = BLAKE3-derive("every.channel stream key v1", network_secret || 0x00 || stream_id)`
|
|
- If `network_secret` is absent, the key is public and provides obfuscation only.
|
|
- If `network_secret` is present, the stream is private to holders of the secret.
|
|
|
|
Encryption will be applied at the object layer (MoQ objects), not at the transport layer. This allows relays to store and forward encrypted objects without visibility.
|
|
|
|
## Consequences
|
|
|
|
- Streams can be encrypted deterministically without coordination.
|
|
- Private swarms can be created by sharing a network secret.
|
|
|
|
## Alternatives considered
|
|
|
|
- Per-session negotiated keys: rejected because it prevents deterministic convergence.
|
|
- PKI per stream: deferred due to operational complexity.
|
|
|
|
## Rollout / teardown
|
|
|
|
- Add key derivation helper in `ec-crypto`.
|
|
- Implement object-layer encryption in the MoQ publisher.
|
|
- Add configuration for network secret.
|