
USB 3.1 now has digital signatures: may force you to use vendor chargers only - cnvogel
http://www.usb.org/developers/docs/
======
guelo
"People of the same trade seldom meet together but the conversation ends in a
conspiracy against the public, or in some contrivance to raise prices." \-
Adam Smith

~~~
nthcolumn
"Just because you're paranoid, don't mean they're not after you" \- Nirvana

------
gargravarr
I don't think this is going to solve the problems of poor quality chargers.
Recalling the Google engineer testing large numbers of USB3.0 cables, his
Chromebook was damaged because a bad cable reversed the wiring of the power
and data lines. Just because your phone asks the charger for its signature
doesn't mean it won't get max continuous voltage to its DATA_RETURN channel
instead. This is an unnecessary complication that isn't going to solve any
problems, just add new ones.

------
brongondwana
Con: you'll have to use vendor chargers.

Pro: you won't be able to use these:

[http://www.righto.com/2016/03/counterfeit-macbook-charger-
te...](http://www.righto.com/2016/03/counterfeit-macbook-charger-
teardown.html)

or their moral equivalent

[http://www.righto.com/2012/03/inside-cheap-phone-charger-
and...](http://www.righto.com/2012/03/inside-cheap-phone-charger-and-why-
you.html)

[http://www.instructables.com/answers/240V-Power-Socket-
with-...](http://www.instructables.com/answers/240V-Power-Socket-with-USB-
outlets-leaks-currentno/)

[http://www.gizmodo.com.au/2014/06/please-dont-buy-cheap-
phon...](http://www.gizmodo.com.au/2014/06/please-dont-buy-cheap-phone-
chargers-and-cables/)

... it's not as simple as "big bad charger conspiracy" \- scummy manufacturers
really are putting out deathtraps out there, and a protocol protection to
convince you not to keep using them makes sense.

~~~
striking
It doesn't make sense to require authentication on chargers, because then
either only a small elite group can make chargers and charge insane prices, or
everyone can make a charger after licensing the authentication procedure and
then we're back at square one.

It doesn't solve the problem, it moves the stupid somewhere else.

~~~
MichaelBurge
If you have an authentication procedure, you can do things like force the
manufacturer to put down a security deposit, do background checks on the
applying company to make sure they have history, or force him to undergo some
kind of standardized testing on the product. It doesn't help on a technical
level, but helps on a social one.

Game consoles historically have done all of these: You have to spend tens of
thousands on a developer kit, they often prefer to see companies with a
history, and they review your game before they allow you to sell it. I think
all of these do help increase the quality.

The negative of course is that you end up with a walled garden.

~~~
striking
That means we'll get to see low or slow (or no!) rates of adoption, like with
Thunderbolt.

Instead of getting cool, inexpensive eGPU or other external PCIe tech, we have
to pay upwards of $200 just to connect our existing PCIe cards. And take note
of the cost difference between external hard drives that incorporate
Thunderbolt rather than USB3.0: they're way more expensive.

What's more convenient for consumers? USB3.0, not Thunderbolt. Even though
Thunderbolt is way more interesting and has way more promise (it's the entire
PCIe bus, exposed!), it was nearly stillborn because of its inane licensing.

~~~
anexprogrammer
I'd prefer rigorous licencing and somewhat expensive authentication to the
current USB free for all where a £5 charger can destroy your £500 device.

If we end up replacing the current market where chargers run £1-£30 with one
where they're £8-£35, but can be confident of reasonable levels of basic
electrical functionality and safety, I'd be happy enough.

~~~
MichaelBurge
My surge protector comes with a $10,000 mini-insurance policy if it fails to
protect against a surge. It seems like something similar could be done for any
market: Buy up 10,000 USB chargers for cheap, have them all inspected,
underwrite an insurance policy that reimburses the customer for manufacturing
defects, and charge more. Have a backup policy with a big insurance company
for the sole purpose of assuring customers that they have someone to file a
claim with in the event that you're bankrupt.

You don't even need a standards consortium to do it.

------
hvidgaard
At least in Europe they recently passed a law about charger reuseability. I'm
sure companies will at least see some pushback, because a vendor charger only
is exactly what they tried to stop.

~~~
isoos
I fear that this spec may be a way to circumvent the EU charger rules, e.g.
the rules only specify the physical properties, but don't have a say whether
the device may deny the charging.

Bad business practice anyway, and I will probably use it only to cross out
devices from the purchase lists.

~~~
hvidgaard
Maybe, but I hope that the law makers will see this as a the move it would be
and rectify the bill such that all vendors are required to publish
certificates for 3rd party use.

------
viraptor
But... this was already possible. You could easily design a circuit+chip which
will authenticate to your charger and only pass the current to the battery if
it worked. A way to do it has been standardised, but it's not like some great
barrier has been lifted.

~~~
tristanj
Yeah this is exactly how I feel. This was already possible and it's not like
companies aren't doing it. Apple is the most notable offender, every iPhone
Lightning cable sold comes with a security chip; if the chip's not there, the
phone won't charge. Normally this would be a problem for counterfeit cable
sellers, but Chinese manufacturers have reverse engineered the chip hence
customers don't notice a problem.

[http://www.cultofmac.com/246236/ios-7-killed-off-
unlicensed-...](http://www.cultofmac.com/246236/ios-7-killed-off-unlicensed-
lightning-cables-but-heres-a-fix-that-might-work-for-you/)

------
ethana
It's been fine up to USB 3.0, there were no major problem with electrical
surges because they use fairly low voltage. It's USB3.1 power limit that's the
problem. And it speaks more about the USB-IF's carelessness when drafting its
specification for USB3.1 more than anything. They should've taken misuse of
over voltage into consideration before releasing it to the manufacturers.

------
makecheck
A digital signature is reasonable if it can be used to produce a _warning_ but
not a _denial_.

In other words, if my computer wants to pop up a “This will void your
warranty!” warning the first time I plug in a cheap peripheral that has not
been validated, I think that is fair use and buyers are free to continue and
accept any consequences. On the other hand, I do not think the original
manufacturer has the right to outright prevent the use of unsigned-but-
standards-compliant devices, since that wanders into “you actually leased and
never owned your device” territory.

------
vmateixeira
What's the point of creating a standard if you're going to enforce vendor
specific afterwards?

Wasn't the standard on favor of less garbage after all? I mean, if all my
gadgets would use the same connector, maybe vendors could start shipping
products without a bundled one?

------
Angostura
Why would that require you to use vendor chargers only?

Surely it depends how the digital signature is used. At best, it simply gives
you a way of authenticating that the device that you have just plugged into
your USB port is _actually_ what you think it is (huh? It's meant to be a
memory stick, not a keyboard?!) before giving it system access.

------
yread
I don't think it's gonna be all that bad. It will be based on certificates so
if you are able to control which certificates are accepted you can have pretty
fine control.

~~~
mtgx
That's kind of how I understood it. In their press release they talked about
"compliance to the standard", which I don't think is the same with "smartphone
vendor-only". And I think the user can modify this control somehow from the
devices themselves.

[http://www.businesswire.com/news/home/20160412005983/en/USB-...](http://www.businesswire.com/news/home/20160412005983/en/USB-3.0-Promoter-
Group-Defines-Authentication-Protocol)

------
noja
Bye bye USB!

~~~
nthcolumn
Universal parallel bus! With cables that don't turn to wire straw after six
months. (I just spent $50 renewing all the crappy cables for inexplicable
multitude of screens we now apparently own.)

