Comment on Please Stop
petrol_sniff_king@lemmy.blahaj.zone 8 months agoI’m not understanding what problem this is solving.
The ESRB is a “cross-ecosystem” institution to keep games producers honest—what does this… DCL(?) actually do?
From what little I’ve read here:
csa-iot.org/…/white-paper-distributed-compliance-…
All I can say is that this protects companies from homebrew “infractions” on their software copyright by making it difficult to install un-attested firmware updates.
I’m not even confident in that summary. What does this do?
sloppy_diffuser@sh.itjust.works 8 months ago
Company A submits a new device for certification signed by their private key.
Company B certifies the device signed by their private key.
Company C on boards a device for an end-user and is confident it came from Company A and has been verified by Company B since the device has a certificate that can be verified from Companies A and B.
Yes it prevents home brew (though you can do home brew by replacing Company C with your own controller), but it also prevents knock offs.
When this information is distributed (like Lemmy federation), between instances, one has a degree of assurances all these records originated from the signer.
While the ledger part is not required, it provides a nice audit trail for the companies who do not trust each other enough without the transparency. Sure a central authority like the ESRB could do the same, but we could also all be on Reddit and not Lemmy…