• sloppy_diffuser@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    https://csa-iot.org/certification/distributed-compliance-ledger/

    Matter Distributed Client Ledger. In use by Apple, Amazon, Google, Samsung, and many more.

    Contains all the attestation information for on boarding Matter devices. Where once it was Google Home vs Apple HomeKit vs Amazon Echo / Alexa, supporting devices can now work cross ecosystem.

    Since many of these companies are competitors working together. A distributed ledger makes sense to keep everyone honest and provide a level of tech supported governance.

    • petrol_sniff_king
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      I’m not understanding what problem this is solving.

      The ESRB is a “cross-ecosystem” institution to keep games producers honest—what does this… DCL(?) actually do?

      From what little I’ve read here:

      https://csa-iot.org/developer-resource/white-paper-distributed-compliance-ledger/

      All I can say is that this protects companies from homebrew “infractions” on their software copyright by making it difficult to install un-attested firmware updates.

      I’m not even confident in that summary. What does this do?

      • sloppy_diffuser@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Company A submits a new device for certification signed by their private key.

        Company B certifies the device signed by their private key.

        Company C on boards a device for an end-user and is confident it came from Company A and has been verified by Company B since the device has a certificate that can be verified from Companies A and B.

        Yes it prevents home brew (though you can do home brew by replacing Company C with your own controller), but it also prevents knock offs.

        When this information is distributed (like Lemmy federation), between instances, one has a degree of assurances all these records originated from the signer.

        While the ledger part is not required, it provides a nice audit trail for the companies who do not trust each other enough without the transparency. Sure a central authority like the ESRB could do the same, but we could also all be on Reddit and not Lemmy…