An encryption key is information (a string of alphanumeric characters) that is used to encode or decode information. The difficulty lies in telling people who need to decrypt information what the encryption key is. The most secure way of handling this is to use a public encryption key to encode information in such a way that only a different, private encryption key can decode it. In other words if I send a note to you, I encrypt it with your public key which is available to everyone but only you can decrypt the note using your private key. This is called Public Key encryption. Public Key encryption is good because public keys can be made available over the Internet and through directory services.

Deploying and managing public and private keys requires a framework for managing security information. Such a framework is called Public Key Infrastructure or PKI. For several years Domino was practically the only messaging and groupware system providing a PKI and PKI management tools, but it was implemented with proprietary RSA technology. The Notes ID with which all Notes administrators are familiar is actually a form of digital certificate containing public and private encryption keys. The most popular implementation of Public Key encryption for email is Secure Multipurpose Internet Mail Extensions or S/MIME.

S/MIME provides end-to-end Public Key encryption for email messages. A message encrypted by the sender can only be decrypted by the recipient. At no time during the transmission or routing of the message is the message stored unencrypted nor does any user or administrator have access to the content of the message. Through digital signatures, S/MIME also provides sender authentication and tamper detection.

Today, Internet standards-based security technologies dominate the market. Vendors which had previously lacked a security model equivalent to that of Domino have now implemented similar security models using Inter standards-based technologies. At the same time, competition is taking shape around the business of providing enterprise (intranet) and inter-enterprise (extranet) PKI management facilities. In a sense Domino has a head start but Lotus faces the challenge of integrating Internet standards-based security technology with its existing security model.

Digital certificates
Digital certificates are widely used for Internet applications and I mentioned that the Notes ID is a proprietary form of digital certificate. The Internet standard for digital certificates is X.509. Like the Notes ID, the X.509 certificate contains a user's public and private keys. Certificates are used in several ways including Public Key encryption, digital signature (a way of verifying the originator of information), and to establish trust between applications or organizations based on the issuer of the certificate (the Certificate Authority or CA). A certification authority (CA) is a trusted third party authorized to issue digital certificates.

A certificate consists of a public key signed by a trusted third party or Certificate Authority. Certificates make it possible for different users to trust one another's public keys. X.509 certificates are an electronic credential like a government-issued ID or passport. A certificate can be used to access an intranet or extranet application. For example, in order to log in to a system a client application such as a web browser presents the user's certificate to the system and uses it for authentication and access control. Information for external users, such as a business partner, can be made available to users whose certificates were issued by the organization for that purpose.