Currently, PBS allows only one auth method in the configuration for authentication and encrypt/decrypt data. So I am proposing new configurations switching which will allow admin/user to configure multiple auth methods which PBS server understands, whether to encrypt/decrypt data or not and if encrypt/decrypt data then which communication to encrypt/decrypt like encrypt/decrypt only client-server communication or encrypt/decrypt only server-mom or encrypt/decrypt everything etc…
Thanks for writing up the design and sorry for the late feedback. I, however, think we can make this slightly simpler. I think we do NOT need the switch PBS_ENCRYPT_MODE
I think just PBS_ENCRYPT_METHOD should suffice. Since it is a client side switch only (i.e. whether to encrypt or not is a choice of the connection initiator side), it should be enough to just have PBS_ENCRYPT_METHOD act as a on/off switch. In other words, enable encryption is PBS_ENCRYPT_METHOD is specified in the condig. Also you do not need a value 2 for server to mom communication. mom is a client to the server (actually the comm), and when mom initiated a connection to the comm, the presence of PBS_ENCRYPT_METHOD should be enough to say that mom has chosen to encrypt its traffic.