| Both sides previous revision Previous revision Next revision | Previous revision |
| public:papers:rsa2018 [2018-01-05 12:14] – xukrop | public:papers:rsa2018 [2023-08-12 21:08] (current) – [Research artifacts (supplementary material)] xukrop |
|---|
| <TEXT size="large"> | <TEXT size="large"> |
| |
| \_{{fa>user}}\_\_//Authors:// Martin Ukrop and Vashek Matyas | \_{{fa>user}}\_\_//Authors:// [[:publications:authors:martin-ukrop|Martin Ukrop]] and [[:publications:authors:vashek-matyas|Vashek Matyas]] |
| |
| {{fa>user-circle-o}}\_//Primary contact:// Martin Ukrop %%<%%<mukrop@mail.muni.cz>%%>%% | {{fa>user-circle-o}}\_//Primary contact:// Martin Ukrop %%<%%<mukrop@mail.muni.cz>%%>%% |
| |
| {{fa>bullhorn}}\_//Conference:// [[https://www.rsaconference.com/events/us18|RSA Cryptographers' Track 2018]] | {{fa>bullhorn}}\_//Conference:// [[https://www.rsaconference.com/events/us18|RSA Cryptographers' Track 2018]] |
| | |
| | \_{{fa>id-badge}}\_\_//DOI:// [[https://doi.org/10.1007/978-3-319-76953-0_3|10.1007/978-3-319-76953-0_3]] |
| </TEXT> | </TEXT> |
| </col> | </col> |
| <button type="warning" icon="fa fa-file-pdf-o">[[https://crocs.fi.muni.cz/_media/publications/pdf/2018-rsa-ukrop.pdf|Pre-print PDF]]</button> | <button type="warning" icon="fa fa-file-pdf-o">[[https://crocs.fi.muni.cz/_media/publications/pdf/2018-rsa-ukrop.pdf|Pre-print PDF]]</button> |
| \_ | \_ |
| <popover trigger="focus" title="Not yet available" content="Presentation will be added in April 2018."> | <button type="primary" icon="fa fa-database">[[#research_artifacts_supplementary_material|Artifacts]]</button> |
| <button icon="fa fa-file-image-o">Presentation</button> | \_ |
| </popover> | /* <popover trigger="focus" title="Not yet available" content="Presentation will be added in April 2018."> */ |
| | <button icon="fa fa-file-image-o">[[https://crocs.fi.muni.cz/_media/publications/pdf/2018-rsa-ukrop_presentation.pdf|Presentation]]</button> |
| | /* </popover> */ |
| | \_ |
| <button collapse="bibtex" icon="fa fa-file-code-o">BiBTeX</button> | <button collapse="bibtex" icon="fa fa-file-code-o">BiBTeX</button> |
| </TEXT> | </TEXT> |
| |
| <collapse id="bibtex" collapsed="true"> | <collapse id="bibtex" collapsed="true"> |
| @InBook{2018-rsa-ukrop, | @InProceedings{2018-rsa-ukrop, |
| Author = {Martin Ukrop and Vashek Matyas}, | Author = {Martin Ukrop and Vashek Matyas}, |
| Title = {Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability}, | Title = {Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability}, |
| BookTitle = {Topics in Cryptology -- CT-RSA 2018: The Cryptographers' Track at the RSA Conference 2018, San Francisco, CA, USA, February 16--20, 2018, Proceedings}, | BookTitle = {Topics in Cryptology -- CT-RSA 2018: The Cryptographers' Track at the RSA Conference 2018}, |
| HowPublished = {Forthcoming}, | |
| Year = {2018}, | Year = {2018}, |
| Publisher = {Springer International Publishing}, | Publisher = {Springer International Publishing}, |
| | Pages = {45--64}, |
| | DOI = {10.1007/978-3-319-76953-0_3}, |
| } | } |
| </collapse> | </collapse> |
| </panel> | </panel> |
| |
| ===== Supplementary material ===== | ===== Several interesting bits... ===== |
| | |
| | The usability of OpenSSL interface turned out to be... not so great (no real surprise there). But there are some interesting bits and pieces. To name just a few: |
| | |
| | * 87% participants thought they successfully issued a self-signed certificate, but only 45% did. |
| | * 42% created a certificate with "Internet Widgits Pty Ltd." in an organization field. |
| | * 26% of created certificates were old version 1. |
| | * 73% participants used Stack Overflow solutions, 40% used the knowledge base of University of Wisconsin-Madison. |
| | * 28% people tried to open the manual page with 'man openssl verify' (which is incorrect). |
| | * Only 9% people adjusted the commands after copy-pasting them from the tutorial. |
| | |
| | For explanation and further details on there (and other) numbers, see the paper text. |
| | |
| | ===== Talk at DevConf 2018 ===== |
| | |
| | {{ youtube>s8JdVKxgSuI?900x520 |Martin Ukrop: Can developers use OpenSSL?}} |
| | |
| | ===== Research artifacts (supplementary material) ===== |
| | |
| | The supplementary material to this paper contains of: |
| |
| * {{fa>file-pdf-o}} [[https://drive.google.com/file/d/1ydIowJk4MoQLD6xMU_Tq8CSQUh6S0gQB/view|Informed consent]] participants had to sign (experiment design approved by Research Ethics Committee of Masaryk University) | * Informed consent participants had to sign (experiment design approved by Research Ethics Committee of Masaryk University) |
| * {{fa>file-pdf-o}} [[https://drive.google.com/file/d/1cfdJfWrdiknO_s_qmWfP5NJ7iAXBwFk7/view?usp=sharing|General questionnaire]] & {{fa>file-pdf-o}} [[https://drive.google.com/file/d/1PqRrswxCqlefg3QuOogxlWzKaVgTyZOc/view|System usability scale questionnaire]] | * General questionnaire & System usability scale questionnaire |
| * {{fa>file-pdf-o}} [[https://drive.google.com/file/d/1aQQZvUV2iIEN-ggPgtuqiUzAbEyuAEd3/view|User tasks]] & {{fa>file-code-o}} [[https://drive.google.com/drive/folders/18EFaHOTVV0NoXdGlytK54rR6T26YylD9|certificates to validate]] | * User tasks & certificates to validate |
| * Issues changed based on this research: | * Issues changed based on this research: |
| * Adding missing OpenSSL online documentation redirects {{fa>github}} ([[https://github.com/openssl/web/issues/24#issuecomment-353961715|github issue]]) | * Adding missing OpenSSL online documentation redirects {{fa>github}} ([[https://github.com/openssl/web/issues/24#issuecomment-353961715|github issue]]) |
| * Alternative names for OpenSSL manual pages {{fa>github}} ([[https://github.com/openssl/openssl/issues/4548|github issue]]) | * Alternative names for OpenSSL manual pages {{fa>github}} ([[https://github.com/openssl/openssl/issues/4548|github issue]]) |
| |
| | <button type="primary" icon="fa fa-fw fa-database">[[https://zenodo.org/record/8241987|Artifacts (Zenodo)]]</button> |