! Encryption Notes
_
- JCE extensions under 1.3 webstart possible, but problematic (and large, if only authentication is to be encrypted)
-- Basic RSA code at: *http://pajhome.org.uk/crypt/rsa/implementation.html*
-- GNU cryptography: *http://www.gnu.org/software/gnu-crypto/*
- 2-level implementation:
-# Encrypted authentication. Server generates key pair and provides public key on request. Client uses server's public key only to encrypt authentication.
-#- No client-side key generation and (potentially) minimal client-side bloat, since the full JCE package would not be necessary.
-#- Unencrypted traffic will probably be more federation-friendly, though this needs further investigation.
-# Full encryption. All messages encrypted using <CODE>SealedObject</CODE> or custom alternative. Could be made available only if JCE present (manually installed under 1.3, or included in 1.4).
-#- Secure sockets (JSSE) should be considered as an alternative. JSSE is not directly usable with non-blocking I/O in 1.4.
-#- Performance implications unknown. Could be linked to permission system to limit performance impact?