|
Size: 9325
Comment: changed use case
|
Size: 9746
Comment: edited use cases
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 18: | Line 18: |
| It is necessary to define use cases, so it is easier to speak about where to implement a WKD call. These use cases were written by using Cockburns template [1]. | It is necessary to define use cases, so it is easier to speak about how to implement the WKD-standard. These use cases were written by using Cockburns template [1]. |
| Line 20: | Line 20: |
| **Goal**: Write and send an encrypted email\\ | **Goal**: Another person receives the confidential message.\\ |
| Line 22: | Line 22: |
| *An email-client was installed *A key-pair was created |
*An email-client, which uses the OpenPGP-standard, was installed *The person, who wants to write the email, does not have the pubkey of the receiver yet *The receiver did create a pubkey and made it available on a WKD server |
| Line 30: | Line 31: |
| *The receiver cannot decrypt the encrypted email | |
| Line 32: | Line 34: |
| **Trigger**: A person wants to write an encrypted message to another person\\ | **Trigger**: A person wants to write a confidential message to another person in a way that no other person can read its contents.\\ |
| Line 40: | Line 42: |
| #Person checks, if the email really can be encrypted, before she/he tries to send it | #Person checks, if the email really can be encrypted, before trying to send it |
| Line 43: | Line 45: |
| #Person checks, if the email will be signed | |
| Line 45: | Line 46: |
| ====Use Case #2: Validate the signature of an encrypted email **Goal**: Check, if the signature really belongs to the sender of a received encrypted email\\ |
====Use Case #2: Validate the signature of an email **Goal**: A person wants to check, if an email really belongs to the sender of that email\\ |
| Line 48: | Line 49: |
| *An email-client was installed *A key-pair was created |
*An email-client, which uses the OpenPGP-standard, was installed *The person, who sent the email, created a pubkey and made it available on a WKD-server |
| Line 51: | Line 52: |
| *The person, who wants to check the signature, does not have the pubkey of the sender yet |
IncreaseWKDUsage2021 bachelor thesis
Christoph Klassen is writing his bachelor thesis (at Intevation) about how usage of WKD can be furthered. Bernhard Reiter does the mentoring, see gnupg-devel@ for discussion and for contacting Christoph or Bernhard.
Started at 2021-10
Goal
WKD is easy to implement and brings the advantage of good usability. Because of that it is desirable to spread it and increase its usage. The question is how to do that and which is the best way. More concrete: Which measures fit best to spread the WKD standard. This measures are taken from the area of software engineering and include documentation, testing and implementation. They will be applied to different products that are Free Software.
Difficulty
It is necessary to evaluate the success of different measures to tell which one was the most effective one. It is not possible to track users while using their products, because one main promise of the products is to protect users privacy. So there have to be other ways to measure the success. One idea is to log the WKD calls on a server, which has much traffic. Please contact Bernhard or Christoph when you have these possibilities or know someone who could do this service. It would be very helpful!
This idea would help to evaluate the success of all measures overall. Additionally, it would be of great value, if there would be a way to differentiate between the measures. Maybe the statistics could show a correlation between measures and increase of WKD calls.
Use Cases
It is necessary to define use cases, so it is easier to speak about how to implement the WKD-standard. These use cases were written by using Cockburns template [1].
Use Case #1: Write an encrypted email
Goal: Another person receives the confidential message.
Precondition:
- An email-client, which uses the OpenPGP-standard, was installed
- The person, who wants to write the email, does not have the pubkey of the receiver yet
- The receiver did create a pubkey and made it available on a WKD server
- The pubkey of the receiver needs to be fetched automatically
Success: An encrypted email was sent
Failure:
- An unencrypted email was sent
- No email was sent
- The receiver cannot decrypt the encrypted email
Actors: A random person
Trigger: A person wants to write a confidential message to another person in a way that no other person can read its contents.
Description:
- Person opens the email-client
- Person opens the window to compose an email
- Person enters address, subject and message
- Person sends the email
Extensions:
- Person checks, if the email really can be encrypted, before trying to send it
- Person checks, if the pubkey is trustworthy
- Person checks, how trustworthy the pubkey is
Use Case #2: Validate the signature of an email
Goal: A person wants to check, if an email really belongs to the sender of that email
Precondition:
- An email-client, which uses the OpenPGP-standard, was installed
- The person, who sent the email, created a pubkey and made it available on a WKD-server
- The pubkey of the sender needs to be fetched automatically
- The person, who wants to check the signature, does not have the pubkey of the sender yet
Success: The signature of the encrypted email could be checked
Failure: The signature of the encrypted email could not be checked
Actors: A random person
Trigger: A person receives an encrypted email and wants to check its signature
Description:
- Person opens the email-client
- Person opens received email
- Person sees if the signature of the encrypted email is valid
Extensions:
- Person checks, if the pubkey, which was used to encrypt the received email, is trustworthy
- Person checks, how trustworthy the pubkey is, which was used to encrypt the received email
Criterions to evaluate the state of products (Draft)
To evaluate how far the progress of different products in terms of WKD is, the questions in the list below will be answered. If the answer is positive a product gets the amount of points that is shown in brackets. The maximal possible amount of points is 12.
- Are the maintainers familiar with WKD?/ Did the maintainers hear about WKD? (1)
- Are the maintainers convinced of WKD? (1)
- Is WKD implemented already (2)
- If not: Is it planned to implement WKD? (1)
- Is it documented that WKD is used in the product (Is it mentioned in release notes or user documentation, so the users can find out, if the product offers WKD? Maybe the products offers it, but users don't know it yet. If WKD is mentioned somewhere, at least they could ask how to use it)? (1)
- Is WKD enabled by default? (4)
- If not:
- Is it documented how to enable WKD? (1)
- Can users enable WKD in 3-4 steps (e.g. 1. Go to settings - 2. Open section "Privacy"or something similar - 3. Toggle some UI element)? (2)
- If not: Can users enable WKD somehow? (1)
- If not:
- Is WKD used automatically? (1)
- Is WKD used when composing emails? (1)
- Is WKD used when reading emails? (1)
Another way to evaluate products is to do a heuristic evaluation. Jakob Nielson created ten different heuristics to examine the usability of products. On [2] is a recent article, where he summarizes the heuristics. The essence of these heuristics is that users want to be able to predict the softwares behavior and to have the feeling of control about the software. Therefore it is necessary that the application gives users enough information to know, what is going on. On the other hand users shouldn't be overwhelmed with to much information or too many choices and UI elements. It is also important that a software is consistent in itself and with other applications, which the users also use, so they can re-use their experience.
State of products and progress
Here it will be described what state different products had at the beginning of the work and what measures were taken to increase the usage of WKD.
Mailvelope
Previous state (analyzed version 4.4.1)
- Does use WKD
- The implementation is not up-to-date since it doesn't contain the advanced method
- There is an issue for the advanced method on Github: https://github.com/mailvelope/mailvelope/issues/774
Measures
- As part of this work a branch was created to implement the advanced method: https://github.com/c8k/mailvelope
Claws Mail
Previous state (analyzed version 3.18.0)
- Integrated WKD since version 3.18.0 / 4.0.0
- How to get a key via WKD:
- At the right side of an opened email is a toolbar with a button that contains a key icon (see Screenshot attachment:wkd_claws_mail.png
- A click on it opens a window where the key of the belonging email address can be fetched (via key server or WKD)
Measures
- Request: In the compose window users can right-click on an email address to open a context menu, where they can e.g. add this address to their address book. To give users the possibility to retrieve keys of email addresses, from which they didn't receive an email yet, it was requested to implement another action to do just that. Optionally, this action could be shown only, if the user enabled a privacy system.
- Request: Automatically enable a privacy system as soon as an user adds one, when loading a plugin.
FairEmail/ K9Mail
Previous state
- Use OpenKeyChain to retrieve keys via WKD and encrypt emails
- It is necessary to open OpenKeyChain to retrieve keys. This step is not possible in the GUI of the products
FairEmail
Previous state (analyzed version 1.1776)
Measures
- Requested an easier way to open the OpenKeyChain app, so users can open it from FairEmail and don't have to go to the settings of the phone to start the OpenKeyChain app there.
- Reported a bug: When an encrypted mail was recieved and that mail was decrypted with FairEmail, a message appeared saying, that the mail isn't signed. But when the mail is decrypted there is an icon left of the lock icon and after a tap on it, a message appears, which tells that the signature is valid. So the first message seems to be incorrect.
- was fixed in a newer version
- Recommended to edit the UI in the compose window. There are three icons. Two of them can be interacted with and one not, but all of them have the same style (no borders, no background, same color etc.). To be more consistent it was suggested to remove the icon without function or to adjust the style of the icons, so that the one, which can't be interacted with, has a different style.
- the icons got different colors in a newer version
K9Mail
Previous state (analyzed version 5.806)
coming soon
Sources
[1] H. Balzert, Lehrbuch der Softwaretechnik: Basiskonzepte und Requirements Engineering, 3. Edition, Spektrum Akademischer Verlag Heidelberg: 2009
[2] J. Nielsen, 10 Usability Heuristics for User Interface Design, https://www.nngroup.com/articles/ten-usability-heuristics/