Security Basics mailing list archives
Lotus Notes Encryption
From: "ullmic6 () web de" <ullmic6 () web de>
Date: Wed, 08 Jan 2003 20:38:57 +0100
Hello everybody,in my company we are using Lotus Notes/Domino R5 as mail tool. Even if the encryption is proprietary and just 64 bits I like this feature very much because it keeps the casual inside attacker from sniffing my mails. But now something interesting happened. Encrypted mails that I sent just disappeared. The explanation I got was: I have a subset of the domino directory (which is on the server and which includes the public key of the recipients) on my pc (called dircat). This local dir does not include the public keys due to size and performance for mobile users. In this scenario my Lotus Notes client does NOT download the public key from the server directory and encrypt the message. Instead it just sets a flag that this mail must be encrypted, sends it unenecrypted to the server and tells the server to do the encryption. My encrypted mails disappeared because these recipients public keys were missing on the server. My problem here is that I want end-to-end encryption. I do not want to delegate the encryption to a server (even if I hope that port encryption is enabled like defined in our policies). Does anybody on this list know if the encryption process really works like described above. The infos on Lotus encryption on the web and in IBMs redbooks is to unspecific to explain what's really going on here.
-- <- ullmic ->
Current thread:
- Lotus Notes Encryption ullmic6 () web de (Jan 11)
- Re: Lotus Notes Encryption Philip Storry (Jan 13)
- <Possible follow-ups>
- Re: Lotus Notes Encryption SMiller (Jan 24)