From 6d14cb50509908f9a6c70065d6bf07a6f33a17d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20V=C3=B6lcker?=
<65532189+bjornvolcker@users.noreply.github.com>
Date: Mon, 9 Mar 2026 16:14:30 +0100
Subject: [PATCH 1/3] Remove Arbitrary Data TLV
The possibility to add arbitrary data to a Media Signing SEI generates an attack vector. Therefore, that specific type is removed from the specification.
If a vendor would like to add some metadata and have it signed, that data shall be put in a separate SEI of type user data unregistered with a different UUID (44959c31-e3f3-4aeb-8b4c-5e3a865801fc).
---
doc/MediaSigning.xml | 30 ++++++++----------------------
1 file changed, 8 insertions(+), 22 deletions(-)
diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml
index a3f8b096f..0b5c33728 100644
--- a/doc/MediaSigning.xml
+++ b/doc/MediaSigning.xml
@@ -283,6 +283,8 @@
Picture NAL Units, that is, slices of IDR-, P- and B-frames.
All SEI frames generated according to this specification, if not including a
signature.
+ SEI frames of type user data unregistered with UUID
+ 44959c31-e3f3-4aeb-8b4c-5e3a865801fc shall be hashed like a VCL NAL Unit.
Every GOP must be associated with at least one SEI frame
@@ -905,18 +907,6 @@
signatures.
-
-
- Arbitrary data
-
-
- 7
-
-
- Optional
-
- Additional data can be put here as a vendor specific blob.
-
@@ -1122,16 +1112,6 @@
-
- Arbitrary data
- This optional field contains Abritrary data that the device vendor want to be
- included. There is no guarantee that the data is reasonable or readable by
- anyone not previously knowledgeable in the area.
- The data tag can be added to any SEI described in
- this specification or to a SEI of its own.
- This tag can be useful to add vendor or device specific information and get it
- signed.
-
Low Bitrate Mode
@@ -1147,6 +1127,12 @@
correctly verified (partial) GOP hash, all NAL Units now have to be present and
correct.
+
+ How a device can add and secure vendor specifc metadata to a stream
+ Use a SEI of type user data unregistered with UUID
+ 44959c31-e3f3-4aeb-8b4c-5e3a865801fc. This NAL Unit shall be hashed
+ like a VCL NAL Unit.
+
How to generate the first certificate SEI
From d7e16f159a555d1a768ddb0f26b5975b5f72c552 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20V=C3=B6lcker?=
Date: Tue, 24 Mar 2026 12:39:04 +0100
Subject: [PATCH 2/3] Revert "Remove Arbitrary Data TLV"
This reverts commit 6d14cb50509908f9a6c70065d6bf07a6f33a17d3.
---
doc/MediaSigning.xml | 30 ++++++++++++++++++++++--------
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml
index 0b5c33728..a3f8b096f 100644
--- a/doc/MediaSigning.xml
+++ b/doc/MediaSigning.xml
@@ -283,8 +283,6 @@
Picture NAL Units, that is, slices of IDR-, P- and B-frames.
All SEI frames generated according to this specification, if not including a
signature.
- SEI frames of type user data unregistered with UUID
- 44959c31-e3f3-4aeb-8b4c-5e3a865801fc shall be hashed like a VCL NAL Unit.
Every GOP must be associated with at least one SEI frame
@@ -907,6 +905,18 @@
signatures.
+
+
+ Arbitrary data
+
+
+ 7
+
+
+ Optional
+
+ Additional data can be put here as a vendor specific blob.
+
@@ -1112,6 +1122,16 @@
+
+ Arbitrary data
+ This optional field contains Abritrary data that the device vendor want to be
+ included. There is no guarantee that the data is reasonable or readable by
+ anyone not previously knowledgeable in the area.
+ The data tag can be added to any SEI described in
+ this specification or to a SEI of its own.
+ This tag can be useful to add vendor or device specific information and get it
+ signed.
+
Low Bitrate Mode
@@ -1127,12 +1147,6 @@
correctly verified (partial) GOP hash, all NAL Units now have to be present and
correct.
-
- How a device can add and secure vendor specifc metadata to a stream
- Use a SEI of type user data unregistered with UUID
- 44959c31-e3f3-4aeb-8b4c-5e3a865801fc. This NAL Unit shall be hashed
- like a VCL NAL Unit.
-
How to generate the first certificate SEI
From 847800c3f79e6c4e58533415a1b18cd3274720f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20V=C3=B6lcker?=
Date: Tue, 24 Mar 2026 13:30:02 +0100
Subject: [PATCH 3/3] Clarified that Arbitrary Data tag can only be used alone
---
doc/MediaSigning.xml | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/doc/MediaSigning.xml b/doc/MediaSigning.xml
index a3f8b096f..ad40c0d54 100644
--- a/doc/MediaSigning.xml
+++ b/doc/MediaSigning.xml
@@ -1124,11 +1124,12 @@
Arbitrary data
- This optional field contains Abritrary data that the device vendor want to be
- included. There is no guarantee that the data is reasonable or readable by
- anyone not previously knowledgeable in the area.
- The data tag can be added to any SEI described in
- this specification or to a SEI of its own.
+ This optional field contains Abritrary data that a device can add to the stream.
+ The data is not used by Media Signing and interpretations is left to the vendor.
+ The data tag shall be added to a separate unsigned SEI,
+ that is, there shall be no other tags present in the SEI when this tag is present.
+ Validation shall be marked as "Not authentic" if this tag is present together with other
+ tags.
This tag can be useful to add vendor or device specific information and get it
signed.
@@ -1147,6 +1148,12 @@
correctly verified (partial) GOP hash, all NAL Units now have to be present and
correct.
+
+ How a device can add and secure vendor specifc metadata to a stream
+ Generate a Media Signing SEI with only an Arbitrary Data tag; See Section
+ . This NAL Unit will automatically be hashed
+ and thereby signed.
+
How to generate the first certificate SEI