DAOS – Encrypted mail

Yesterday I wrote about how to waste space using the wrong compression settings. I a comment, Mohamed asked about encrypted mail.

I tested this in my demo environment. The result is a bit scary …

I have two users, ALPHA and BETA. ALPHA sends a mail to BETA with an attachment. The mail is encrypted when sent. BETA uses the same bitlike attachment and sends an encrypted mail to ALPHA.

Here is the result


One NLO for the mail stored in the sent view and one NLO for the file in the receiver’s inbox

Can this be correct or did I something wrong??

UPDATE: Encryption and the number of NLO’s ( Gary Rheaume )

3 thoughts on “DAOS – Encrypted mail

  1. Ulrich,

    Ofcourse this is correct. As domino can’t read encrypted mail all mail/attachments will be handled invidually. So no attacment is from that on the same.

    But to be honest this not something to be afraid of is it ? I mean on a server without DAOS these attachment where also stored 4 times.

  2. Try adding user GAMMA to the mix. You should still see one nlo for the sent version, even though there are two recipients, and one nlo for the saved version.

    The encryption process should generate a single symmetric key for the message, encrypt all contents with that key, then encrypt the key in the $SealData using each recipient’s public key. That means that there’s only one bitwise version of the attachment, even if you sent to 50 recipients.

    However, I believe that the protocol for SAVING a copy of a message in an encrypted format is different. So if you turn on the mail preference to Encrypt All Saved Mail, I think it doesn’t use the same symmetric key generation step that sending does — precisely because it happens in a different part of the process.

    However, the development team might consider this a bug — given how incredibly retentive they have been about the efficiency of DAOS. (To the point of engineering fetish rather than competitive advantage, in my opinion.)

Comments are closed.