Closed alexxroche closed 5 years ago
Sorry for our late response. Due to the guarantees the keyshare server is intended to give, it is not an option to let users run their own. However, the ammount of information it stores on users is very limited. Only the keyshare secret is stored on the keyshare server, together with a randomly generated username, a salted hash of the pincode chosen during registration, and if provided during registration, the users email adres. All other information, such as credentials, is only ever stored physically on the phone.
I'm not worried about the amount of information that you are storing, (though that is a valid issue.) If we accept that everything eventually fails then the privacybydesign foundation becomes a single point of failure. The "my way or the highway" philosophy usually leads to poor adoption, or a perfect shining city in the middle of a forest. IRMA has so much potential and the digital world clearly needs an upgrade to the vulnerabilities in the web-of-trust model. I still hope that IRMA will be successful.
During initial account configuration the client app on the phone should, (MUST?) offer the user the option to specify their own IRMA back-end server. (We should look to Mozilla and how they let anyone install their own Firefox Accounts server.)