HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.


For more information on products and upcoming events around #dominoforever, please visit: HCL Domino Page


Add a new idea Subscribe
Status Planning to Implement
Workspace Domino
Categories Security
Created by Guest
Created on Jan 30, 2025

RELATED IDEAS

Add Quantum-Resilient Cryptography

This idea requests to add Quantum-Resilient Cryptography (Q-safe, QC or PQC) for:

  • Encryption of NRPC-based traffic,

  • Internet Protocols (https, smtps, imaps, ldaps, etc.),

  • S/MIME encryption

  • Everything else not listed here,

The security risk is that attackers may copy and save encrypted Domino data today, for a later attack, when Quantum Computers will be available to break the encryption. (harvest now, decrypt later)


A document from NIST suggests that RSA, ECDSA, EdDSA (all of traditional asymmetric cryptography known today) should be "disallowed" after 2035:

https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf


The Australian government "does not approve" traditional cryptography after 2030 (even including SHA-2):

https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography


This document has been published related to S/MIME encryption:

https://cabforum.org/2025/07/02/ballot-smc-013/


The EU has issued a recommendation in the document 2024/1101:

https://eur-lex.europa.eu/eli/reco/2024/1101/oj/eng

In other EU regulations (e.g. such as NIS2), PQC is implicitly targeted through crypto-agility and risk-based cryptographic policy.


PQ Shield gives an overview over PQC Roadmaps:

https://pqshield.com/pqc-transition-roadmaps-and-guidance/


As nobody knows the future, it would be good to add Quantum-Resilient Cryptography well in advance before large enough Quantum Computers become reality.

[ Toni Feric, Belsoft Collaboration ]

  • Attach files
  • Guest
    Apr 14, 2026

    As of today, OpenSSL 3.5.2 (used by Domino 14.5.1) is offering QC support in TLS1.3 (through X25519MLKEM768 for handshake). That would be a low-hanging fruit, and a pretty good start! Compatibility would still be available through TLS1.2.

    [ author of the idea ]

    Reply
  • Guest
    Oct 1, 2025

    I have modified the initial idea to exclude AES (and other encryption related to symmetric cryptography).

    [ author of the idea ]

    Reply
  • Guest
    Apr 17, 2025

    @ previous commenter: thanks for this important clarification. This will help to narrow the scope of urgency.

    [ author of the idea ]

    Reply
  • Guest
    Feb 27, 2025

    Just one technical correction to this excellent idea: AES isn't as vulnerable to quantum computing as the other algorithms listed here. The current understanding is that 256 bit AES will be as secure against a quantum computing based attack as 128 bit AES is to a classical computing based attack. Quoting from that NIST document that you referenced:

    "As discussed in Sec. 4.1.3, the existing algorithm standards for symmetric cryptography are less vulnerable to attacks by quantum computers. NIST does not expect to need to transition away from these standards as part of the PQC migration. "

    Reply
                                    Copyright © 2025 HCLSoftware Limited