CDN leaching is a growing concern for content providers. The recent specification of the Common Access Token (CAT) has introduced a vehicle for designing more secure streaming delivery systems. Best practices for CDN content protection often involve renewing the token, either due to short expiration times or probabilistic rejections. However, token renewal is far from trivial.

In token-based delivery systems, we identify three key entities: the client, the CDN server, and the token generator. Typically, these communicate via HTTP(S). At any point during a streaming session, the CDN server may request the client to renew its token, ensuring seamless video playback, even for low-latency ABR streaming. The CAT specification includes two claims related to renewal: catr and catif. While the specification details several operation modes, none fully satisfy the combined requirements for fast renewal, legacy clients, and the unique characteristics of DASH and HLS. In this talk, we will unpack the current situation, presenting the pros and cons of each proposed solution. We aim to open the door to a better solution and outline the community effort needed for its implementation. This talk was presented at Demuxed 2024, a conference by and for engineers working in video. Every year we host a conference with lots of great new talks like this in San Francisco. Learn more at https://demuxed.com