One of the new features added with 11.0.1 is 128 bit AES local encryption. Kudos for HCL doing stuff IBM could of and should of done a decade ago. But there are a few things missing.

If you encrypt a NSF with AES encryption like so (this is on a Domino server to get "at-rest" encryption):


Image:Creating a replica of an AES encrypted NSF - some issues

If you then create another replica of the NSF, AES is not an option (only strong):


Image:Creating a replica of an AES encrypted NSF - some issues

I tested against two 11.0.1 servers and a 11.0.1 server and 11.0.1 client (everything was 11.0.1 didn't change the options).


So what can you do if you require AES encryption on all replicas? I guess you can replicate without encryption and then encrypt once it's at the new location (update 04/14/2020, no, you're not). Unfortunately it's also not a setting in a policy yet either so if you were hoping to use this with a Notes client prepare to be disappointed for a while:


Image:Creating a replica of an AES encrypted NSF - some issues

PubNames template is 11.0.1 as well.


One step forward and half a step back is still a big improvement over IBM's approach of no steps forward at all.
Darren Duke   |   April 13 2020 12:04:26 PM   |    domino    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (0)

No Comments Found