2016-01-27 1:47 GMT+01:00 Carsten Kurz via DCPomatic <dcpomatic@carlh.net>:

Am 26.01.2016 um 16:33 schrieb Carl Hetherington via DCPomatic:

> That's it, as I understand it.  Sometimes you get just the leaf
> certificate (which contains a public key used to encrypt KDMs) and
> sometimes you also get the rest of the chain so you can see the trust.


And I guess, if the software creating the KDMs is set to follow the certificate chain up, it could also verify wether the device or company would be DCI compliant, and if there is no chain leading to such result, it could refuse to create KDMs for specific content (like main-stream features).
I heard that Cine Cert software does that, effectively preventing the creation of KDMs for non-DCI approved equipment with that software.
If you're talking about Waima, as far as I know, you need both chain and leaf. When you register a certificate, it uses the chain for verification, then only the leaf for KDM creation.
Wolfgang's cinemaslide can use chain of leaf to do that.

Carsten, are your Interop and SMPTE packages signed? Signed CPL+KDM is mandatory for SMPTE encrypted packages.
Can you send me the certificate for your server? I'll send you two other SMPTE / Interop samples made with other tools.

Best,

Lilian


- Carsten


_______________________________________________
DCPomatic mailing list
DCPomatic@carlh.net
http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic