Discussion about using a central Fallback server for the EasyGpg2016/PubkeyDistributionConcept or not.
Status: currently (20160815) a central fallback server is a disregarded alternative
The first concept of the EasyGPG contract proposed a fallback server for discovery of a pubcert, the mail-service-provider (MSP) does not offer a lookup service.
Central fallback server
What if some mail service providers are slow on the uptake of this concept?
Would our archetype users consider switching to another email provider? Bob probably would, but the others?
The idea of a fallback server is to enable users to participate in the concept without direct support of their mail service provider. This is a main advantage to provide first value quickly to many email users and show that the usability concept works on a greater scale.
But it comes at a number of potential drawbacks:
- A central service requires extra interaction for building the connection between email owner and corresponding cert. It basically becomes some sort of 'validating keyserver' with all of its security problems.
- The more percentage of certs it holds, the more valuable it becomes making it more and more a target for attacks, a single point of failure and harder to operate.
- It may diminish the motivation of MSP to implement the part of the service on their side, because it is already working.
- When saving personal data like an email-address, there are legal requirements regarding data privacy for running such a service in some countries. Example: Germany. An MSP already saves personal data for the user of the email address.
To try to avoid some of the drawbacks someone could:
- Publish statistics about the number of email addresses from certain mail user providers on the corresponding website.
- Approach mail service providers repeatedly if their email usage is growing over certain numbers.
- Put public limits in for the service in numbers and time. E.g. now that 100k user from example.com use the fallback server, we will provide access to them for another three month and after one month warning them of the discontinuing of the service.
- Publicly announce mail service providers that are now offering the service on the same website.
- Help mail service providers to make it really easy to implement their part, e.g. by providing software components and migration support from the fallback server.
- (For being able to inform fallback server users of a change of service, there must be provisions when signing the users up that it is okay to do so later.)