Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 011602.html (Request Expert securityfocus.com Support)

Re: Lotus Notes Encryption

From: Alberto Cozer <acozer(at)fti.com.br>
Date: Wed Jan 22 2003 - 08:43:51 EST

Have you already tried turning encryption on? You should go to File -> Preferences -> User Preferences -> Ports and check the "Encrypt Network Data". Actually this is the only way to protect you agains people sniffing your network.

I do recomend encrypting your mail database with your user ID but I don't recommend encrypting all intranet e-mails. You won't have external access (e.g. web mail access) to encrypted mail. You must classify your messages and use message encryption only for "TOP SECRET", "SECRET" and "CONFIDENCIAL" internal messages. But if a mail is gonna be sent to the Internet you must encrypt all but unclassified messages.

Regards,

Alberto.

Alberto Cozer
Security Outsource Manager, Future Technologies Digital Security IBM Certified AIX System Specialist
Checkpoint Certified Security Expert, CCSE NG acozer@fti.com.br
http://www.fti.com.br 

                                                                                                                                       
                      "ullmic6@web.de"                                                                                                 
                                            Sent by:                 cc:                                                                                     
                      ullmic6@web.de           Subject:  Lotus Notes Encryption                                                        
                                                                                                                                       
                                                                                                                                       
                      08/01/2003 17:38

Hello everybody,

in my company we are using Lotus Notes/Domino R5 as mail tool. Even if

Do you need help?X

the encryption is proprietary and just 64 bits I like this feature very
much because it keeps the casual inside attacker from sniffing my mails.
But now something interesting happened. Encrypted mails that I sent just
disappeared. The explanation I got was: I have a subset of the domino directory (which is on the server and which includes the public key of

the recipients) on my pc (called dircat). This local dir does not include the public keys due to size and performance for mobile users. In
this scenario my Lotus Notes client does NOT download the public key from the server directory and encrypt the message. Instead it just sets
a flag that this mail must be encrypted, sends it unenecrypted to the server and tells the server to do the encryption. My encrypted mails disappeared because these recipients public keys were missing on the server. My problem here is that I want end-to-end encryption. I do not

want to delegate the encryption to a server (even if I hope that port encryption is enabled like defined in our policies). Does anybody on this list know if the encryption process really works like described above. The infos on Lotus encryption on the web and in IBMs redbooks is
to unspecific to explain what's really going on here. 

--
<- ullmic ->

*********************************************************

Future Technologies Seguranca Digital

Esta mensagem e de responsabilidade de seu autor.
Seu conteudo nao reflete necessariamente a opiniao da
empresa.

*********************************************************
Received on Thu Jan 23 18:24:14 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:37 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library