While PSP seems like a reasonable protocol on its own, it is such a prime example of the left hand not knowing what the right is doing.
QUIC (over UDP) also requires encryption at its protocol layer in addition to encoding a encryption context identifier that is comparable, but non-compatible with the PSP header. So, a implementation that properly conforms to both standards would double encrypt the same data and send redundant headers/identifiers with no added security.
They could relatively easily restructure QUIC and PSP to be fully compatible, letting PSP do connection identification and encryption and then layering QUIC framing on top. But no. What a mess.
For anyone else who's wondering what PSP is, from the Google spec[1]:
The PSP Security Protocol (PSP) is a security protocol created by Google for encryption in
transit. PSP uses several of the concepts from IPsec ESP to provide an encryption
encapsulation layer on-top of IP that is streamlined and custom-built to address the
requirements of large-scale data centers.
So "PSP" really is a recursive acronym for "PSP Security Protocol". eyeroll
Not only that but since they chose a super original and totally not cringeworthy recursive acronym the first letter could have been literally anything.
Ok in fairness it was probably originally something like Paul's Security Protocol and they felt that that wasn't professional enough or something.
While PSP seems like a reasonable protocol on its own, it is such a prime example of the left hand not knowing what the right is doing.
QUIC (over UDP) also requires encryption at its protocol layer in addition to encoding a encryption context identifier that is comparable, but non-compatible with the PSP header. So, a implementation that properly conforms to both standards would double encrypt the same data and send redundant headers/identifiers with no added security.
They could relatively easily restructure QUIC and PSP to be fully compatible, letting PSP do connection identification and encryption and then layering QUIC framing on top. But no. What a mess.
The blog post announcing the PSP Security Protocol as open source:
https://cloud.google.com/blog/products/identity-security/ann...
HN discussion at the time:
https://news.ycombinator.com/item?id=31437033
For anyone else who's wondering what PSP is, from the Google spec[1]:
So "PSP" really is a recursive acronym for "PSP Security Protocol". eyeroll[1] https://raw.githubusercontent.com/google/psp/main/doc/PSP_Ar...
Oh good. They made up an acronym, yet managed to find one of the ones already in the heaviest (computing) use: https://en.wikipedia.org/wiki/PSP
Not only that but since they chose a super original and totally not cringeworthy recursive acronym the first letter could have been literally anything.
Ok in fairness it was probably originally something like Paul's Security Protocol and they felt that that wasn't professional enough or something.
It appears to be referred to as the "Paddywhack Security Protocol" in some documents:
https://dl.acm.org/doi/10.1145/3708821.3710829
https://csrc.nist.gov/CSRC/media/projects/cryptographic-modu...
https://github.com/opencomputeproject/OCP-NET-Falcon
Good sleuthing. What a weird name, I wonder where it came from. The nursery rhyme somehow?
Should the acronym not be 'PSPSP'? Or that sounds too much like luring a cat?
It should be exactly that for exactly that reason
Source https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-n...
Documentation https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-n...
Why would Google have encryption for Playstation Portable?
Why would you associate Sony with Google?
psp =psp security protocol = PlayStation Portable security protocol
hence the question
Lol, I've decided to look up and saw Wikipedia have 8 entries under computing for PSP acronym, none of them are Google's protocol :D
[0] https://en.wikipedia.org/wiki/PSP#Computing
Both as evil as each other?