Opened 5 years ago

Last modified 5 years ago

#6987 new task

Rehearse email registration helper key compromise

Reported by: dcf Owned by: dcf
Priority: Medium Milestone:
Component: Archived/Flashproxy Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

What happens if the Gmail password or RSA private key in #6383 is compromised? We should simulate that situation, and document the steps needed to recover from it.

The steps to be taken probably include at least

  • Deactivate the Gmail account.
  • Create a new Gmail account (or use one already created in reserve) with a new password.
  • Set up a new application-specific IMAP password (see #6986).
  • Install the application-specific password on the facilitator.
  • Generate a new RSA keypair and install on the facilitator.
  • Insert the new email address and RSA public key in the flashproxy-reg-email program.
  • Build new flashproxy-client packages with the new email address and public key.
  • Security announcement of new packages.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by dcf

Component: - Select a componentFlashproxy
Owner: set to dcf

comment:2 Changed 5 years ago by dcf

Parent ID: #6383
Note: See TracTickets for help on using tickets.