• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

mkpeReport

top analysis covering digital cinema, 3-D, HFR, and laser illumination

  • Reports
  • About
  • mkpe.com
  • cinepedia.com

Why is DCI Hung Over NIST?

September 2010 by Michael Karagosian

In your author’s latest effort to bring awareness and action to the DCI-NIST debacle, and after discussion with fellow leaders in ISDCF, a detailed explanation of the problem was posted to the ISDCF reflector. For those who do not subscribe to the ISDCF email reflector, the letter can be read on the MKPE website.

One solution is detailed in the letter: that of decoupling from NIST and privately publishing the older version of FIPS 140-2. Other solutions are possible as well. For example, a solution all exhibitors would applaud is the elimination of the digitally-signed Security Log, which is the source of violation of NIST’s new rule against multi-use of key-pairs. Devious solutions aside, the issue that deserves exploration is why DCI has been lethargic in taking action.

A very real possibility within DCI is that this issue is far more complex politically than it appears. The obvious solution, that of decoupling from NIST, will likely not appeal to the original proponents behind the inclusion of NIST standards in the DCI spec. These proponents could argue that the security of their studio’s motion picture content relies on the same factors that cause NIST to periodically update the FIPS specifications. This is because NIST changes FIPS specifications in response to advances in the computational power commonly available in the marketplace. It’s a never-ending battle, which will result in never-ending changes to FIPS specifications.

Given the real threat of advancing computational power, the next question is what to do about it. If digital cinema equipment is to change with every update to the FIPS specifications, then not only does this raise serious logistical questions, but it raises very significant financial questions as well. On the logistics side, it is not possible to ripple changes quickly throughout the industry. Interop digital cinema began rolling out in 2005, when it was thought that DCI-compliant digital cinema was only around the corner. Fast forward to 2010, and while there is high expectation that the first DCI-compliant servers will be approved before the end of this year, we are still talking about dates for when to safely transition from Interop to DCI-compliant distributions.

To complicate matters, NIST allows only a one-year transition period when its specifications are updated. It can get away with this as it is a US government-funded agency, and the equipment that must be is paid for by US taxpayers. This represents a huge market to the makers of this equipment, which is richly priced. The high prices are tolerated, as it is tax dollars, not commercial profits, that must pay for it. Digital cinema, however, is purely commercial, and extends well beyond US borders. It does not allow such rich margins in equipment, and as already discussed, is still struggling to meet a specification that was put into place over 5 years ago.

The question of who pays probably also creates a split in DCI, if not a split within the studios themselves. Most, if not all, digital cinema deployment deals require the studios to reasonably participate in the cost of compliance-related upgrades to equipment. In a situation such as this, where there is substantial equipment in the field that works, and can be demonstrated to work securely, there is no incentive for the exhibitor to participate in the cost of a NIST/FIPS-related upgrade. Distributors will be keenly aware of this, and look warily on expensive and potentially business-disruptive upgrades. But their technology counterparts within their studios may not be as sympathetic, demanding that the exhibitor pays.

To be sure, one should expect that certain studios will take a pragmatic approach, and may very well propose a solution similar in nature to what has been suggested in this report. But there will also be those more driven by idealism, as well as those split internally as to how to manage security and how to pay for it.

What if no decision is made? Should January 1 arrive with no constructive action taken by DCI, the security section of the DCI spec will be in conflict with itself. As such, it will no longer be defensible, and more importantly, it will no longer be possible for a manufacturer to pass FIPS testing, rendering new products inadmissible for DCI compliance testing. The inability to carry on with DCI compliance testing could set the stage for the unraveling of DCI. With manufacturers blocked from obtaining DCI compliance, the studios individually will be exposed to restraint of trade charges if they continue to promote a policy that favors compliance. This could cause some or all studios to divorce themselves from the DCI joint venture, and announce new and individual policies for the qualification of digital cinema equipment.

In the short term, a dismantled DCI would cause little problem, other than possibly to Cinecert, whose healthy revenue for helping manufacturers to achieve DCI compliance will cease. (Don’t feel bad for Cinecert. It is highly likely that they will simply carry on with a different testing program that achieves support from certain studios.) SMPTE standards are strong, and future success in the marketplace requires compliance to SMPTE. But in the long term, ironically, security could take a hit. Some means for testing compliance to the pre-2010 version of FIPS 140-2 will be needed. And such security testing will require private publication of the pre-2010 FIPS 140-2, which takes us back to the beginning of this report.

Filed Under: Trade Organizations and Shows Tagged With: DCI, NIST

Primary Sidebar

Search

Topics

  • 3-D
  • Accessibility
  • Alt Content & Advertising
  • Anti-Piracy
  • Color
  • Communications
  • Deployment Entities
  • Distributors
  • Exhibitors
  • Fulfillment
  • High Dynamic Range
  • Higher Frame Rates
  • Installations
  • Patents
  • Projectors
  • Servers and IMBs
  • Sound
  • Technical Bodies
  • Theatre Management Systems
  • Trade Organizations and Shows

Full Archives

a publication of
MKPE Consulting LLC

Footer

Important Stuff

  • About
  • Privacy Policy

Archives

  • Category & Monthly Archives
Archives date back to 2008.

MKPE

mkpeReport is a publication of MKPE, a world-class consultancy building business at the crossroads of cinema and technology.
Learn more about MKPE.

copyright © 2008 - 2023 mkpe consulting llc

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo