[tor-bugs] #6987 [- Select a component]: Rehearse email registration helper key compromise
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Sep 27 20:42:52 UTC 2012
#6987: Rehearse email registration helper key compromise
----------------------------------+-----------------------------------------
Reporter: dcf | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: - Select a component | Version:
Keywords: | Parent: #6383
Points: | Actualpoints:
----------------------------------+-----------------------------------------
What happens if the Gmail password or RSA private key in #6383 is
compromised? We should simulate that situation, and document the steps
needed to recover from it.
The steps to be taken probably include at least
* Deactivate the Gmail account.
* Create a new Gmail account (or use one already created in reserve) with
a new password.
* Set up a new application-specific IMAP password (see #6986).
* Install the application-specific password on the facilitator.
* Generate a new RSA keypair and install on the facilitator.
* Insert the new email address and RSA public key in the {{{flashproxy-
reg-email}}} program.
* Build new flashproxy-client packages with the new email address and
public key.
* Security announcement of new packages.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6987>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list