Linux Ready to Upstream Support for Google's PSP Encryption for TCP Connections

▲ Linux Ready to Upstream Support for Google's PSP Encryption for TCP Connections(phoronix.com)

41 points by Bender 13 hours ago | 13 comments

▲ Veserv 10 hours ago | parent | next [-]

While PSP seems like a reasonable protocol on its own, it is such a prime example of the left hand not knowing what the right is doing.

QUIC (over UDP) also requires encryption at its protocol layer in addition to encoding a encryption context identifier that is comparable, but non-compatible with the PSP header. So, a implementation that properly conforms to both standards would double encrypt the same data and send redundant headers/identifiers with no added security.

They could relatively easily restructure QUIC and PSP to be fully compatible, letting PSP do connection identification and encryption and then layering QUIC framing on top. But no. What a mess.

▲ SloopJon 12 hours ago | parent | prev | next [-]

The blog post announcing the PSP Security Protocol as open source:

https://cloud.google.com/blog/products/identity-security/ann...

HN discussion at the time:

https://news.ycombinator.com/item?id=31437033

▲ notherhack 12 hours ago | parent | prev | next [-]

For anyone else who's wondering what PSP is, from the Google spec[1]:

  The PSP Security Protocol (PSP) is a security protocol created by Google for encryption in
  transit. PSP uses several of the concepts from IPsec ESP to provide an encryption
  encapsulation layer on-top of IP that is streamlined and custom-built to address the
  requirements of large-scale data centers.

So "PSP" really is a recursive acronym for "PSP Security Protocol". eyeroll

[1] https://raw.githubusercontent.com/google/psp/main/doc/PSP_Ar...

▲

pkulak 11 hours ago | parent [-]

Oh good. They made up an acronym, yet managed to find one of the ones already in the heaviest (computing) use: https://en.wikipedia.org/wiki/PSP

▲

IshKebab 10 hours ago | parent | next [-]

Not only that but since they chose a super original and totally not cringeworthy recursive acronym the first letter could have been literally anything.

Ok in fairness it was probably originally something like Paul's Security Protocol and they felt that that wasn't professional enough or something.

	▲	Polizeiposaune 10 hours ago \| parent [-]
		It appears to be referred to as the "Paddywhack Security Protocol" in some documents: https://dl.acm.org/doi/10.1145/3708821.3710829 https://csrc.nist.gov/CSRC/media/projects/cryptographic-modu... https://github.com/opencomputeproject/OCP-NET-Falcon

▲

mobilemidget 10 hours ago | parent | prev [-]

Should the acronym not be 'PSPSP'? Or that sounds too much like luring a cat?

	▲	c45y 8 hours ago \| parent [-]
		It should be exactly that for exactly that reason

▲ phoronixrly 13 hours ago | parent | prev | next [-]

Source https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-n...

Documentation https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-n...

▲ kasabali 12 hours ago | parent | prev [-]

Why would Google have encryption for Playstation Portable?

▲

reactordev 12 hours ago | parent [-]

Why would you associate Sony with Google?

	▲	homarp 10 hours ago \| parent \| next [-]
		psp =psp security protocol = PlayStation Portable security protocol hence the question
	▲	doublerabbit 10 hours ago \| parent \| prev [-]
		Both as evil as each other?