I certainly wouldn’t want end users calling me because they lost their recovery keys and consequently all their data. So I can understand offering or even recommending fallbacks.
The real solution would be clear and obvious documented choice for an informed decision. Online backup for fallback but meaning possibility of court order compromise and other external management risks, or self-managed with no recovery in case of loss.
Wasn’t this by design? Otherwise why keeping the decryption keys on servers located in the united states’?
It’s a consequence of the design.
I certainly wouldn’t want end users calling me because they lost their recovery keys and consequently all their data. So I can understand offering or even recommending fallbacks.
The real solution would be clear and obvious documented choice for an informed decision. Online backup for fallback but meaning possibility of court order compromise and other external management risks, or self-managed with no recovery in case of loss.