Sending e-mails is often one of the most important communication mechanisms in an office environment. Domino Server also provides facilities for sending and receiving e-mails. It is possible to send and receive e-mails both within the Notes system and also to and from persons on the Internet. As e-mail traffic can pass through a number of intermediate stations en route to the recipient and the e-mail content is transmitted in plaintext, an additional form of protection should be employed to prevent interception or modification of messages (see also Section 7.4 "E-mail").
Under Lotus Notes there are several possible ways by which a user can protect e-mail traffic.
Notes encryption and signatures. These mechanisms can, however, only be used with the Notes client and are not available on the Web interface.
S/MIME encryption and signatures. X.509 certificates are used here. The Notes client does support S/MIME, but use is confined to e-mail recipients who are viewed as recipients for "Internet mail". If this is not the case, then the Notes proprietary procedure for protection will be used. Use of S/MIME can be simplified with an appropriate plug-in. However, this requires distribution and installation of the software on all the clients.
When using e-mail protection the following points should be considered:
Encryption (or signing) of sent or draft e-mails must be enabled in the Notes client (under "User Preferences/Mail").
Encryption of e-mails offline (without server connection) may mean that e-mails are temporarily stored in plaintext on the client (in the "mail.box" file) until it is possible to access recipients' keys in the Name and Address Book the next time a connection is established to the server. Only e-mails which are sent to recipients whose public keys are available in the local user address book can be encrypted immediately.
The algorithm used for strong encryption (for recipients whose public keys are longer than 512 bits) can be specified by selecting the option "SMIME_Strong_Algorithm" in the "notes.ini" file held locally on the client. The parameter "SMIME_Weak_Algorithm", used to specify weak encryption, is set in analogous fashion and applies to recipients with key lengths less than 512 bits. The possible values for both fields are: RC2_40, RC2_56, RC2_64, RC2_80, RC2_128, RC5_5, RC5_7, RC5_10, RC5_16, DES and 3DES. If no other boundary conditions exist, then 3DES or RC5_16 should be used.
Third party X.509 certificates can only be imported into the personal address book (action "Add sender to address book", option "Include X.509 certificate when encountered" must be enabled). The personal documents thus created can, however, be copied to the public Name and Address Book (NAB), so that the certificates on this route are available to other users as well.
It is possible to store more than one X.509 certificate in a Notes ID or for a given user in the NAB. Which of these certificates is used during signing or encrypting cannot currently be selected.
If a browser is used to access the e-mail database on a Notes server, encryption and signing are not available when sending outgoing e-mails. In this case it is necessary to use external e-mail programs which offer S/MIME support. On the other hand, it will then be necessary to administer the certificates (own and recipient certificates) in the relevant e-mail program. This usually means that every user needs to be trained in certificate management.
Moreover, under Lotus Notes the e-mail database of a user can be encrypted. In this way all incoming e-mails are automatically encrypted on being added to the database. Sent e-mails or draft e-mails can similarly be held encrypted too. Encryption of incoming e-mail must be enabled in the personal document (on the server).
If the e-mail database already contains any e-mail prior to enabling of encryption, then those e-mails will not be encrypted. To encrypt the old e-mails, they must be opened and closed.
Protected communication is generally to be preferred to unprotected. For this reason, consideration should be given as to whether and how messages should be encrypted and / or signed digitally. This decision must be documented in the security guidelines for Lotus Notes.
Where use is to be made of encryption procedures for Lotus Notes e-mail, the users must be trained to use the encryption products correctly.