April 13 2020 Monday
Creating a replica of an AES encrypted NSF - some issues
One of the new features added with 11.0.1 is 128 bit AES local encryption. Kudos for HCL doing stuff IBM could of and should of done a decade ago. But there are a few things missing.
If you encrypt a NSF with AES encryption like so (this is on a Domino server to get "at-rest" encryption):
If you then create another replica of the NSF, AES is not an option (only strong):
I tested against two 11.0.1 servers and a 11.0.1 server and 11.0.1 client (everything was 11.0.1 didn't change the options).
So what can you do if you require AES encryption on all replicas? I guess you can replicate without encryption and then encrypt once it's at the new location (update 04/14/2020, no, you're not). Unfortunately it's also not a setting in a policy yet either so if you were hoping to use this with a Notes client prepare to be disappointed for a while:
PubNames template is 11.0.1 as well.
One step forward and half a step back is still a big improvement over IBM's approach of no steps forward at all.
If you encrypt a NSF with AES encryption like so (this is on a Domino server to get "at-rest" encryption):
If you then create another replica of the NSF, AES is not an option (only strong):
I tested against two 11.0.1 servers and a 11.0.1 server and 11.0.1 client (everything was 11.0.1 didn't change the options).
So what can you do if you require AES encryption on all replicas? I guess you can replicate without encryption and then encrypt once it's at the new location (update 04/14/2020, no, you're not). Unfortunately it's also not a setting in a policy yet either so if you were hoping to use this with a Notes client prepare to be disappointed for a while:
PubNames template is 11.0.1 as well.
One step forward and half a step back is still a big improvement over IBM's approach of no steps forward at all.
