On 7/16/07, Scott Cantor <[EMAIL PROTECTED]> wrote:
> Juice uses openSSL as its engine, this provides a 3-6 time > improvement when compared to BouncyCastle. It is a matter of opinion whether that is enough to bother. As a participant in the project that gave birth to that code, it wasn't enough to deal with the hassles, it's hard enough supporting people using Java alone, believe it or not. (When the difference was a factor of 20, it definitely mattered.) > As for the deployers: > I just sent an e-mail to the list that asks for Juice being > FIPS certified :-). openSSL is FIPS certified, Juice > is a JCE compliant front-end to openSSL thus quite some > people seem to like Juice also beeing FIPS certified. A specific version of OpenSSL when built as a static library is certified. Somebody would probably need to do some integration work on that, I imagine. > OpenSSL may use HW acceleration if configured and setup for > this, thus with Juice you immediatly have this benefit as well. In theory, but I'm unaware of anybody having proved this works when you combine all the pieces. One of the problems all along has been the messiness of getting alternative JCE provider code used by xmlsec and configuring things properly. I would say that a lot of that needs to be looked at if Juice is to be made viable.
The last time I do this wasn't so difficult, setProvider in first possition or using setProvider in Init. But it is a good point and a HOWTO should be written. -- Scott
-- http://r-bg.com
