I previously wrote about the Domino/Notes Check password option. I made the point that this feature is widely overlooked but is useful for creating a secure computer system. The other feature that I consider similar is the Check public key option. It also applies to Notes ID authentication within Domino and can lead to a significant increase in overall system security. The feature is widely underutilized.
The Check public key feature causes Notes to perform an additional step during authentication of a Notes user. After verifying that the typed password unlocks the Notes ID file, Notes extracts the user's public key from the ID file and then passes this key to the Domino server. Domino compares the public key from the Notes ID file to the public key stored in the user's Person document in the Domino Directory (names.nsf). If the two public keys match, Domino believes that this Notes ID file is valid for this person. If the public keys do not match, Domino rejects the log-on attempt. The entire feature is turned on/off by the setting at Names.nsf / Server / Servers / Security / Compare Notes Public Keys. Unlike Check password, however, Check public key cannot be enabled on a per-user basis.
So how is this feature useful? How could the two copies of the public keys not match? Suppose someone in your organization has stolen a copy of the corporate certifier ID and he/she uses the certifier to create another Notes ID file for your name. This ID file is valid, in some respects, because it is certified by the true corporate certifier. But the ID files are different in that they have different public/private key pairs. (Whenever a new ID file is created, the key pair is unique.) So the bogus ID file will work to authenticate a rogue user as having your name, if the public key is not checked. When Check public key is enabled, the server will reject the bogus ID file because its public key does not match your real one.
Readers who have had their cappuccino this morning will notice a problem in the above scenario. Suppose someone steals a copy of your exact Notes ID file, perhaps by sitting down at your computer while you are at lunch. In this case, the public key in the stolen ID exactly matches your true public key. Will the Check public key option help in this case? Yes, it will -- if you suspect the theft has occurred. Any time you want, you can force Notes to create a new public key for your Notes ID and export this key to the server's public directory. Doing so invalidates the stolen copy of your ID, because it no longer has your current public key. To perform this operation, see Domino Admin Help / Index / Public Keys / Verifying / Creating a New Notes Public Key.
For the reasons cited above, I encourage all my security customers to implement both Check password and Check public key. Used together, they close several holes in Notes/Domino related to stolen and bogus ID files.
Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes. CHC-3 allows companies to outsource their Domino administration needs via DominoAdministration.com and runs the popular security site DominoSecurity.org.