Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
HCL Notes
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Security=== Lotus Notes was the first widely adopted software product to use [[public key cryptography]] for client–server and server–server authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the [[National Security Agency|NSA]] that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a "workload reduction factor" for the NSA. This strengthened the protection for users of Notes outside the US against private-sector [[industrial espionage]], but not against spying by the US government.<ref>[http://catless.ncl.ac.uk/Risks/19.52.html#subj1 "The Swedes discover Lotus Notes has key escrow!"] ''The Risks Digest'', Volume 19, Issue 52, 1997-12-24</ref><ref>[http://www.heise.de/tp/artikel/2/2898/1.html Only NSA can listen, so that's OK] Heise, 1999.</ref> This implementation was widely announced, but with some justification many people did consider it to be a [[Backdoor (computing)|backdoor]]. Some governments objected to being put at a disadvantage to the NSA, and as a result Lotus continued to support the 40-bit version for export to those countries. Notes and Domino also uses a code-signature framework that controls the security context, runtime, and rights of custom code developed and introduced into the environment. Notes 5 introduced an execution control list (ECL) at the client level. The ECL allows or denies the execution of custom code based on the signature attached to it, preventing code from untrusted (and possibly malignant) sources from running. Notes and Domino 6 allowed client ECLs to be managed centrally by server administrators through the implementation of policies. Since release 4.5, the code signatures listed in properly configured ECLs prevent code from being executed by external sources, to avoid [[computer virus|virus]] propagation through Notes/Domino environments. Administrators can centrally control whether each mailbox user can add exceptions to, and thus override, the ECL.
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
HCL Notes
(section)
Add topic
