You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The associated KDM's ContentAuthenticator element matches a certificate thumbprint of one of the certificates in the CPL's signer chain (see item 1 above), and that such certificate indicate only a "Content Signer" (CS) role per Section 5.3.4, "Naming and Roles" of the certificate specification [SMPTE 430-2 D-Cinema Operation - Digital Certificate].
SMPTE ST 430-2 6.2
If the certificate is a leaf certificate (one where the CA attribute of the BasicConstraint field is False), check that there is at least one role specified in the CommonName. (Note: It is permitted for non-leaf certificates – those with BasicConstraint.CA set to True – to have an empty list of roles, in which case the first character of the CommonName shall be the period character, which marks the end of the role field within the CommonName.) If the validation context includes a desired role, check that this role appears (see Section 6.1 and informative note there-in).
SMPTE ST 430-2 Annex A
Security devices should ignore unrecognized roles appearing in the CommonName.
The text was updated successfully, but these errors were encountered:
Hi,
Just wanted to confirm that this check is indeed coming from the DCI specification and that it should be considered as an error. Anyone had to deal with this error yet ? https://github.com/wolfgangw/backports/blob/master/dcp_inspect#L1621
Relevant specifications quotes follow.
DCI 1.3 9.4.3.5
SMPTE ST 430-2 6.2
SMPTE ST 430-2 Annex A
The text was updated successfully, but these errors were encountered: