santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <>
Subject Re: [Fwd: [VOTE] Put Apache Juice into dormant status]
Date Mon, 16 Jul 2007 15:49:50 GMT
In an ideal world I would love develop Juice.
Sadly in the real world I don't have even time for xmlsec (and there are a
lot things that we can improve the speed of it).
So I'm not going to vote as I cannot put any support on it.

I think it is a nice addition. And I can contribute a patch or two, but
there is no clear lead.



On 7/16/07, Scott Cantor <> wrote:
> > Juice uses openSSL as its engine, this provides a 3-6 time
> > improvement when compared to BouncyCastle.
> It is a matter of opinion whether that is enough to bother. As a
> participant
> in the project that gave birth to that code, it wasn't enough to deal with
> the hassles, it's hard enough supporting people using Java alone, believe
> it
> or not.
> (When the difference was a factor of 20, it definitely mattered.)
> > As for the deployers:
> > I just sent an e-mail to the list that asks for Juice being
> > FIPS certified :-). openSSL is FIPS certified, Juice
> > is a JCE compliant front-end to openSSL thus quite some
> > people seem to like Juice also beeing FIPS certified.
> A specific version of OpenSSL when built as a static library is certified.
> Somebody would probably need to do some integration work on that, I
> imagine.
> > OpenSSL may use HW acceleration if configured and setup for
> > this, thus with Juice you immediatly have this benefit as well.
> In theory, but I'm unaware of anybody having proved this works when you
> combine all the pieces. One of the problems all along has been the
> messiness
> of getting alternative JCE provider code used by xmlsec and configuring
> things properly. I would say that a lot of that needs to be looked at if
> Juice is to be made viable.
> -- Scott


View raw message