foaf+ssl in Mozilla's Fennec works!
By bblfish on Sep 30, 2009
At yesterday's Bar Camp in La Cantine I discovered that Mozilla's Fennec browser for mobile phones can be run on OSX (download 1.0 alpha 1 here). So I tried it out immediately to see how much of the foaf+ssl login would work with it. The answer is all of it, with just a few easy to fix user experience issues. I really am looking forward to trying the Nokia N810 Internet Tablet for real.
Anyway here are quick snapshots of the user experience.
Getting a certificate
First of all the best news is that the <keygen> tag, now documented in html5 works in Fennec. This means that one can get a client certificate in one click without going through the complex dance I described in "howto get a foaf+ssl certificate to your iPhone".
This is how easy it can be. Go to foaf.me.
After filling out the form, you can create yourself an account on foaf.me:
To make your WebId useful all you need to do is click on the "Claim account with SSL certificate" button -- which could certainly be phrased better -- on the account creation successful page:
Once clicked, your browser will start calculating a new public private key pair, send the public key to the server which will turn it into a certificate, and send that back to your browser, which will then add it to they keychain! All you will see of this whole transaction is:
The Fennec message here is a bit misleading: you should not in fact need to keep a backup copy of your certificate. Foaf+ssl certificates are very cheap to produce. And without a link to the keychain from the popup, most users won't know what is being talked about, or how to keep a backup. Also on a cell phone they may well wonder where to put the backup anyway. So in this case it is wrong, and not that helpful. Much better would be to have a popup say: "Your certificate has been installed. Would you like to see it?" Or something like that. Most people won't care.
Using the certificate
You can then test the foaf+ssl certificate on any number of sites. The foaf.me site has a login button for example that when clicked will get the browser to ask the user to choose a certificate. And, this is where the User Interface choices made by the Mozilla team are just simply embarrassing. Not unusable, but just really bad.
No user ever cares about these details! It is confusing. Do you think users have issues with URLs? Well what do you think they are going to make of the old outdated Distinguished Names?
Just compare this with the User Experience on the iPhone
Still this user interface issue should be really easy to fix, as it is just a question of making things simpler, ie. of reducing the complexity of their code. And clearly on a cell phone that should be a priority.
Another issue I can see on the Fennec demo browser, is that I could not find a way to remove the certificates.... That would be quite an important functionality too.
But in any case using foaf+ssl on Fennec is the easiest of all cell phone browsers to use currently - and one of the rare ones, if not the only one, that works correctly! So kudos for that! Fennec and the Nokia N810 is the place to look for what a secure life without passwords, without user names, and a global distributed social network can look like on a mobile platform.