GoogleIt Mail IT Print IT PermaLinkID218 - Lotus' Resident Parnoid on Security Improvements In Notes/Domino 8
10:00:40 AM

Live blogging...

ND8 adds support for 2048 bit user and server RSA keys, and 4096 bit certifier keys. 4096 bit support for user and server keys is in the code for forward compatability with future ND versions. Key rollover implemented in ND7 will allow for smooth upgrade of user and server ids to stronger keys. Certifier key rollover is new in 8.0, but your entire organization needs to be on ND8. Cross-certificates issued with the certifier before rollover can also (optionally) be rolled over.

APIs are now available for ID file recovery. SECBuildEncryptedBackupIDFile sounds like an interesting function. Well, interesting for some of us, I guess

Weak and medium encryption options have been removed from NSF file encryption.

OCSP (RFC 2560) is now impelemented for checking revocation status of X.509 certificates, but must be enabled through security policies and a notes.ini variable.

Three strikes and out (actually, N strikes and out) is now supported for Internet passwords. InetLockout.nsf contains current lockout state. Lockout state is per sever.

LTPAToken2 is now supported for SSO with Websphere 5.1.

X.509 certs on SmartCards can now be used without having to import them into the user id file. There is no info from the SmartCard stored in the id file, or vice versa.

AES ciphers are now availabe for SSL.

Futures... Support for althernate authentication services is being considered. I.e., LDAP, Windows, etc. Optional and configurable per user. Web server SSO with windows also under consideration, using somethng called... oops! Off screen before I could type it in!

Domino credential vault under construction. User id files -- master copies -- stored encrypted in the vault.

This page has been accessed 174 times. .
Comments :v

1. zhuojian07/05/2016 10:07:16 AM


Enter Comments^

Email addresses provided are not made available on this site.

You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links

:-x :cry: :laugh: :-( :cool: :huh: :-) :angry: :-D ;-) :-p :grin: :rolleyes: :-\ :emb: :lips: :-o
bold italic underline Strikethrough

Remember me    

Monthly Archive
Responses Elsewhere

About The Schwartz


All opinions expressed here are my own, and do not represent positions of my employer.