Mike Helm wrote: > I will try that, but I predict it will fail if they use the same format. > > One of my colleagues has found a recent bug in bugzilla on this > https://bugzilla.mozilla.org/show_bug.cgi?id=399188 > and it appears that firefox is ignoring the mime type and > looking at the .spc extension, and then dropping into > Windows file management. This is not what it does on, say, XP, > where the same transaction works fine. I have not instrumented > XP to see if the same pkcs#7 package & mime type header get sent > by Thawte to this client (seems like a reasonable assumption, tho). > > My colleague was able to create a web page that would trick > the firefox browser on Vista into downloading & installing > the cert: he took the cert out, renamed the extension to some > junk, and then had the page send the proper pkcs7 headers down > along with the cert. Then firefox-on-vista loaded the cert > properly. If this is really the case on Vista than I rather suspect that the OS intercepts the file based on the extension...can this be? I'm not a Windows expert, much less Vista. So I expected the mime type to be application/x-x509-user-cert and that FF doesn't bother at all about the file extension. As a matter of fact the web page serving the certificate, can be called really anything....except maybe on Vista?
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
