santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <>
Subject RE: [Fwd: [VOTE] Put Apache Juice into dormant status]
Date Mon, 16 Jul 2007 15:36:19 GMT
> Juice uses openSSL as its engine, this provides a 3-6 time
> improvement when compared to BouncyCastle.

It is a matter of opinion whether that is enough to bother. As a participant
in the project that gave birth to that code, it wasn't enough to deal with
the hassles, it's hard enough supporting people using Java alone, believe it
or not.

(When the difference was a factor of 20, it definitely mattered.)

> As for the deployers:
> I just sent an e-mail to the list that asks for Juice being
> FIPS certified :-). openSSL is FIPS certified, Juice
> is a JCE compliant front-end to openSSL thus quite some
> people seem to like Juice also beeing FIPS certified.

A specific version of OpenSSL when built as a static library is certified.
Somebody would probably need to do some integration work on that, I imagine.

> OpenSSL may use HW acceleration if configured and setup for
> this, thus with Juice you immediatly have this benefit as well.

In theory, but I'm unaware of anybody having proved this works when you
combine all the pieces. One of the problems all along has been the messiness
of getting alternative JCE provider code used by xmlsec and configuring
things properly. I would say that a lot of that needs to be looked at if
Juice is to be made viable.

-- Scott

View raw message