All I can say is that this protects companies from homebrew “infractions” on their software copyright by making it difficult to install un-attested firmware updates.
I’m not even confident in that summary. What does this do?
Company A submits a new device for certification signed by their private key.
Company B certifies the device signed by their private key.
Company C on boards a device for an end-user and is confident it came from Company A and has been verified by Company B since the device has a certificate that can be verified from Companies A and B.
Yes it prevents home brew (though you can do home brew by replacing Company C with your own controller), but it also prevents knock offs.
When this information is distributed (like Lemmy federation), between instances, one has a degree of assurances all these records originated from the signer.
While the ledger part is not required, it provides a nice audit trail for the companies who do not trust each other enough without the transparency. Sure a central authority like the ESRB could do the same, but we could also all be on Reddit and not Lemmy…
I’m not understanding what problem this is solving.
The ESRB is a “cross-ecosystem” institution to keep games producers honest—what does this… DCL(?) actually do?
From what little I’ve read here:
https://csa-iot.org/developer-resource/white-paper-distributed-compliance-ledger/
All I can say is that this protects companies from homebrew “infractions” on their software copyright by making it difficult to install un-attested firmware updates.
I’m not even confident in that summary. What does this do?
Company A submits a new device for certification signed by their private key.
Company B certifies the device signed by their private key.
Company C on boards a device for an end-user and is confident it came from Company A and has been verified by Company B since the device has a certificate that can be verified from Companies A and B.
Yes it prevents home brew (though you can do home brew by replacing Company C with your own controller), but it also prevents knock offs.
When this information is distributed (like Lemmy federation), between instances, one has a degree of assurances all these records originated from the signer.
While the ledger part is not required, it provides a nice audit trail for the companies who do not trust each other enough without the transparency. Sure a central authority like the ESRB could do the same, but we could also all be on Reddit and not Lemmy…