To prevent anybody from eavesdropping on the bit repository data and messages exchanged, all communication is encrypted. Two levels of PKI are used.
Implemented in BITMAG-198@jira
Encrypting the communication between pillars/clients and the coordinating layer
All communication between pillars/clients and the coordinating layer may be encrypted using SSL. The certificates used in the communication between pillars/clients and coordinating layer are issued by the coordinating body. A recipe for setting up Activemq pki can be found at http://activemq.apache.org/how-do-i-use-ssl.htmlhttp://activemq.apache.org/how-do-i-use-ssl.html
Signing and optionally encrypting messages and data transfers
To ensure the authenticity of exchanged messages, they may be signed and optionally encrypted for confidentiality. Data transfers may be encrypted as well, using HTTPS. The certificates used for signing og encrypting data and messages are issued by the SLA owners - possibly assisted by the coordinating body.