Thread (9 messages) 9 messages, 5 authors, 2024-05-31

Re: [RFC net-next 00/15] add basic PSP encryption for TCP connections

From: Boris Pismenny <borisp@nvidia.com>
Date: 2024-05-22 13:03:17

On 22.05.2024 14:56, Paul Wouters wrote:
External email: Use caution opening links or attachments


Jakub Kicinski wrote:
quoted
Add support for PSP encryption of TCP connections.

PSP is a protocol out of Google:
https://github.com/google/psp/blob/main/doc/PSP_Arch_Spec.pdf
which shares some similarities with IPsec. I added some more info
in the first patch so I'll keep it short here.
Speaking as an IETF contributor, I am little surprised here. I know
the google people reached out at IETF and were told their stuff is
so similar to IPsec, maybe they should talk to the IPsecME Working
Group. There, I believe Steffen Klassert started working on supporting
the PSP features requested using updates to the ESP/WESP IPsec protocol,
such as support for encryption offset to reveal protocol/ports for
routing encrypted traffic.

It is not very useful to add more very similar encryption techniques to
the kernel. It scatters development efforts and actually makes it harder
for people to use functionality by having to change to a whole new sub
system (and its configuration methods) just to get one different feature
of packet encryption.
quoted
The protocol can work in multiple modes including tunneling.
But I'm mostly interested in using it as TLS replacement because
of its superior offload characteristics. So this patch does three
things:
Is this issue related to 
draft-pismenny-tls-dtls-plaintext-sequence-number ?

This has nothing to do with it.

https://datatracker.ietf.org/doc/draft-pismenny-tls-dtls-plaintext-sequence-number/ 


If so, then it seems it would be far better to re-engage the TLS WG to
see if instead of "having no interest, do it but elsewhere", we can
convince them to "there is interest, let's do it here at the TLS WG".
I could help with the latter.

Paul
Boris
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help