28 Feb
2016
28 Feb
'16
12:04 p.m.
On Wed, 27 Jan 2016, Carsten Kurz via DCPomatic wrote:
Am 26.01.2016 um 16:33 schrieb Carl Hetherington via DCPomatic:
Indeed, software could refuse to operate if it didn't like the look of a
particular certificate chain.
Best,
Carl
That's it, as I understand it. Sometimes you
get just the leaf
certificate (which contains a public key used to encrypt KDMs) and
sometimes you also get the rest of the chain so you can see the trust.
And I guess, if the software creating the KDMs is set to follow the
certificate chain up, it could also verify wether the device or company
would be DCI compliant, and if there is no chain leading to such result,
it could refuse to create KDMs for specific content (like main-stream
features). I heard that Cine Cert software does that, effectively
preventing the creation of KDMs for non-DCI approved equipment with that
software.