Don't get me wrong here, the middleware of iExec in my opinion is not optimized. I look at some of the design choices as questionable with regard to performance. The choice of Java as the language, the choice of certain protocols, all have an impact on performance which I expect not to be very fast. This is a bottleneck in design which can be exploited by future competitors, just as EOS has a design advantage over Ethereum in performance.

But what they gain with choosing Java is a language a lot of developers know (familiarity). Also Java is an easy language to work with compared to C++, being that it is more forgiving. On the topic of security, again they choose a baffling certificate approach, which I guess on the face of it was/is okay but in my opinion not ideal or sufficient long term. I think we need to find a way to get away from trusted certificate authorities which can and have been compromised in the past.

I refer to this: https://www.vidder.com/compromised-ca-certificate-attacks/

References

• https://github.com/lodygens/xtremweb-hep/blob/master/src/xtremweb/security/X509CACertPath.java
• https://enterprise-access.akamai.com/blog/trust-in-the-era-of-hackable-certificate-authorities/
• http://erik.io/blog/2014/02/03/why-your-ca-rarely-matters/