[Cryptography] USB 3.0 authentication: market power and DRM?

[Jerry Leichter]

> 
>> I love the concept of the new Power Delivery modes (100w of power, by
>> sending up to 20v at 5A over suitable cables).  If done right, I can
>> see people wiring their house and business wall outlets (and cars)
>> with much safer, more compact, and Internet-enabled USB-PD sockets,
>> replacing 110v or 220v wiring for a lot of uses.  
> That would be deeply impractical in terms of materials costs.
> Increasing amperage means you have to use heavier cables.  To
> the extent that copper ain't cheap and space inside walls for
> wiring is often limited, a higher voltage/lower amperage is
> always a more effective use of materials....
It would make no sense to *distribute* 20v from a central point.  But putting a converter into the wall socket ... that makes more sense.

In fact, we don't have to speculate about such things much:  USB 2 versions of such things are already readily available.

Stepping back, there's an interesting bit of evolution going on here.  The proliferation of power distribution standards - different voltages, different frequencies - let to the development of different, incompatible plugs and sockets, which protected you against accidentally plugging a 110V device into a 220V socket (but also sometimes prevented you from making a connection that *did* make sense - but that's another story).  As the international market in more sophisticated devices developed in the 1970's, the it became expensive to produce different devices for different markets.  So the IEC 60302 standards - for all those power cords you've seen on computers that connect a local plug to a standard 3-wire jack, not to mention smaller versions for things like electric shavers - emerged.  I used to joke that these were devices to help you destroy your equipment:  Typically, on earlier devices, you had to throw a switch on the device to configure the correct voltage.  Forget to do that could be a very expensive mistake.

Eventually - partly as a result of pressure from Europe (Germany, in particular) which required that the device come with the switch *already set in the appropriate position for the country of delivery* - auto-ranging power supplies were developed and became pretty much universal.  Wall jacks continue to come in a large variety of configurations around the world, but pretty much all electronics "just works" if you have a simple pass-through adapter.

The USB standard demonstrated the need for a lighter lower-power standard.  Portable devices don't want to pay the size and weight cost of a power-line-to-low-voltage-DC convertor, so rely on an external "bug", and those "bug's" have over time pretty settled on the USB voltages/amperages (though less on these)/physical configurations just for power.

USB 3 may be killing the goose here.  The great thing about USB is that first letter: Universal.  We completed the effective evolution from USB 1.0 to 1.1 to 2.0 quite some time ago.  There was a period of disagreement about how phones should tell chargers they could supply "more than USB 2.0" power for a couple of years, but that's hidden by smarter silicon these days.  If you see a USB socket, you know what you're getting (modulo malware, of course), both on the power side and on the data side.

USB 3, unfortunately, has introduced variety.  The initial nonsense of 3.0 vs. 3.1 and just what speed you can get (5Gb/s or 10Gb/s) probably didn't poison the market because the market so far is fairly small, but it was a bad sign.  The whole notion of extensible uses for the USB wires is great technically, but it's incompatible with the notion that "I just connect it and it works".

My concern with the whole USB authentication process is that it will fragment the market even more.  You'll have situations where device A can connect to B using cable C, A and D can also talk over C - but B won't talk to D over C.  Users will have no way to figure out why:  Everything will, by design, be labeled the same to maintain the illusion that it *is* the same.  But under the covers, it won't be.

I'm afraid engineer's love for "generality" - combined with varying business drivers, from IP protection to the ability to avoid the current commodity market in USB parts and carve out protected areas for rent-seekers - will lead us back to an era of confusion - and various increased costs.

The easiest and best way to block dangerous USB cables that fry equipment is through reputation - reputation maintained through enforceable trademarks.  And, of course, more robust equipment that blocks voltages and currents going to "the wrong place" to being with, protecting itself from a much wider array of faults than any certification process possibly could.

This whole effort strikes me as wrong-headed.
                                                        -- Jerry