On Mon, 27 Oct 2003, Ken Murchison wrote:
> But given the number of protocol bugs that we have seen
> (and remain unfixed), I would question whether the specs are consulted
> regularly or interop testing is done with non-Microsoft products. There
> are plenty of ways that the SMTP GSSPI bug could have been avoided.
I have to agree with Ken on this point.
There are two more bugs which MS has long acknowledged, remain unfixed,
and continue to cause subtantial problems:
. OE does not exit an IDLE before the 30 minute server timeout
. SSPI's maximum SSL payload size is 5 bytes too small (this bug is
apparently fixed in Win2K, but remains unfixed in WinXP)
On top of that...:
It's reported that in addition to the GSSAPI mechanism in SMTP SASL, the
PLAIN is also broken in Exchange the same way. The server that I tested
it with only does PLAIN under TLS (good!) and I was using TELNET to test
the problem, so I couldn't observe it.
Larry, if you can do anything at all to light a fire under the butts of
the people who can get these problems fixed? Something about "even our
friends are beating us up in public over these, we really got to get these
fixes out the door." Thanks in advance for whatever you can do!!
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
