Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
WKD Research: Measuring use. An mailinglist maintainers that would help?
bernhard at intevation
Oct 22, 2021, 7:35 AM
Post #1 of 2 (269 views)
Permalink
Hello friends of OpenPGP,

as part of his Bachelor thesis [1], Christoph wants so to find out, which
actions could increase the overall usage of WKD.

Ideally we should be able to observe some changes in the usage of WKD over
time and hopefully can credit something to some changes like measures tried
during the research.

So how do we observe WKD usage over time? Obviously this is hard to do,
as we are in a decentral system, this is designed to keep things private.

Thus our measurement could only be indirectly.

One idea is: If we have a public email address where a lot of emails are send
to, e.g. the submission address of a mailinglist
we could set up an OpenPGP key for it via WKD
and use a small tool to pipe each incoming mail through on the server
to decrypt and count the mail.

We can also count the number of request for the WKD address on the webserver
serving the WKD. In both counts, no personal data is saved.
So it is just about the safety of the decryption tool, which can be provided.

Do you know email addresses, e.g. of mailinglists, where you know the server
administrators would be potentially willing to help this academic research?

An other ideas?

Best Regards,
Bernhard

[1] https://wiki.gnupg.org/WKD/Misc

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attached Files:

Re: WKD Research: Measuring use. An mailinglist maintainers that would help? [ In reply to ]
gnupg-devel at gnupg
Oct 22, 2021, 10:17 AM
Post #2 of 2 (269 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 22 Oct 2021, Bernhard Reiter wrote:

> Hello friends of OpenPGP,

Hi!

> as part of his Bachelor thesis [1], Christoph wants so to find out, which
> actions could increase the overall usage of WKD.

There are two parts of the usage: The publishing part and the
search-for-and-use-if-available part. Both need separate measurements, I
think.

>
> Ideally we should be able to observe some changes in the usage of WKD over
> time and hopefully can credit something to some changes like measures tried
> during the research.
>
> So how do we observe WKD usage over time? Obviously this is hard to do,
> as we are in a decentral system, this is designed to keep things private.
>
> Thus our measurement could only be indirectly.
>
> One idea is: If we have a public email address where a lot of emails are send
> to, e.g. the submission address of a mailinglist
> we could set up an OpenPGP key for it via WKD
> and use a small tool to pipe each incoming mail through on the server
> to decrypt and count the mail.

Wouldn't this break DKIM signatures on the mail? Just to be clear: You
intend to send the encrypted mail through the mailing list as usual,
right?

Also: This would only cover mailing lists and thus skew the results. What
about organizations, that use WKD in-house, but whose members rarely write
to mailing lists?

>
> We can also count the number of request for the WKD address on the webserver
> serving the WKD. In both counts, no personal data is saved.
> So it is just about the safety of the decryption tool, which can be provided.
>
> Do you know email addresses, e.g. of mailinglists, where you know the server
> administrators would be potentially willing to help this academic research?
>
> An other ideas?

If you want to fiddle around with mailservers, I would prefer your second
approach: You measure the requests to the webserver, but actually don't
offer a key via WKD - thus, the email flow is undisturbed, but you still
get your metrics.

For measuring the publishing part, one could actively query for WKD on
known MX domains.

For measuring the usage part, I think, it's more valuable to have a look
at available software and their features: How many people use mail client
X, and does X have WKD enabled by default or can it use WKD at all / as a
fallback / ...

>
> Best Regards,
> Bernhard

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmFy8hUACgkQCu7JB1Xa
e1pl1g/9F7mEkQhHS6nT9lFOJb6qj+lbuRU33wAtqcUdY4VsuEZOiG0rjTQWwrkJ
MkeC8Q09zNZu7xNEy4R86R9nhjyZjgohjqbxxntdSL5YCsJCVGVLLz6dvmzUIXTc
xtEgIZp8Qi2ftOLZQaCc9qkp6RduuBoqJPbLIgan+XWvRIQE2X4/xaDljVuJUkqz
m3I7tQzsdm6QFK+0w6WiWp4qigNpkxWe8j/LlOWzQROXymkymDOmnDVX+qPakoh0
P1q5rD9tlFvDSAEURHw3b9KpFgD0F9hvzquzl7T2t58zgXph/LXu5cHJqYJNdqgq
t4J7ZM4bK6pRjwz1vlKyoqvK+7NS9HWr8f3b+9mr4nNpJtC8bgUmIBDnMPWkl490
OedA6I+mczhtCidJMEfU1QxE/CR3f8YlFbu7zkXZ++VAedm3uY5dyWltZSr7u+fw
Swbuw3gYPIPUi0pN+LnXvDFDZCEkn7fzSrkwkMUa0nlMXMGzX3pAUooVVktZjnN1
JCf5Mg6hSr8giHhHzNcBN3FmFC6wTeXgUk/HLcgi/OrUClDHsCS2zB372ZhtxXWo
EI++nbYBDGFMjt6CLl6bSqTPTQH4r9YHQvlOmA2D2VGhejskcZObbbM/C15JErKr
fZf7sre8x7wvgALmRoDG2MK6Pk9j8VA0VCqn7sLIcA80gPbNk9k=
=xoNe
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal