Loading policy/tpa-rfc-18-security-policy.md +8 −5 Original line number Diff line number Diff line Loading @@ -97,20 +97,23 @@ status: * Public mailing list archives. * Public forums. * Public chat channels. 2. **PRIVATE**: 2. **PRIVATE**: anything meant only to tor-internal, loss of confidentiality would not cause great harm * Private [GitLab][] groups/repositories. * Confidential tickets. * Internal ticket notes. 3. **SECRET**: * [Nextcloud][]. 4. **TOP SECRET**: 3. **SECRET**: meant only for TPA, with need-to-know access, loss of confidentiality cause great harm or at least significant logistical challenges (e.g. mass password rotations) * Only on encrypted media (such as a [KeePassXC][] wallet on [Nextcloud][]). Declassifications MUST be decided in a case-by-case basis and never put Declassification MUST be decided in a case-by-case basis and never put people in danger. It's RECOMMENDED that each document has a version and an INFOSEC status on it's beginning. beginning. This MAY be a application-specific status like a GitLab issue that's marked as "confidential". [Nextcloud]: https://nc.torproject.net [GitLab]: https://gitlab.torproject.org Loading Loading
policy/tpa-rfc-18-security-policy.md +8 −5 Original line number Diff line number Diff line Loading @@ -97,20 +97,23 @@ status: * Public mailing list archives. * Public forums. * Public chat channels. 2. **PRIVATE**: 2. **PRIVATE**: anything meant only to tor-internal, loss of confidentiality would not cause great harm * Private [GitLab][] groups/repositories. * Confidential tickets. * Internal ticket notes. 3. **SECRET**: * [Nextcloud][]. 4. **TOP SECRET**: 3. **SECRET**: meant only for TPA, with need-to-know access, loss of confidentiality cause great harm or at least significant logistical challenges (e.g. mass password rotations) * Only on encrypted media (such as a [KeePassXC][] wallet on [Nextcloud][]). Declassifications MUST be decided in a case-by-case basis and never put Declassification MUST be decided in a case-by-case basis and never put people in danger. It's RECOMMENDED that each document has a version and an INFOSEC status on it's beginning. beginning. This MAY be a application-specific status like a GitLab issue that's marked as "confidential". [Nextcloud]: https://nc.torproject.net [GitLab]: https://gitlab.torproject.org Loading
