1 On January 15, the U.S. Government relaxed export restrictions on the worldwide shipment of strong encryption (defined as 128 bit support). Software eligible for US export is classified into one of two categories: „Non-Retail“ software can be shipped worldwide, except to foreign governments, and „Retail“ can be shipped worldwide to any customer, including foreign governments.

In order to attain a Retail status for release 5.0.4, the first „Global“ release, US export regulations require a one time application, review and approval process prior to shipment to international governments and their agencies. Lotus has received this status. The US Government granted Lotus non-Retail and Retail status for Lotus Notes and Domino R4 and R5, Lotus QuickPlace 1.x and Lotus Sametime 1.x.

The implication to Lotus and its customers is that worldwide shipment of stronger encryption is now permitted. Customers will no longer be required to order and choose between 6 kits (North American, North American Canadian French, International English, International English for France , French for France, and French) of different cryptographic strength. Notes/Domino release 5.0.4 meets this new strong encryption standard.

Any R4 or R5 North American Edition is immediately available to commercial, individual and foreign government customers worldwide (retail status, which Lotus has obtained, makes it possible to ship to foreign governments), with the exception of the seven prohibited countries. (Currently, the seven prohibited countries are Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria).

These regulations pertain only to export from the United States. For other countries with import regulations, (e.g. France, China, etc.) customers will need to check the requirements of the specific country. Lotus is in the process of applying for permission to ship release 5.0.4 to France and China. While Lotus takes all steps to ensure acquiescence with governmental encryption regulations worldwide, Lotus recommends that customers familiarize themselves with local encryption regulations to remain in compliance.

From the customer perspective, there is:

As long as the new software is installed, Lotus Notes users can keep their existing International ID. The new software will automatically allow the use of stronger encryption.

Browser users can keep their existing key ring, but users must follow the manufacturer’s recommendations for upgrading the browser to stronger encryption.

Lotus Notes users as well as Domino servers which have been upgraded to release 5.0.4 can authenticate and continue day-to-day operations securely with clients and servers running on earlier releases of software.

International customers who choose to continue using weaker encryption can remain at 5.0.3 (or earlier) or 4.6.7 (or earlier). Should they decide to upgrade only a portion of the clients and servers, they will still interoperate with older releases.

There are several reasons why Lotus has elected to preserve the dialog:

Choose File – Tools – User ID. The description for „Software“ should be "Global".

The R5 family and beyond is the strategic direction for Lotus Notes and Domino. Lotus has no plans for additional Quarterly Maintenance Releases post R4.5.7 and R4.6.7 code streams; only Quarterly Maintenance Updates (QMU’s) are planned for these respective releases. Lotus Notes and Domino release plans for Q1 and Q2 2000 are available at http://www.notes.net.

Lotus will provide support for all R5.x international releases, regardless of the encryption scheme, until Lotus publicly issues an End of Life (EOL) statement outlining plans to end support for a release(s).

Today, North American software may be used worldwide, but users utilizing international IDs will automatically negotiate down to a lower level of encryption. The only way to use the higher level encryption prior to release 5.0.4 is to use the North American release and to create a North American ID. This is now allowed by U.S. law.

Anything over 512 bit RSA key and 56 bit symmetric key is considered strong encryption and was previously not allowed for export. With the availability of release 5.0.4, the Notes client and Domino will support 1024 bit RSA key and 128 bit symmetric key for S/MIME and SSL. The Notes proprietary protocols will use a 630 bit key for key exchange, and a 64 bit symmetric key.

For International IDs, 630 bit encryption will be used for port encryption. International ID encryption for Notes Mail will remain at the 512 bit encryption strength for R5.0.4. Plans call for international ID mail encryption to achieve 630 bit strength in a future R5 release.

When you upgrade to release 5.0.4, stronger cryptography will be used without a requirement to reissue existing IDs. These changes are seamless to users as well as administrators. When two different versions of software are communicating, the encryption negotiation will result in a step-down to the weaker level. Therefore, the full benefits of stronger encryption will only be realized when all software has been upgraded to the release 5.0.4 level. However, any mixed versions of the software will interoperate.

If users are accessing Domino from a Web client, in order to take advantage of stronger crypto, customers need to install release 5.0.4 on the Domino server and obtain a browser capable of strong encryption. Even using a 512 bit key ring, Domino Servers running release 5.0.4 will negotiate strong session encryption (ie, 128 bit RC4 or TripleDES).

However, to take best advantage of the relaxation of regulations, customers should obtain a new 1024 bit key pair for their Domino server. For third party browsers, follow the manufacturer’s recommendations for upgrading to stronger encryption.