20 May
2014
20 May
'14
7:05 a.m.
Carl Hetherington:
I imagine the major problem might be trust in tieing
certificates to particular cinemas and screens.
A crucial part of issuing KDMs for any given target is
to make sure the target certificate has the correct
"ancestry". Verified vendor CA certificates are required
for that. Once you have known-to-be-correct CA certs you
can mathematically verify a given leaf certs ancestry.
Mallory's scheme would only work if the KDM issuer had not
built in this vital verification in their cert management.
Wolfgang