For Smithereen, I plan on just having app developers include their push keys in their app metadata. They're not of any use without device tokens anyway so they should be safe to publish. The sending will be done by each user's server, there will be no centralized push gateway.