WKD Research: Measuring use. An mailinglist maintainers that would help?

Erich Eckner gnupg at eckner.net
Fri Oct 22 19:17:07 CEST 2021 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 22 Oct 2021, Bernhard Reiter wrote:

> Hello friends of OpenPGP,

Hi!

> as part of his Bachelor thesis [1], Christoph wants so to find out, which
> actions could increase the overall usage of WKD.

There are two parts of the usage: The publishing part and the 
search-for-and-use-if-available part. Both need separate measurements, I 
think.

>
> Ideally we should be able to observe some changes in the usage of WKD over
> time and hopefully can credit something to some changes like measures tried
> during the research.
>
> So how do we observe WKD usage over time? Obviously this is hard to do,
> as we are in a decentral system, this is designed to keep things private.
>
> Thus our measurement could only be indirectly.
>
> One idea is: If we have a public email address where a lot of emails are send
> to, e.g. the submission address of a mailinglist
> we could set up an OpenPGP key for it via WKD
> and use a small tool to pipe each incoming mail through on the server
> to decrypt and count the mail.

Wouldn't this break DKIM signatures on the mail? Just to be clear: You 
intend to send the encrypted mail through the mailing list as usual, 
right?

Also: This would only cover mailing lists and thus skew the results. What 
about organizations, that use WKD in-house, but whose members rarely write 
to mailing lists?

>
> We can also count the number of request for the WKD address on the webserver
> serving the WKD. In both counts, no personal data is saved.
> So it is just about the safety of the decryption tool, which can be provided.
>
> Do you know email addresses, e.g. of mailinglists, where you know the server
> administrators would be potentially willing to help this academic research?
>
> An other ideas?

If you want to fiddle around with mailservers, I would prefer your second 
approach: You measure the requests to the webserver, but actually don't 
offer a key via WKD - thus, the email flow is undisturbed, but you still 
get your metrics.

For measuring the publishing part, one could actively query for WKD on 
known MX domains.

For measuring the usage part, I think, it's more valuable to have a look 
at available software and their features: How many people use mail client 
X, and does X have WKD enabled by default or can it use WKD at all / as a 
fallback / ...

>
> Best Regards,
> Bernhard

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmFy8hUACgkQCu7JB1Xa
e1pl1g/9F7mEkQhHS6nT9lFOJb6qj+lbuRU33wAtqcUdY4VsuEZOiG0rjTQWwrkJ
MkeC8Q09zNZu7xNEy4R86R9nhjyZjgohjqbxxntdSL5YCsJCVGVLLz6dvmzUIXTc
xtEgIZp8Qi2ftOLZQaCc9qkp6RduuBoqJPbLIgan+XWvRIQE2X4/xaDljVuJUkqz
m3I7tQzsdm6QFK+0w6WiWp4qigNpkxWe8j/LlOWzQROXymkymDOmnDVX+qPakoh0
P1q5rD9tlFvDSAEURHw3b9KpFgD0F9hvzquzl7T2t58zgXph/LXu5cHJqYJNdqgq
t4J7ZM4bK6pRjwz1vlKyoqvK+7NS9HWr8f3b+9mr4nNpJtC8bgUmIBDnMPWkl490
OedA6I+mczhtCidJMEfU1QxE/CR3f8YlFbu7zkXZ++VAedm3uY5dyWltZSr7u+fw
Swbuw3gYPIPUi0pN+LnXvDFDZCEkn7fzSrkwkMUa0nlMXMGzX3pAUooVVktZjnN1
JCf5Mg6hSr8giHhHzNcBN3FmFC6wTeXgUk/HLcgi/OrUClDHsCS2zB372ZhtxXWo
EI++nbYBDGFMjt6CLl6bSqTPTQH4r9YHQvlOmA2D2VGhejskcZObbbM/C15JErKr
fZf7sre8x7wvgALmRoDG2MK6Pk9j8VA0VCqn7sLIcA80gPbNk9k=
=xoNe
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list