24 Oct
2016
24 Oct
'16
4:06 p.m.
Hi, a couple of notes wrt signature below:
As far as I know, it is optional for IOP, but has to
be there, even in the form of a 'NullSignature' for SMPTE. And it's mandatory
for encrypted content.
XML Signature is optional in both Interop and SMPTE CPL/PKL.
XML Signature is optional for CPL with both encrypted and plaintext asset references.
In other words: encrypted playlist elements do not imply XML signature for the playlist
document.
There is one scenario, though, where a signature is inferred for CPL:
The rights owners decide to actually secure correct playback - of an unaltered CPL -
through the means of ContentAuthenticator. The ContentAuthenticator, as part of a KDM,
will contain the thumbprint of the CPL signer’s leaf certificate.
Playback systems are required to reject playback when the KDM’s element can’t be
matched with what the CPL contains: A valid signature with the correct leaf cert.
This workflow will yield KDMs of the DCI-Any or DCI-Specific formulation. And is,
ttbomk, not used anywhere yet. Of course everyone should but we don’t :)
See ISDCF’s “Guideline for SMPTE KDMs and Certificates Behaviour” for details. (1)
Note that in the Digital Cinema use case there is no such thing as a 'NullSignature’.
Wolfgang
(1) http://isdcf.com/papers/ISDCF-Doc5-Guideline-formulations-Interop-and-SMPTE…