​

Well, I didn't buy a SONY either, but I'm stuck working with them, and this certificate issue
is a real pain in the ass. I can no longer automatically trust content and keys that I get from
Deluxe. They will not issue any list of titles known to be affected. We play numerous legacy
titles on a regular basis. ( I've got over a ½ dozen this week alone) Every one I get needs
to be double checked that it will actually play, since the only warning you get that it won't
play is . . THAT IT WON"T PLAY! There are no advance error messages of any type.

And of course they won't give me KDM's with a wider window so that I might have a little
more time to test play. I've got another LORD OF THE RINGS title coming up this week that
I know won't play without a 'fix' My big worry this week is that we have a sold-sold out advance
preview screening of "a soon-to-be-released major motion picture" later this week. The DCP
creation date is Dec 30 of Y2k23, which is the date when certifapacoplyse first became known.
Right now, the key they sent opens only an hour before the scheduled screening. They won't
send a test key unless I can do my QC with studio security present. I am putting in a lot of
extra hours, and losing a lot of sleep (literally! - last nite I didn't get home till almost 2am),
and have had to put in time on many of my days off. I know some of this comes with the
job and is occasionally necessary, and that's OK, but this situation shows NO sign of going
away anytime soon, and ti's turning into a regular thing. I suppose if there is a silver lining
on this cloud, it's that I may be able to make a good case argument for either:
1) Getting new digital projectors; or
2) Running more 35 and 70mm, or
3) Retiring

So do you "just" need a tool which can read the certificate expiry date from the DCP (to avoid the need for a KDM to find out whether the DCP will play)? Or is there some other problem that I missed?

Allow me to mention ClairMeta (https://github.com/Ymagis/ClairMeta#readme) and dcp_inspect (https://github.com/wolfgangw/backports#readme) again - two DCP inspection/checking tools which will tell you, among many other things, about expired certificates in DCPs.

On the topic of DCI being fit for purpose.
I would have to say the DCI implementation has been very successful in that it has mostly stamped out SCREENERS, due to watermarking, and is secure.
Considering what it was created for, the effort by the studios to make it non-proprietary. Yes, its a bit over complex but it did achieve its goal.

Unfortunately, studios have mostly unwound the need for such strong security as windows are now so short. But considering the specifications at birth, it did achieve its goal.

As its also mostly based on open standards, it just a characteristic of doing so that complexity is a little high. But then again, the security is better as so many eyes look over the key technologies that secure the content.

Also, being open also means that into the future. all the software needed to build or reproduce the implementation can be stored with the media. This is why the studios are so hell-bent on using non-proprietary technologies for archival storage. Unlike physical film. You need to build a physical projector to be able to access the film content. In digital, you just need to pop up an old container that is compatible with the source code that can be stored with the media file, and you have cheap/easy/fast access to the media going into the future.. Plus unlike any analog storage system, it will be bit for bit identical to the day it was created. And these days archives are always made up of digital files over just the media.

SO, yes, going digital is complex, but it has its advantages.

The issue that this topic brings up is... With a recent major breakthrough in Quantum Computing, (Where they have gone from 1000 physical q-bits down to under 100 to obtain a logical q-bit.) Considering how long it takes this industry to transition (interop to SMPTE being an example). DCI would need to start considering a quantum-computer-resistant overhaul of DCI.
But then again, if we are looking at only protecting content for 6 months or less before it is streamed and given out freely for piracy. Can a new transition be justified? Is the current still fit for purpose? (Its not like a kid in his bedroom is ever going to have a quantum computer, you have to be hundreds of billion type company. Even if they existed today, the costs to do it still make it a ridiculous idea.)

Anyway, some star gazing for you to ponder.

With more and more mediablocks hitting the street via second hand and other backdoor markets, it's only a matter of time someone will start to reverse-engineer the stuff. No large-scale DRM scheme has ever really stood the test of time.

Digital archival comes with its own challenges. While digital archival, in an ideal world, would allow us to keep all what we have now at the same level of quality, keeping formats relevant and usable is a unique challenge. Old 35mm film comes with the distinctive advantage that it's rather easy to derive from the form factor of how stuff works. Digital formats, like a M-JPEG2000 compressed stream of pictures, requires tons of documentation. JPEG2000 is NOT a trivial algorithm. Also, AES-encrypted data without a key is simply random junk and no quantum computer is going to solve that puzzle for you. So: Let's NOT archive our movies in an encrypted form, those keys will eventually get lost and even if the binary data doesn't get lost, the idea behind the data may get lost...

Just keep in mind how difficult it already is to access digital legacy content. If you'd find a bunch of long-forgotten floppies for example, would you even be able to read them? And even if you'd be able to read them, would you be able to interpret the contents of the file? Unused knowledge has the tendency to get lost to the sands of time... We sent people to the moon back in 1969, nowadays NASA barely manages to send a rocket into space...

When it comes down to archival in general, we all know that movie studios suck at it. They want to spend the least amount of money possible on it and if it weren't for collectors and movie fanatics all around the world, many more movies would've been lost already.

As for a working KDM system in a post-quantum world: The entire system would neet to get an overhaul. All asymmetric encryption would need to be replaced with quantum-safe alternatives. That would require a massive amount of upgrades and re-certifications of all platforms involved. How much effort do you expect the likes of Sony, Dolby et all are willing to put into such an upgrade.

For a path forward, I'd say: Ditch the encryption all together. No matter how good your DRM is, you'll never close the "analog loophole", even the pirates behind Ghost Nr.1 were eventually just pointing a 4K camera at a screen. Leaks of DVD/Blu-Ray screeners have successfully been traced to the origin using watermarking. Watermarking a/lso played an important role in finding Ghost Nr.1 Make sure everybody knows the watermarking is there. Eventually, I'd say the best path forward would be individual watermarking of DCPs. The only system that would not be able to cope with this are the satellite delivery systems, maybe they could still be served with "legacy KDMs" as long as those systems remain relevant. Customizing a DCP per exhibitor may sound daunting at first, but really isn't that much of a challenge anymore in 2024. Without the encryption, you can save the KDM overhead, yet if something leaks, you can assure you can trace it back to the exhibitor.​

DCPs receive individual watermarking through the media block at playout time.

But an unencrypted dcp can be played using software that doesn't do that watermarking.

And not only "played".

In regards to software to check certificate validity, that is usually residing on a personal computer, instead of a cinema-server, a TMS or an LMS...
Unless the software may check only the .xml or no-extention files, it takes time, storage etc. to come with a result.
That said, when I am in trouble, if DCP-o-matic doesn't clarify things, I use ClairMeta. And it has helped me in the past to get past the "...but this DCP has played fine in a lot of festivals!" nonsense.
Or, at least, to explain why this argument doesn't convince me nor the audience.

My guess is that Jim would like a software that he could use remotely (FTP in, check and delete?) for the files on the server and would warn of upcoming failures as much as indicate dead certificates.
There were quite a few times that I would love that imaginary software that would give me info I couldn't get from the encrypted DCP, either because it's not part of the naming convention, or because the naming is... unconventional.
Duration, credits' markers (and other), bitrate (based on size, frames and framerate), authoring software and/or issuer, UUID, actual aspect ratio (if I had a million dollars for each DCP that was not F/S, even if it said so) and date of creation. All that is useful info that may or may not be given on a TMS, but would be "fun" to be able to check for one or a bunch of packages.
Yes, hash check and frame-size check are good, but often enough are not necessary. Especially if the DCPs are verified upon ingest.

What Frank said.

If DCPs receive their watermarking from the "vendor" or "distributor", just like most screeners nowadays do, then there is no easy way to get rid of it. I'm pretty sure that an unencrypted DCP played via DCP-o-Matic doesn't receive any sort of watermarking.

The fact that screeners can now be traced back to the source and those who are provided with them have been made aware of it, has prevented the leakage of most of them, as people are aware that if they share their copy, the consequences may be dire.

The whole idea is to get rid of the encryption, the infrastructure necessary to maintain it, but still get a reasonable level of content protection.

Ideally, a script that uses dcp_inspect or Clairmeta, connects to any FTP server, browses all xml files carrying certificates, throws out their expiration dates and CPL name/path. That would cope with standard NAS devices, distribution servers, cinema servers, etc.

Nothing against dcp_inspect or Clairmeta, but I guess the cert-checking alone would also work with the standard OpenSSL implementations, which could keep the paket small and easier to install. From the standpoint of usability, a windows build would probably make most sense for exhibitors. Whereas in a Linux environment, setting up a a script to perform the task using dcp_inspect or Clairmeta would probably be a piece of cake. These tools of course would also deliver much more information than just signer cert expiration.

- Carsten

Connecting to an FTP server would be a nice extra. Something that scans all DCPs in a directory and outputs a little report and maybe highlights any expiring or soon to expire certificates that could prevent playback would already be helpful. FTP could be worked around by using something like FTPFS or sshftp if needed.

Well, what about the new infrastructure needed to create watermarked unencrypted screeners? They would need to be re-encoded, image and audio. Honestly, the encryption needs much less effort, AND adds individual watermarking - so has multiple benefits - protection AND traceability. KDMs also enable presentation control - release dates, sneaks, festivals, screeners. I don't think distributors will simply give this up because they fear quantum computers

Yeah, you can't make an omelette without breaking an egg. But it also depends on what you want to watermark. If you only watermark the audio, then the process really is rather limited. But even 4K video can be watermarked at 100-times real-time speed with some modern GPUs...

Off course those in power don't want to give up their control. It has to hit them in the face a few more times, but I guess those studios will be extinct before anything changes.

But maybe it's a good time to think about the technology stack that will replace the one dictated by Hollywood already, because I have the feeling, it won't take another 10 years before the last studio as we knew it goes extinct...

Boy howdy I should have popped into the forums earlier in the new year. We have the benefit of delay in that our first screening of the new year was not until the 18th. But alas we did hit the Doremi DCP2000 Y2K24 system date bug (due to having been on 2.8.19). We were aware of the Dec 2025 update deadline, but Y2K24 caught us by surprise.

Our sold out 3 day engagement of Princess Bride DCP with Cary Elwes unfortunately started on a fallback to Blu-Ray for Day 1, which some might consider an upgrade since it has 5.1 remastered audio. We got updated to 2.8.52 and fixed our system date issue for Day 2 and restored DCP playback of that title. But from what I'm reading had we been on a different vendor server/IMB we might still have been unable to play the title! Our sister room is GDC but is mostly active for festivals and summer, will have to keep an eye on it and look for GDC updates.

As we tend to "confirm on screen" most of our media... like others said, mostly will be problematic when given short key windows. At least festivals have a tech window, and presumably will be aware of this issue and doing their certificate expirey QC ahead (we can hope?), if the industry at large has not entirely pivoted to a more relaxed implementation of DCI spec when it comes to signing certificates by the time we hit the next festival.

I've bookmarked those Cert inspection tools, thanks to those who shared those resources! Will no doubt be handy to try to put them in our pipeline, if possible. Getting new physical media in time when we find problems will be the hard part!

I was running from theatre to theatre 12/31/1999 to make sure no Y2K bugs would get us. We had just one of 100+ screens affected by Y2K24. That was one more then in 1999.
I did witness a a spectacular fireworks disaster at midnight 12/31/1999.