Well, I don't know really but maybe it would help to make distributors less restrictive when issuing kdms for just the DOM Player which has no export functions.
I feel like implying that a distributor can safely issue a key for a the DoM Player would be a little deceptive. They would still be allowing their DCP to be decrypted with only the slightest of extra difficulty.
The 2 or 3 times I tried using the DOM certificate to receive a DKDM from a distribution company it got rejected, stating the software is not DCI compliant. I don't know what beaurocracy and fees you would need to go through for DCI Membership but I can imagine it.. But that's another story...
Do they call any PC-based DCP software "DCI compliant" with regards to issuing KDMs? I could try to obscure the DCP-o-matic private key somehow but I can't imagine it would ever be possible to secure it "enough".
You make the point there, Carl.
I am not sure what you (or they) call „PC-based DCP software“, yet, for the sake of discussion, the Doremi-to-become-Dolby Cineasset was using a CodeMeter USB dongle (CmDongle) to store the secure/private key that would be carried along with the license and wouldn't be accessible by the user.
I am using past tense because Cineasset is out of the market since almost a year and a half, now.
As far as I know, EasyDCP certificates, for example, are linked to the actual hardware on which the software is installed. I think it uses the graphics card and/or network adapter uuids for that. I remember at one point in the past I needed to migrate my EasyDCP installation to a more powerful computer and I had to go through Fraunhofer to regenerate my certificate with the new machine.
This means of course that the software company has to maintain a database with actual company/billing info linked to each and every installation. I guess this is the basis for DCI compliance, to be able to trace a particular kdm to an actual company or person. And it has a price to pay.
Software copy protection is a whole different story compared to DCI compliance. KDM issuers use categories of trusted users and the hardware and software they use. Major studios will not allow KDMs to be generated towards untrusted entities, no matter how good EasyDCP or other software is platform-bundled or copy protected. Smaller distributors on the other hand may give out KDMs to anyone to support e.g. low cost subtitling.