GoDaddy $1.99 Domains HiddenNetwork.com Banner
The ramblings and ravings of a part of everyone's imagination
  • Login to PSW
Icons stolen from FAMFAMFAM
My OpenNTF Projects
ASND Export Facility
ASND Mass Mailer
ASND Recruiting

Other Affiliated Sites
Idea Jam

follow Phigment at http://twitter.com
my del.icio.us
  • RSS Content Subscribe with Bloglines
  • [Valid RSS] Blogs that link here, Powered by Technorati
  • [Valid CSS] coComment Intgrated
  • Lotus Geek

View Sean Burgess's profile on LinkedIn

Add to Technorati Favorites!
addtomyyahoo.gif
Add to Google

This blog is hosted by

Edit this entry Search for similar pages on Google Add to del.icio.us Digg It! Add to Reddit SearchTechnorati for links to this entry Permenant Link
Email Archiving and Encryption
We are in the process of determining a solution for email archiving and retention on an enterprise level. We have met with about 5 vendors so far and have another 2 or 3 to see before I feel we have done due diligence. In any event, in the last couple of days, the question of how these vendors handle Notes Mail that has been encrypted has come up. Since encrypting an email is incredibly easy to do and is an integral part of Notes, any solution we have should be able to decrypt the messages or it provides a huge hole to bypass having every email archived. I am still waiting to hear back from some of the vendors, but was wondering if anyone else had found a solution to this problem. As a number of the vendors use native Mail Journaling to get all the messages, does the router decrypt the messages before journaling them? If not, how are these messages supposed to be accessed by a person who is not a recipient? Does Lotus see this as an issue?
This document was posted by Sean Burgess on Monday, August 29th, 2005 at 01:30:00 PM. It was written at Work (Bethesda, MD). This document has been assigned to the following categories:  Domino and Notes  Mail . Technorati:
View blog reactions
<< Previous Document / Next Document >>
  • 1) Encryption works at the client - Richard Schwartz
    Created 8/29/2005 9:43:36 PM email | website

    If you send an encrypted message, the encryption is done at the client before the message is handed over to the router. And since the client might not even be connected to the server when the message is sent, there's no way for the client to know that the server is journaling messages, so I think it's safe to conclude that the client isn't sending an unencrypted copy to the router "just in case" it might be journaling. ANd since the router does not have access to recipient's private keys, there's no way that the message in the native journal is going to be decrypted. So, while I haven't tested this, I believe that it is the case that encrypted messages either aren't journaled at all, or are not readable in the journal database. Wouldn't be hard to test though, since I've got journaling turned on.

    -rich

  • 2) re: Encryption works at the client - Sean Burgess
    Created 8/30/2005 7:55:10 AM email | website

    Encrypted messages are journaled by the router, but they can't be read by anyone other than the sender and the recipients. Knowing that it will work this way for all archiving solutions, I just wonder what other additional things I need to archive along with the messages and how I am going to be able to read those messages in the future.

    One of the vendors responded with a work around that a client of theirs is doing. Basically, they modified the template to include a generic ID in the BCC whenever an encrypted message is sent. Although not something I really want to do, it is an option that I think will work. Otherwise, you have to worry about keeping IDs forever and then going through the hassel of recertfying them and adding them back to the server just to get them to access the emails.

    Sean---

  • 3) Email archiving - Tony Kelleran
    Created 8/30/2005 10:02:41 AM | website

    Ben Rose did an extensive review on 3 email archiving vendors/solutions, namely: IBM CommonStore, EMC/Legato, and ArcaTrust. You should ping him and share notes.

  • 4) Email archiving - Tony Kelleran
    Created 8/30/2005 4:16:28 PM | website

    What vendors/solutions are you looking at?

  • 5) Further food for thought - Richard Schwartz
    Created 8/30/2005 7:59:35 PM email | website

    Even if you tie your journaling and archiving solution in with an ID management regime that maintains copies of all current IDs and uses them to decrypt messages before archiving, and even if you use the bcc trick to ensure that you can decrypte messages even if they are S/MIME encyrpted and sent only to outside recipients... even with all that, there is still a hole wide enough to drive a truck through.

    No matter what you do, you cannot guarantee that you will be able to read everything in the journal. That's just not possible, because here are other ways to send mail besides using the standard forms, and there are other ways to encrypt mail besides using Notes builtin encryption feature. So if you think about it, all the work people are doing and all the money companies are spending on archiving for compliance merely creates a small inconvenience for anyone who is knowingly trying to hide misconduct. It will only help catch people who are unaware that what they're doing is wrong. It's kind of depressing, actually.

    I wonder what Chris Byrne might have to say about this?

    -rich


Discussion for this entry is now closed.
Powered by DominoBlog, ver. 3.0.2