Word on the street is that DCI is considering adding high frame rates to its specification. It takes all six studios to agree to make such a change to the spec. Given that at least one studio will have its thinking cap on, it’s unlikely that the spec will change. The potential of exhibitor pushback aside (see the Dark Side of High Frame Rates), each studio has engaged in numerous virtual print fee agreements where the cost of upgrade due to changes in the DCI spec are negotiated between studio and exhibitor. I.e., if high frame rate 3-D projection is important to the studio, then go figure who pays.
What DCI should be paying attention to is that reliance on NIST security standards in the DCI spec require FIPS 140-2 compliant devices to discontinue the use of SHA-1 digital signatures by the end of 2013. Digital signatures are used throughout digital cinema to insure that content is not tampered with. DCI’s security consultant appeared to take NIST’s timeline seriously enough to submit 5 revised standards this month for sub-committee review in SMPTE.
Revising standards in SMPTE is only a small part of the work ahead. Fortunately for projector companies, only the media block will be affected by a revision to digital signatures. Due to the rules of implementation between DCI and NIST, there will eventually be two types of systems in the field: those that can calculate a SHA-1 hash, and those that can calculate a SHA-256 hash for digital signatures. Those media blocks that are FIPS-approved in 2014 and beyond will only be able to process SHA-256 digital signatures. Those media blocks that are FIPS-approved before 2014 are grandfathered and will not have to change.
The affected distribution files will be the KDM, CPL, and encrypted track files. It will be a nuisance, but barring a clever construction of XML file that can accommodate both types of digital signatures, one can expect that dual KDMs and dual CPLs will accompany each Composition. Fortunately, these are relatively small files, and duplicative types would not add significantly to the payload. But generating two sets of track files, each utilizing a different hashing algorithm, would double the payload for any encrypted content. If the behaviors are properly understood, the frame integrity checks that now utilize the SHA-1 algorithm will generate a log error when frame integrity cannot be verified, but not stop the show. This would happen if a system of newer design (circa 2014) were to attempt to verify frame integrity that requires use of the SHA-1 algorithm. If so, then a single set of track files may work, if one finds it acceptable to compromise frame integrity checks. Compromising agreed system behaviors, however, has never been a characteristic of DCI. Expect more to come.