Differences between revisions 1 and 12 (spanning 11 versions)

Usability of WKD

How good does an email client use WKD (to improve crypto usability)

In a bachelor thesis two use cases were developed which describe how users who don't have much experience with encryption can encrypt emails or check signatures with little effort and a good usability.
These use cases are used to name criteria which help developers to improve the usability of their products. They are also useful when it comes to a comparison between the usability of different products.
OpenPGP pubkeys fetched via WKD come with basic trust. See the explanations of the web key directory concept why.

C1 - Direct method: The product allows fetching pubkeys by the direct method of WKD somehow.
C2 - Advanced method: The product allows fetching pubkeys somehow, by the preferred, "advanced" method of WKD.
- Why? - Not all servers are able to offer the Direct method. Implementing both direct and advanced method means a higher chance that users get a key and can use encryption.
C3 - WKD-ready: ´WKD can be used without any preparations after a clean installation
C4 - Offered in compose area: WKD is offered in the area where users enter an email-address. To fulfill this criterion it's sufficient that there is a button to start a key lookup. It's not necessary that WKD will be executed automatically. But, users shouldn't have to open additional windows before they can start the lookup.
C5 - Automatic WKD (Compose): The product uses WKD automatically when users enter an email-address in the area where they can compose an email. The users do not have to press a button to retrieve a key via WKD.
C6 - Prefer WKD-keys (Compose): When the product has access to keys which were directly imported and don't contain any information about their trust and a WKD-key it should automatically use the WKD-key. This criterion applies to the area to compose an email.
C7 - Displays basic trust (Compose): The product distinguishes between keys without any information about their trust and WKD-keys that have at least a basic trust. It displays this trust in the area to compose an email.

Advanced features to improve the usability

On this page the basic aspects are explained that should be considered when building WKD into an email client. But there is more what you can do to improve the usability even further.

Usability of different email clients

Multiple email clients offer the feature WKD already. Some of them were tested to check how many of the criteria they fulfill.

-  ⇤ ← Revision 1 as of 2022-04-06 10:40:01 → 
  Size: 10219
  Editor: Christoph Klassen
  Comment: initial commit with results about GpgOL and Balsa
+   ← Revision 12 as of 2023-05-05 16:15:48 → ⇥
  Size: 2719
  Editor: Christoph Klassen
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 3:
-==Criteria for implementing WKD with a good usability
+== How good does an email client use WKD (to improve crypto usability)
-Line 6:
+Line 8:
-\\WKD-keys have a basic trust because they are fetched from WKD-servers that belong to email-providers. Reasons for that are that email-provider know that a pubkey belongs to an email-address and that email-providers usually have a higher security level than private persons who maintain a server. Some criteria reflect this basic trust of WKD-keys.

*C1: The product supports the direct method of WKD
*C2: The product supports the advanced method of WKD
*C3: The product is ready for WKD without any preparations after a clean installation
*C4: WKD is offered in the area where users enter an email-address. To fulfill this criterion it's sufficient that there is a button to start a key lookup. It's not necessary that WKD will be executed automatically. But, users shouldn't have to open more than one additional window.
*C5: WKD is offered in the area where users check the signature of an email. Like for K3 users shouldn't have to open more than one additional window.
*C6: The product uses WKD automatically when users enter an email-address in the area where they can compose an email. The users do not have to press a button to retrieve a key via WKD.
*C7: When the product has access to keys which were directly imported and don't contain any information about their trust and a WKD-key it should automatically use the WKD-key (in the area to **compose** an email).
*C8: When the product has access to keys which were directly imported and don't contain any information about their trust and a WKD-key it should automatically use the WKD-key (in the area to **check the signature** of an email).
*C9: The product distinguishes between keys without any information about their trust and keys that have at least a basic trust (e.g. WKD-keys or marginal valid keys in the web of trust) and displays this difference in the area to **compose** an email. In this criterion it doesn't matter, how the trust is calculated.
*C10: The product distinguishes between keys without any information about their trust and keys that have at least a basic trust (e.g. WKD-keys or marginal valid keys in the web of trust) and displays this difference in the area to **check the signature** of an email. In this criterion it doesn't matter, how the trust is calculated.
*C11: Displays that WKD-keys have a basic trust (**compose**).
*C12: Displays that WKD-keys have a basic trust (**check of signature**).
*C13: Displays different levels of trust (**compose**).
*C14: Displays different levels of trust (**check of signature**).

==Usability of different products

===Balsa

Tested version: 2.6.3

|=Criterion|=Fullfilled|
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes|
|=C3: WKD-ready|{{icon-error.png}} no|
|=C4: Offered in compose area|{{icon-error.png}} no|
|=C5: Offered in signature area|{{icon-error.png}} no|
|=C6: Automatic WKD (Compose)|{{icon-error.png}} no|
|=C7: Prefer WKD-keys (Compose)|
|=C8: Prefer WKD-keys (Signature)|
|=C9: Can display basic trust (Compose)|{{icon-error.png}} no|
|=C10: Can display basic trust (Signature)|{{checkmark.png}} yes|
|=C11: Displays basic trust for WKD-keys(Compose)|
|=C12: Displays basic trust for WKD-keys (Signature)|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|{{icon-error.png}} no|

===Claws Mail

Tested version: 3.18.0/4.0.0

|=Criterion|=Fullfilled
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes|
|=C3: WKD-ready|{{icon-error.png}} no|
|=C4: Offered in compose area|{{icon-error.png}} no|
|=C5: Offered in signature area|{{checkmark.png}} yes|
|=C6: Automatic WKD (Compose)|{{icon-error.png}} no|
|=C7: Prefer WKD-keys (Compose)|{{icon-error.png}} no|
|=C8: Prefer WKD-keys (Signature)|{{icon-error.png}} no|
|=C9: Can display basic trust (Compose)|{{icon-error.png}} no|
|=C10: Can display basic trust (Signature)|{{checkmark.png}} yes|
|=C11: Displays basic trust for WKD-keys(Compose)|{{icon-error.png}} no|
|=C12: Displays basic trust for WKD-keys (Signature)|{{icon-error.png}} no|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|{{checkmark.png}} yes|

===FairEmail

Tested version: 1.1776

|=Criterion|=Fullfilled
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes|
|=C3: WKD-ready|{{icon-error.png}} no|
|=C4: Offered in compose area|{{icon-error.png}} no|
|=C5: Offered in signature area|{{icon-error.png}} no|
|=C6: Automatic WKD (Compose)|{{icon-error.png}} no|
|=C7: Prefer WKD-keys (Compose)|{{icon-error.png}} no|
|=C8: Prefer WKD-keys (Signature)|{{icon-error.png}} no|
|=C9: Can display basic trust (Compose)|{{icon-error.png}} no|
|=C10: Can display basic trust (Signature)|{{icon-error.png}} no|
|=C11: Displays basic trust for WKD-keys(Compose)|{{icon-error.png}} no|
|=C12: Displays basic trust for WKD-keys (Signature)|{{icon-error.png}} no|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|{{icon-error.png}} no|

===K9Mail

Tested version: 5.806

|=Criterion|=Fullfilled
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes|
|=C3: WKD-ready|{{icon-error.png}} no|
|=C4: Offered in compose area|{{icon-error.png}} no|
|=C5: Offered in signature area|{{icon-error.png}} no|
|=C6: Automatic WKD (Compose)|{{icon-error.png}} no|
|=C7: Prefer WKD-keys (Compose)|{{checkmark.png}} yes|
|=C8: Prefer WKD-keys (Signature)|{{icon-error.png}} no|
|=C9: Can display basic trust (Compose)|{{checkmark.png}} yes|
|=C10: Can display basic trust (Signature)|{{checkmark.png}} yes|
|=C11: Displays basic trust for WKD-keys(Compose)|{{icon-error.png}} no|
|=C12: Displays basic trust for WKD-keys (Signature)|{{icon-error.png}} no|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|{{icon-error.png}} no|

===KMail

Tested version: 5.18.3

|=Criterion|=Fullfilled
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes|
|=C3: WKD-ready|{{icon-error.png}} no|
|=C4: Offered in compose area|{{checkmark.png}} yes|
|=C5: Offered in signature area|{{icon-error.png}} no|
|=C6: Automatic WKD (Compose)|{{checkmark.png}} yes|
|=C7: Prefer WKD-keys (Compose)|{{icon-error.png}} no|
|=C8: Prefer WKD-keys (Signature)|{{icon-error.png}} no|
|=C9: Can display basic trust (Compose)|{{checkmark.png}} yes|
|=C10: Can display basic trust (Signature)|{{checkmark.png}} yes|
|=C11: Displays basic trust for WKD-keys(Compose)|{{icon-error.png}} no|
|=C12: Displays basic trust for WKD-keys (Signature)|{{icon-error.png}} no|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|{{icon-error.png}} no|
+\\OpenPGP pubkeys fetched via WKD come with basic trust. See the explanations of the web key directory [[EasyGpg2016/PubkeyDistributionConcept|concept]] why.
-Line 126:
+Line 11:
-===Mailvelope
+* **C1 - Direct method:** The product allows fetching pubkeys by the direct method of WKD somehow.
* **C2 - Advanced method:** The product allows fetching pubkeys somehow, by the preferred, "advanced" method of WKD.
** Why? - Not all servers are able to offer the Direct method. Implementing both direct and advanced method means a higher chance that users get a key and can use encryption.
* **C3 - WKD-ready:** ´WKD can be used without any preparations after a clean installation
* **C4 - Offered in compose area:** WKD is offered in the area where users enter an email-address. To fulfill this criterion it's sufficient that there is a button to start a key lookup. It's not necessary that WKD will be executed automatically. But, users shouldn't have to open additional windows before they can start the lookup.
* **C5 - Automatic WKD (Compose):** The product uses WKD automatically when users enter an email-address in the area where they can compose an email. The users do not have to press a button to retrieve a key via WKD.
* **C6 - Prefer WKD-keys (Compose):** When the product has access to keys which were directly imported and don't contain any information about their trust and a WKD-key it should automatically use the WKD-key. This criterion applies to the area to compose an email.
* **C7 - Displays basic trust (Compose):** The product distinguishes between keys without any information about their trust and WKD-keys that have at least a basic trust. It displays this trust in the area to compose an email.
-Line 128:
+Line 20:
-Tested version: 4.4.1
-Line 130:
+Line 21:
-|=Criterion|=Fullfilled|=Comment
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes|Was added in 4.5.0
|=C3: WKD-ready|{{checkmark.png}} yes|
|=C4: Offered in compose area|{{checkmark.png}} yes|
|=C5: Offered in signature area|{{icon-error.png}} no|
|=C6: Automatic WKD (Compose)|{{checkmark.png}} yes|
|=C7: Prefer WKD-keys (Compose)|{{icon-error.png}} no|
|=C8: Prefer WKD-keys (Signature)|
|=C9: Can display basic trust (Compose)|{{icon-error.png}} no|
|=C10: Can display basic trust (Signature)|
|=C11: Displays basic trust for WKD-keys(Compose)|{{icon-error.png}} no|
|=C12: Displays basic trust for WKD-keys (Signature)|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|
+=== Advanced features to improve the usability
-Line 146:
+Line 23:
-===GpgOL (Outlook)
+On this page the basic aspects are explained that should be considered when building WKD into an email client. But there is [[/Advanced|more]] what you can do to improve the usability even further.
-Line 148:
+Line 25:
-Tested version: 2.5.1
+==Usability of different email clients
-Line 150:
+Line 27:
-|=Criterion|=Fullfilled|
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes|
|=C3: WKD-ready|
|=C4: Offered in compose area|{{checkmark.png}} yes|
|=C5: Offered in signature area|{{icon-error.png}} no|
|=C6: Automatic WKD (Compose)|{{checkmark.png}} yes|
|=C7: Prefer WKD-keys (Compose)|
|=C8: Prefer WKD-keys (Signature)|
|=C9: Can display basic trust (Compose)|{{icon-error.png}} no|
|=C10: Can display basic trust (Signature)|{{checkmark.png}} yes|
|=C11: Displays basic trust for WKD-keys(Compose)|{{icon-error.png}} no|
|=C12: Displays basic trust for WKD-keys (Signature)|{{checkmark.png}} yes|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|{{checkmark.png}} yes|

===Thunderbird

Tested version: 97.0a1

|=Criterion|=Fullfilled|
|=C1: Direct method|{{checkmark.png}} yes|
|=C2: Advanced method|{{checkmark.png}} yes
|=C3: WKD-ready|{{icon-error.png}} no|
|=C4: Offered in compose area|{{icon-error.png}} no|
|=C5: Offered in signature area|{{icon-error.png}} no|
|=C6: Automatic WKD (Compose)|{{icon-error.png}} no|
|=C7: Prefer WKD-keys (Compose)|{{icon-error.png}} no|
|=C8: Prefer WKD-keys (Signature)|{{icon-error.png}} no|
|=C9: Can display basic trust (Compose)|{{icon-error.png}} no|
|=C10: Can display basic trust (Signature)|{{icon-error.png}} no|
|=C11: Displays basic trust for WKD-keys(Compose)|{{icon-error.png}} no|
|=C12: Displays basic trust for WKD-keys (Signature)|{{icon-error.png}} no|
|=C13: Displays different levels of trust (Compose)|{{icon-error.png}} no|
|=C14: Displays different levels of trust (Signature)|{{icon-error.png}} no|
+Multiple email clients offer the feature WKD already. Some of them were [[WKD/UsabilityTests|tested]] to check how many of the criteria they fulfill.