• petrol_sniff_king@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    I’m not understanding what problem this is solving.

    The ESRB is a “cross-ecosystem” institution to keep games producers honest—what does this… DCL(?) actually do?

    From what little I’ve read here:

    https://csa-iot.org/developer-resource/white-paper-distributed-compliance-ledger/

    All I can say is that this protects companies from homebrew “infractions” on their software copyright by making it difficult to install un-attested firmware updates.

    I’m not even confident in that summary. What does this do?

    • sloppy_diffuser@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      Company A submits a new device for certification signed by their private key.

      Company B certifies the device signed by their private key.

      Company C on boards a device for an end-user and is confident it came from Company A and has been verified by Company B since the device has a certificate that can be verified from Companies A and B.

      Yes it prevents home brew (though you can do home brew by replacing Company C with your own controller), but it also prevents knock offs.

      When this information is distributed (like Lemmy federation), between instances, one has a degree of assurances all these records originated from the signer.

      While the ledger part is not required, it provides a nice audit trail for the companies who do not trust each other enough without the transparency. Sure a central authority like the ESRB could do the same, but we could also all be on Reddit and not Lemmy…