About Firefox security. - Mozilla

This is a discussion on About Firefox security. - Mozilla ; Hello Guys, My name is Carlos Alberto… I’m working at the Bolsa de Valores (Stock Exchange, http://www.bmv.com.mx ) of México in some software that is going to be used for the non repudiation of the exchange instructions. My team has ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: About Firefox security.

  1. About Firefox security.


    Hello Guys,

    My name is Carlos Alberto… I’m working at the Bolsa de Valores (Stock
    Exchange, http://www.bmv.com.mx ) of México in some software that is going
    to be used for the non repudiation of the exchange instructions.

    My team has put some pressure under supporting Firefox in our portal. But
    this time that got us into a problem, it seems that the PKCS #7 signature is
    different from Firefox than from IE and we haven´t being able to detect how
    is it different (rather than the most obvious places) for us to tweak our
    process. We are trying to validate the signature using an OS library named
    BouncyCastle but we have not being able to do that to the date. We think
    that it could be some salt or maybe the encoding… but we can´t advance from
    where we are.

    Is there a way to simply emulate IE's signature... I'm pretty sure that the
    Firefox implementation is much better and that we are avoiding some other
    attack using this salt (I think is a Salt) but we are working with huge
    organizations that won´t easily change the way they are working... and that
    means we will need to use IE signature style.

    Do you happen to have some information about the differences from IE signed
    content and Firefox signed one? How to tweak firefox using javascript for
    that? Or any other information that could help us.

    Thank you very much, we really appreciate your help
    Carlos Alberto

    PD: I already tried to send this to 'dev-tech-crypto@lists.mozilla.org' but
    I got a cannot be reached error.


  2. Re: About Firefox security.

    Alberto Hernandez wrote:
    > Hello Guys,
    >
    > My name is Carlos Alberto… I’m working at the Bolsa de Valores (Stock
    > Exchange, http://www.bmv.com.mx ) of México in some software that is going
    > to be used for the non repudiation of the exchange instructions.
    >
    > My team has put some pressure under supporting Firefox in our portal. But
    > this time that got us into a problem, it seems that the PKCS #7 signature is
    > different from Firefox than from IE and we haven´t being able to detect how
    > is it different (rather than the most obvious places) for us to tweak our
    > process. We are trying to validate the signature using an OS library named
    > BouncyCastle but we have not being able to do that to the date. We think
    > that it could be some salt or maybe the encoding… but we can´t advance from
    > where we are.
    >
    > Is there a way to simply emulate IE's signature... I'm pretty sure that the
    > Firefox implementation is much better and that we are avoiding some other
    > attack using this salt (I think is a Salt) but we are working with huge
    > organizations that won´t easily change the way they are working... and that
    > means we will need to use IE signature style.
    >
    > Do you happen to have some information about the differences from IE signed
    > content and Firefox signed one? How to tweak firefox using javascript for
    > that? Or any other information that could help us.
    >
    > Thank you very much, we really appreciate your help
    > Carlos Alberto
    >
    > PD: I already tried to send this to 'dev-tech-crypto@lists.mozilla.org' but
    > I got a cannot be reached error.
    >


    You could try the mozilla.dev.tech.crypto newsgroup directly, on the
    news.mozilla.org server, port 119.

    Or through Google Groups:

    http://groups.google.com/group/mozil....crypto/topics

    --
    Alex K.

+ Reply to Thread