Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 25463 invoked from network); 16 Jul 2007 15:36:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Jul 2007 15:36:42 -0000 Received: (qmail 57166 invoked by uid 500); 16 Jul 2007 15:36:43 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 57141 invoked by uid 500); 16 Jul 2007 15:36:43 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 57130 invoked by uid 99); 16 Jul 2007 15:36:43 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Jul 2007 08:36:43 -0700 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=MSGID_MULTIPLE_AT X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [128.146.216.81] (HELO defang1.it.ohio-state.edu) (128.146.216.81) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Jul 2007 08:36:40 -0700 Received: from defang9.it.ohio-state.edu (defang9.it.ohio-state.edu [128.146.216.78]) by defang1.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id l6GFaIqr020428 for ; Mon, 16 Jul 2007 11:36:18 -0400 Received: from bytor ([128.146.243.90]) by defang9.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id l6GFaIuH001757 for ; Mon, 16 Jul 2007 11:36:18 -0400 From: "Scott Cantor" To: References: <469B3DAC.4050705@wingsofhermes.org> <001b01c7c7bb$b1f36a80$15da3f80$%2@osu.edu> <469B8CCA.1070102@t-online.de> In-Reply-To: <469B8CCA.1070102@t-online.de> Subject: RE: [Fwd: [VOTE] Put Apache Juice into dormant status] Date: Mon, 16 Jul 2007 11:36:19 -0400 Organization: The Ohio State University Message-ID: <001d01c7c7bf$0e5d8780$2b189680$@2@osu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-index: AcfHveGJX9FNPgZjQSaAr7nKgRYI4AAACLXQ Content-Language: en-us X-Spam-Score: 1.40 (*) [Tag at 4.50] MSGID_MULTIPLE_AT X-CanItPRO-Stream: outbound X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.146.216.81 X-Virus-Checked: Checked by ClamAV on apache.org > Juice uses openSSL as its engine, this provides a 3-6 time > improvement when compared to BouncyCastle. It is a matter of opinion whether that is enough to bother. As a participant in the project that gave birth to that code, it wasn't enough to deal with the hassles, it's hard enough supporting people using Java alone, believe it or not. (When the difference was a factor of 20, it definitely mattered.) > As for the deployers: > I just sent an e-mail to the list that asks for Juice being > FIPS certified :-). openSSL is FIPS certified, Juice > is a JCE compliant front-end to openSSL thus quite some > people seem to like Juice also beeing FIPS certified. A specific version of OpenSSL when built as a static library is certified. Somebody would probably need to do some integration work on that, I imagine. > OpenSSL may use HW acceleration if configured and setup for > this, thus with Juice you immediatly have this benefit as well. In theory, but I'm unaware of anybody having proved this works when you combine all the pieces. One of the problems all along has been the messiness of getting alternative JCE provider code used by xmlsec and configuring things properly. I would say that a lot of that needs to be looked at if Juice is to be made viable. -- Scott