From a33c64eadf9421ba85440a12a70e726c259977f6 Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Tue, 26 May 2026 09:49:59 +0200 Subject: [PATCH 1/3] Remove the error requirement and keep it implementation dependent. --- doc/Security.xml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/doc/Security.xml b/doc/Security.xml index 584313f93..6a41da894 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -4408,10 +4408,8 @@ certificate in the chain and its associated private key shall be used for signing media as described in the [Media Signing Specification]. This key and certificate are referred to as user provisioned key and certificate in that specification. - If a user-provisioned certification path is configured, it shall be replaced by the - new certification path only if it is not in use by an ongoing media streaming session; - otherwise, the device shall return a ReferenceExists fault and shall not replace the - certification path. + If a user-provisioned certification path is configured, affected streams may need to + be restarted before the change takes effect. A device shall support this command if the UserMediaSigningKeySupported capability is true. @@ -4453,9 +4451,8 @@ This operation removes a certificate assignment (including certification path) on the device that has been added by AddMediaSigningCertificateAssignment. The factory provisioned certification path cannot be removed. - If the assigned certfication path is in use for an ongoing media streaming session, - the device shall produce a ReferenceExists fault and shall not remove the certificate - assignment. + If a user-provisioned certification path is configured, affected streams may need to + be restarted before the change takes effect. A device shall support this command if the UserMediaSigningKeySupported capability is true. From b718591b4b4ff17ff78510bfee102994d909905e Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Wed, 27 May 2026 10:57:51 +0200 Subject: [PATCH 2/3] editorial --- doc/Security.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/Security.xml b/doc/Security.xml index 6a41da894..3125117d4 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -4451,8 +4451,8 @@ This operation removes a certificate assignment (including certification path) on the device that has been added by AddMediaSigningCertificateAssignment. The factory provisioned certification path cannot be removed. - If a user-provisioned certification path is configured, affected streams may need to - be restarted before the change takes effect. + If a user-provisioned certification path is removed, affected streams may need to be + restarted before the change takes effect. A device shall support this command if the UserMediaSigningKeySupported capability is true. From 3c851a78ca6e42c65c3c1146f315ab279ec23d29 Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Thu, 18 Jun 2026 14:21:49 +0200 Subject: [PATCH 3/3] tighten the requirement to stop ongoing streams --- doc/Security.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/Security.xml b/doc/Security.xml index 3125117d4..8644b836d 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -4408,8 +4408,8 @@ certificate in the chain and its associated private key shall be used for signing media as described in the [Media Signing Specification]. This key and certificate are referred to as user provisioned key and certificate in that specification. - If a user-provisioned certification path is configured, affected streams may need to - be restarted before the change takes effect. + If a user-provisioned certification path is configured, ongoing streams shall be + stopped by the device. A device shall support this command if the UserMediaSigningKeySupported capability is true. @@ -4451,8 +4451,8 @@ This operation removes a certificate assignment (including certification path) on the device that has been added by AddMediaSigningCertificateAssignment. The factory provisioned certification path cannot be removed. - If a user-provisioned certification path is removed, affected streams may need to be - restarted before the change takes effect. + If a user-provisioned certification path is removed, ongoing streams shall be stopped + by the device. A device shall support this command if the UserMediaSigningKeySupported capability is true.