The current version of Domino already features public-key encryption from RSA Data Security. Starting with the next release of Domino, however, Lotus will begin to integrate elements of the Entrust public-key infrastructure, a set of security and cryptographic services that a developer can customize within an application.
By the end of next year, the entire set of Entrust PKI services, including support for digital certificates, key recovery, and a variety of encryption algorithms, will be available in Domino. Customers will still be able to choose the RSA system if they wish, Domino product manager Kevin Lynch said.
Lotus' timetable is parallel to the deadline that the current federal export regulations give software makers to add key recovery to their products if they want to export strong encryption in their products. The export regulations are administered by the Commerce Department.
Under the current regulations, strong encryption and applications that use it cannot be exported without key recovery. Law enforcement officials argue key recovery is necessary if they are to intercept and read the messages of suspected criminals. Most U.S. software makers counter that government-accessible encryption in their products puts them at a competitive disadvantage, because foreign software makers do not face the same restrictions. Even though Entrust PKI offers key recovery and varying strengths of encryption, Lotus has not committed to putting the key recovery feature into Domino.
"The landscape for exportability is changing constantly and not just in the U.S.," Domino's Lynch said. "It all plays a role in our decision."
There are also potential changes on the domestic front. The Senate is considering a bill that would mandate key recovery in any federally purchased encryption product and for all federally funded electronic networks. The bill, sponsored by Sens. John McCain (R-Arizona) and Bob Kerrey (D-Nebraska), also seeks to link the use of government-approved digital certificates to key recovery.
Digital certificates are ID tags that verify the identity of the sender in a communication or transaction and verify that the data has not been tampered with. Business and privacy advocates argue that kind of linkage would discourage electronic commerce, which digital certificates are expected to help make more secure.
Entrust PKI allows for the linkage of key recovery to digital certificates if that becomes necessary, Lynch said, but he declined to comment on the McCain-Kerrey bill.
Lotus will add support for Entrust's digital certificates to Domino 4.6 later this year. Encrypted email for Notes groupware and support for higher levels of encryption will follow in 1998, the company said.