Discussion about using a central Fallback server for the EasyGpg2016/PubkeyDistributionConcept or not.

Status: currently (20160815) a central fallback server is a disregarded alternative

The first concept of the EasyGPG contract proposed a fallback server for discovery of a pubcert, the mail-service-provider (MSP) does not offer a lookup service.

Central fallback server

What if some mail service providers are slow on the uptake of this concept?

Would our archetype users consider switching to another email provider? Bob probably would, but the others?

The idea of a fallback server is to enable users to participate in the concept without direct support of their mail service provider. This is a main advantage to provide first value quickly to many email users and show that the usability concept works on a greater scale.

But it comes at a number of potential drawbacks:

  1. A central service requires extra interaction for building the connection between email owner and corresponding cert. It basically becomes some sort of 'validating keyserver' with all of its security problems.
  2. The more percentage of certs it holds, the more valuable it becomes making it more and more a target for attacks, a single point of failure and harder to operate.
  3. It may diminish the motivation of MSP to implement the part of the service on their side, because it is already working.
  4. When saving personal data like an email-address, there are legal requirements regarding data privacy for running such a service in some countries. Example: Germany. An MSP already saves personal data for the user of the email address.

To try to avoid some of the drawbacks someone could:

EasyGpg2016/PubkeyDistributionConcept/FallbackServer (last edited 2016-08-16 12:50:37 by bernhard)