19 May
2014
19 May
'14
9:16 p.m.
On Mon, 19 May 2014, Carsten Kurz wrote:
Am 19.05.2014 um 17:53 schrieb Carl Hetherington:
That's what I was getting at: the possibility that Mallory can
decode content that he does't have the rights to. He could make
up a private key and certificate, claim that it belonged to Big
Cinema, and hence get sent keys to decrypt DCPs.
I imagine the major problem might be trust in
tieing
certificates to particular cinemas and screens. If Alice said
"Here is the certificate for Screen 1 in `My Great Cinema' in York,
England"
(and she was telling the truth) but then Mallory said "Here is
the certificate for Screen 1 in `My Great Cinema' in York,
England" (and he was lying): who do you believe? If you believe
Mallory, he could use that trust to obtain KDMs for his
equipment that were not due to him.
As Malcolm then would not have access to that equipment, he
could not do anything bad with the KDM. Of course, it could be
used to some sort of 'denial-of-service' abuse,
KDM/certificate highjacking, etc. A few years ago we had only three or four service
companies
dealing with DCPs and KDMs for germany. Usually after
installation, the cinema integrator served as an authority to
confirm the installation of the specific gear and communicated
the serials/certificates to these. Today it's a bit more
complicated.
So it seems!
Best regards,
Carl