From d764c48e34c55c930e3b2204e821d0aa260d01d1 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Sun, 29 Nov 2020 00:31:49 -0300
Subject: TODOs.org: Ressurect decision on public SSH key leakage and add
 anchors

---
 TODOs.org | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/TODOs.org b/TODOs.org
index 74aa47f..2583cf1 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -1,4 +1,7 @@
 * Tasks
+:PROPERTIES:
+:CUSTOM_ID: tasks
+:END:
 ** TODO External volume
 #+BEGIN_SRC hcl
 variable "storage_name" {
@@ -36,6 +39,10 @@ re-creating everything from scratch.
 - http://rkhunter.sourceforge.net/
 ** TODO Security review
 https://cheatsheetseries.owasp.org/Glossary.html
+* Bugs
+:PROPERTIES:
+:CUSTOM_ID: bugs
+:END:
 * Services
 ** TODO =git.$tld=: cgit
 ** TODO =$project.$tld=: static documentation for projects
@@ -44,8 +51,32 @@ https://cheatsheetseries.owasp.org/Glossary.html
 ** TODO =chat.$tld=: Matrix/XMPP
 ** TODO =meet.$tld=: Jitsi/Nextcloud Talk
 ** TODO =$tld=: Jekyll blog
+* Improvements
 * Decisions
-** Matrix over XMPP
+:PROPERTIES:
+:CUSTOM_ID: decisions
+:END:
+** DONE On public SSH key leakage
+:PROPERTIES:
+:CUSTOM_ID: d38019ac-a2ad-484d-91e5-f4bdb1fa00ca
+:END:
+CLOSED: [2020-11-29 dim. 00:27]
+- State "DONE"       from              [2020-09-06 dim. 00:00]
+
+As described in "[[https://rushter.com/blog/public-ssh-keys/][Public SSH keys can leak your private infrastructure]]", public
+SSH keys can expose undesired infrastructure, specially for targeted attacks.
+
+I'm not considering this a threat, since the link between the server and me is
+already public. It may be much more effective to just change the SSH port away
+from the default: it doesn't accomplish the same thing, but it prevents simple
+detections. It is still possible to find this out via a script, but is orders of
+magnitute harder for the attacker.
+** DONE Matrix over XMPP
+:PROPERTIES:
+:CUSTOM_ID: de89fc4e-5c36-4f6b-9227-221b70e9f321
+:END:
+CLOSED: [2020-11-29 dim. 00:29]
+- State "DONE"       from              [2020-11-29 dim. 00:29]
 I'm picking Matrix. Not because of the protocol or anything else, but because it
 has the two relevant double-puppeting bridges: mautrix-telegram and
 mautrix-whatsapp.
-- 
cgit v1.2.3