TLS uses certificate authorities and a public key infrastructure to ensure the authenticity of a peer. Is authenticity also something PSP provides, or is it focused on confidentiality and integrity?
Great question. The master key of PSP is stored in the NIC and shipped with the device. That's how authenticity is provided. Other than that, it's focused on confidentiality and integrity.
This sounds like literally THE one master key? If google was ever made aware one device was lost or potentially compromised they would replace all devices?
I doubt there's one. Probably each NIC has a separate master key. And they could reduce chance of compromise by loading the key at runtime and making it write-only.
As the PSP arch spec said, it seems each NIC has two master key.
> each NIC has two 256-bit AES keys, called master keys, not shared with any hosts
including its own, or with any other NICs. The master keys are "critical security parameters",which are kept ephemerally in on-NIC RAM, and must not be stored on any persistent medium.
>PSP is intentionally designed to meet the requirements of large-scale data-center traffic. It does not mandate a specific key exchange protocol
I take that to mean you do the asymmetric key stuff outside of PSP, then the symmetric key stuff is offloaded to PSP. Assuming you send a lot of data per connection, the symmetric key part will be much larger, so the expensive part is offloaded.
