I would like to know what happens when a user encrypts his mail and DAOS is active ?As far as i understand, when mail encryption is activated, the mail body is encrypted with the public user key. This is done at user level and the attachment is also encrypted.
What happens on the server with DAOS ?
Can the server decrypt the attachment in order to encrypt, store and share it in the repository ? I guess not.
Am i right : when mail encryption is active, DAOS can not share file attachments ?
Subject: DAOS and encrypted mail
I would like to know what happens when a user encrypts his mail and DAOS is active ?As far as i understand, when mail encryption is activated, the mail body is encrypted with the public user key. This is done at user level and the attachment is also encrypted.
What happens on the server with DAOS ?
Can the server decrypt the attachment in order to encrypt, store and share it in the repository ? I guess not.
Am i right : when mail encryption is active, DAOS can not share file attachments ?
The answer is: Where possible, the DAOS object will be shared.
Within a single server operation, the object will be shared because Domino does not encrypt the attachments with the user’s ID. The bulk data of the attachment is encrypted once, using a single randomly generated symmetric encryption key and resulting in a single encrypted attachment. That symmetric encryption key is then encrypted for each recipient, and that data stored in the $Seal or $Seal2 item. So, its like a double decoder ring!
So, for example: I send an email with an encrypted to 8 people who are on the same Domino mail server… there will be a single DAOS object (encrypted with a symmetric key). Each user will have a different document (encrypted with their id), but the attachment bytes will be the same and therefore shared by DAOS
So, in the basic mail delivery scenario sharing should occur.
In the cases where there are multiple server operations involved, like forwarding, replying with attachments etc it is less clear how sharing would be affected. This will depends on what level clients are involved, etc (for example 8.51 clients are DAOS aware and that will improve sharing).
So using encrypted attachments can create situations where there will be less sharing than not using encrypted attachments, but sharing will still happen in many cases as well.
Hope that helps
Subject: DAOS and encrypted mail
Thanks for your detailed answer. That helps.