WKD Research: Measuring use. An mailinglist maintainers that would help?
gnupg at eckner.net
Fri Oct 22 19:17:07 CEST 2021
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 22 Oct 2021, Bernhard Reiter wrote:
> Hello friends of OpenPGP,
> as part of his Bachelor thesis , Christoph wants so to find out, which
> actions could increase the overall usage of WKD.
There are two parts of the usage: The publishing part and the
search-for-and-use-if-available part. Both need separate measurements, I
> Ideally we should be able to observe some changes in the usage of WKD over
> time and hopefully can credit something to some changes like measures tried
> during the research.
> So how do we observe WKD usage over time? Obviously this is hard to do,
> as we are in a decentral system, this is designed to keep things private.
> Thus our measurement could only be indirectly.
> One idea is: If we have a public email address where a lot of emails are send
> to, e.g. the submission address of a mailinglist
> we could set up an OpenPGP key for it via WKD
> and use a small tool to pipe each incoming mail through on the server
> to decrypt and count the mail.
Wouldn't this break DKIM signatures on the mail? Just to be clear: You
intend to send the encrypted mail through the mailing list as usual,
Also: This would only cover mailing lists and thus skew the results. What
about organizations, that use WKD in-house, but whose members rarely write
to mailing lists?
> We can also count the number of request for the WKD address on the webserver
> serving the WKD. In both counts, no personal data is saved.
> So it is just about the safety of the decryption tool, which can be provided.
> Do you know email addresses, e.g. of mailinglists, where you know the server
> administrators would be potentially willing to help this academic research?
> An other ideas?
If you want to fiddle around with mailservers, I would prefer your second
approach: You measure the requests to the webserver, but actually don't
offer a key via WKD - thus, the email flow is undisturbed, but you still
get your metrics.
For measuring the publishing part, one could actively query for WKD on
known MX domains.
For measuring the usage part, I think, it's more valuable to have a look
at available software and their features: How many people use mail client
X, and does X have WKD enabled by default or can it use WKD at all / as a
fallback / ...
> Best Regards,
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-devel