Wednesday, September 1, 2010

Lotus answers a reader’s email security question

DOMINO Q&A

By David Gewirtz

This week, we've got an excellent answer to a reader question. We weren't sure of the answer here at DominoPower, so we turned to Lotus' own Art Fontaine, Program Director, Domino Applications/Protector Security Platform, who is The Man when it comes to Lotus' email offerings. Let's first check out the reader's question, and then you can read Art's in-depth answer.

Reader Paora Tamati wrote:

If a Notes user sends an encrypted message, can that message be read outside of Notes or Outlook? Can a Notes user send an encrypted message to, say, a Thunderbird, Gmail, or Hotmail user and can the message be read?

Response by Art Fontain

Protector for Mail Encryption is generating tremendous interest from our customers around the world and is outperforming sales projections by a healthy amount.

Protector for Mail Encryption uses a PGP key server that's been specially modified to complement Notes encryption, rather than replace it. If an internal (or cross-certified external) recipient has Notes, it uses Notes->Notes encryption. If not, the key server starts stepping through a (configurable) sequence that goes:

  1. Look for recipient's public key in its database (stored from a prior correspondence). If key not found (KNF), then
  2. Look up the recipient's public key on his/her "keys.<domain>.com" (or other key server, as our Danish customers are doing with the Danish national key server). If KNF, then
  3. Send recipient an unencrypted email with a link to the server's Webmail UI (a.k.a. "Webmessenger")

When a KNF recipient logs accesses the Webmail UI from the link, he/she is asked to create a login (or can use an existing login from the sending organization, if Radius federation is implemented). The system sends a challenge email and, once the user clicks on the link, the account is active. The recipient can then read and reply to the email in the Web UI.

From the Web UI, the recipient also gets some choices (configurable by administrator):

  • "Pull" method: he/she can continue to just use the Web UI -- for all mail from sender's domain, or just mail that's flagged for encryption
  • Certificate method: he/she can upload their public key (S/MIME or OpenPGP) so that all future correspondence is encrypted in context of the recipient's client software
  • "Push" method: he/she can request encrypted mail sent as password-protected PDF, using the same password established on Web UI
  • "Satellite" method -- he/she can download a piece of free installable code -- conceptually similar to Adobe Reader -- that will plug in to Notes or Outlook, or sit in front of any other client software as an SMTP proxy. Essentially, the sending domain creates and embeds a custom certificate for the user.