NTDF-RTMP: Excessive key rotation on every keyframe

[arkavo-com]

Summary

NTDFStreamingManager rotates keys on every keyframe rather than only when necessary. This creates unnecessary KAS load and latency when rotation isn't required.

Current Behavior

// NTDFStreamingManager.swift:203-206
if frame.isKeyframe {
    try await rotateCollection()
}

At typical 2-second GOP intervals:

• 30 key rotations per minute
• 1,800 KAS rewrap requests per hour
• Latency spike on every keyframe

Valid Reasons for Key Rotation

Per NTDF-RTMP draft-02, key rotation should occur for:

1. IV Counter Exhaustion: Approaching 8M items threshold (~22 hours at 60fps)
2. Policy Rotation: Changing access control mid-stream (e.g., revoking users, changing clearance level)

Expected Behavior

Rotation should be opt-in based on actual need:

// Only rotate when necessary
if frame.isKeyframe {
    if needsIVRotation() {
        // Approaching 8M item threshold
        try await rotateCollection()
    } else if pendingPolicyChange != nil {
        // Policy rotation requested by application
        try await rotateCollection(policy: pendingPolicyChange)
        pendingPolicyChange = nil
    }
}

Consider adding a public API for policy rotation:

/// Request policy rotation on next keyframe
public func requestPolicyRotation(newPolicy: Data) async

Impact

• Performance: Reduced KAS server load when rotation not needed
• Latency: Smoother keyframe delivery for steady-state streaming
• Flexibility: Explicit control over when and why rotation occurs

References

• NTDF-RTMP draft-02: Key Rotation section
• NTDF-RTMP draft-02: IV Counter Exhaustion section
• NTDFStreamingManager.swift:337 - unused needsIVRotation() function