Company A submits a new device for certification signed by their private key.
Company B certifies the device signed by their private key.
Company C on boards a device for an end-user and is confident it came from Company A and has been verified by Company B since the device has a certificate that can be verified from Companies A and B.
Yes it prevents home brew (though you can do home brew by replacing Company C with your own controller), but it also prevents knock offs.
When this information is distributed (like Lemmy federation), between instances, one has a degree of assurances all these records originated from the signer.
While the ledger part is not required, it provides a nice audit trail for the companies who do not trust each other enough without the transparency. Sure a central authority like the ESRB could do the same, but we could also all be on Reddit and not Lemmy…
Company A submits a new device for certification signed by their private key.
Company B certifies the device signed by their private key.
Company C on boards a device for an end-user and is confident it came from Company A and has been verified by Company B since the device has a certificate that can be verified from Companies A and B.
Yes it prevents home brew (though you can do home brew by replacing Company C with your own controller), but it also prevents knock offs.
When this information is distributed (like Lemmy federation), between instances, one has a degree of assurances all these records originated from the signer.
While the ledger part is not required, it provides a nice audit trail for the companies who do not trust each other enough without the transparency. Sure a central authority like the ESRB could do the same, but we could also all be on Reddit and not Lemmy…