Sign in with
Sign up | Sign in
Your question

Pocket PC MVP PLEASE HELP!

Last response: in Cell Phones & Smartphones
Share
December 21, 2004 12:27:53 PM

Archived from groups: microsoft.public.pocketpc (More info?)

Please see the thread Pocket PC Messaging Certificate. There are now two
people in this newsgroup that think that there is a problem with Messaging's
handling of Certificates.

Thanks

DS

More about : pocket mvp

Anonymous
December 21, 2004 12:27:54 PM

Archived from groups: microsoft.public.pocketpc (More info?)

insufficient data Capt' especially if you really work for MS and are
concerned about misinformation.

Beverly Howard [MS MVP-Mobile Devices]
December 21, 2004 3:24:20 PM

Archived from groups: microsoft.public.pocketpc (More info?)

Here is the problem: Is this enough information?

Pocket PC 2003 SE MESSAGING application is apparently not checking
certificates correctly. I do not know of one person that has gotten this to
work correctly.

When I connect with Messaging to a SSL site that has a verified Certificate,
Messaging comes back with the error "Certificate is invalid do you wish to
continue?". I have verified the certificates and the root certificates.
The root certificates are on the device. I can access the same URL on
Pocket IE as is in the Messaging Servers section and verify the certificate.
Windows XP IE and Outlook 2003 also approve of the certificate, however
Pocket Messaging does not.

If I select Yes for continue, I never get the error again. However I am
concerned about someone spoofing the certificate and performing a "Man in
the Middle" attack. With Messaging giving me a "Certificate not valid"
error, I am concerned that someone could spoof the certificate and I would
never know.

I have personally tried this on two different SSL sites, and I know others
that have tried their devices on several others. Everyone gets the same
message "Certificate is invalid".

My device is a Dell Axim X30 64mb Ram, and the 640mhz processor. Purchased
with Windows Mobile 2003 but updated to WM 2003se.

DS




"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
message news:%23PzNMLw5EHA.3756@TK2MSFTNGP14.phx.gbl...
> insufficient data Capt' especially if you really work for MS and are
> concerned about misinformation.
>
> Beverly Howard [MS MVP-Mobile Devices]
Related resources
Anonymous
December 21, 2004 3:24:21 PM

Archived from groups: microsoft.public.pocketpc (More info?)

Wow, thats a *good* bug report ;-))

On Tue, 21 Dec 2004 12:24:20 +0800, "DS" <JohnDoe@Microsoft.com>
wrote:

>Here is the problem: Is this enough information?
>
>Pocket PC 2003 SE MESSAGING application is apparently not checking
>certificates correctly. I do not know of one person that has gotten this to
>work correctly.
>
>When I connect with Messaging to a SSL site that has a verified Certificate,
>Messaging comes back with the error "Certificate is invalid do you wish to
>continue?". I have verified the certificates and the root certificates.
>The root certificates are on the device. I can access the same URL on
>Pocket IE as is in the Messaging Servers section and verify the certificate.
>Windows XP IE and Outlook 2003 also approve of the certificate, however
>Pocket Messaging does not.
>
>If I select Yes for continue, I never get the error again. However I am
>concerned about someone spoofing the certificate and performing a "Man in
>the Middle" attack. With Messaging giving me a "Certificate not valid"
>error, I am concerned that someone could spoof the certificate and I would
>never know.
>
>I have personally tried this on two different SSL sites, and I know others
>that have tried their devices on several others. Everyone gets the same
>message "Certificate is invalid".
>
>My device is a Dell Axim X30 64mb Ram, and the 640mhz processor. Purchased
>with Windows Mobile 2003 but updated to WM 2003se.
>
>DS
>
>
>
>
>"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
>message news:%23PzNMLw5EHA.3756@TK2MSFTNGP14.phx.gbl...
>> insufficient data Capt' especially if you really work for MS and are
>> concerned about misinformation.
>>
>> Beverly Howard [MS MVP-Mobile Devices]
>
December 22, 2004 2:40:14 AM

Archived from groups: microsoft.public.pocketpc (More info?)

Does this mean it will be submitted to MS?

Do things like this get fixed quickly, or ssslllooowwwlllyyyyy??

Thanks!

DS


"Neil Smith [MVP Digital Media]" <neil@nospam.com> wrote in message
news:if1gs0peqjm1bfiqkcou1vka19i9kcal56@4ax.com...
> Wow, thats a *good* bug report ;-))
>
> On Tue, 21 Dec 2004 12:24:20 +0800, "DS" <JohnDoe@Microsoft.com>
> wrote:
>
>>Here is the problem: Is this enough information?
>>
>>Pocket PC 2003 SE MESSAGING application is apparently not checking
>>certificates correctly. I do not know of one person that has gotten this
>>to
>>work correctly.
>>
>>When I connect with Messaging to a SSL site that has a verified
>>Certificate,
>>Messaging comes back with the error "Certificate is invalid do you wish to
>>continue?". I have verified the certificates and the root certificates.
>>The root certificates are on the device. I can access the same URL on
>>Pocket IE as is in the Messaging Servers section and verify the
>>certificate.
>>Windows XP IE and Outlook 2003 also approve of the certificate, however
>>Pocket Messaging does not.
>>
>>If I select Yes for continue, I never get the error again. However I am
>>concerned about someone spoofing the certificate and performing a "Man in
>>the Middle" attack. With Messaging giving me a "Certificate not valid"
>>error, I am concerned that someone could spoof the certificate and I would
>>never know.
>>
>>I have personally tried this on two different SSL sites, and I know others
>>that have tried their devices on several others. Everyone gets the same
>>message "Certificate is invalid".
>>
>>My device is a Dell Axim X30 64mb Ram, and the 640mhz processor.
>>Purchased
>>with Windows Mobile 2003 but updated to WM 2003se.
>>
>>DS
>>
>>
>>
>>
>>"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
>>message news:%23PzNMLw5EHA.3756@TK2MSFTNGP14.phx.gbl...
>>> insufficient data Capt' especially if you really work for MS and are
>>> concerned about misinformation.
>>>
>>> Beverly Howard [MS MVP-Mobile Devices]
>>
>
Anonymous
December 22, 2004 2:40:15 AM

Archived from groups: microsoft.public.pocketpc (More info?)

Oh, probably slooooooow. But at least you've got the right idea.

Many posters say "it doesn't work" without saying what, under what
circumstances and on what kit. Leaving everybody to guess ;-)

Cheers & Happy Solstice - Neil

On Tue, 21 Dec 2004 23:40:14 +0800, "DS" <JohnDoe@Microsoft.com>
wrote:

>Does this mean it will be submitted to MS?
>
>Do things like this get fixed quickly, or ssslllooowwwlllyyyyy??
>
>Thanks!
>
>DS
>
>
>"Neil Smith [MVP Digital Media]" <neil@nospam.com> wrote in message
>news:if1gs0peqjm1bfiqkcou1vka19i9kcal56@4ax.com...
>> Wow, thats a *good* bug report ;-))
>>
>> On Tue, 21 Dec 2004 12:24:20 +0800, "DS" <JohnDoe@Microsoft.com>
>> wrote:
>>
>>>Here is the problem: Is this enough information?
>>>
>>>Pocket PC 2003 SE MESSAGING application is apparently not checking
>>>certificates correctly. I do not know of one person that has gotten this
>>>to
>>>work correctly.
>>>
>>>When I connect with Messaging to a SSL site that has a verified
>>>Certificate,
>>>Messaging comes back with the error "Certificate is invalid do you wish to
>>>continue?". I have verified the certificates and the root certificates.
>>>The root certificates are on the device. I can access the same URL on
>>>Pocket IE as is in the Messaging Servers section and verify the
>>>certificate.
>>>Windows XP IE and Outlook 2003 also approve of the certificate, however
>>>Pocket Messaging does not.
>>>
>>>If I select Yes for continue, I never get the error again. However I am
>>>concerned about someone spoofing the certificate and performing a "Man in
>>>the Middle" attack. With Messaging giving me a "Certificate not valid"
>>>error, I am concerned that someone could spoof the certificate and I would
>>>never know.
>>>
>>>I have personally tried this on two different SSL sites, and I know others
>>>that have tried their devices on several others. Everyone gets the same
>>>message "Certificate is invalid".
>>>
>>>My device is a Dell Axim X30 64mb Ram, and the 640mhz processor.
>>>Purchased
>>>with Windows Mobile 2003 but updated to WM 2003se.
>>>
>>>DS
>>>
>>>
>>>
>>>
>>>"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
>>>message news:%23PzNMLw5EHA.3756@TK2MSFTNGP14.phx.gbl...
>>>> insufficient data Capt' especially if you really work for MS and are
>>>> concerned about misinformation.
>>>>
>>>> Beverly Howard [MS MVP-Mobile Devices]
>>>
>>
>
Anonymous
December 22, 2004 2:40:16 AM

Archived from groups: microsoft.public.pocketpc (More info?)

Neil Smith [MVP Digital Media] wrote:
> Oh, probably slooooooow. But at least you've got the right idea.
>
> Many posters say "it doesn't work" without saying what, under what
> circumstances and on what kit. Leaving everybody to guess ;-)
>
> Cheers & Happy Solstice - Neil
>

Out of curiosity.. what is the communication protocol between the
discussions on this newsgroup, relevant people at Microsoft, and the MVPs?

Does your response imply that you've specifically submitted his bug
report through official channels?

Also, is there any visibility into the list of known issues or way to
refer to them? I posted regarding an issue with dialup networking over
bluetooth earlier (even after upgrading to the 3000 build), and want to
make sure that the specific issue and details are being tracked..

Happy Holidays!
Anonymous
December 22, 2004 2:40:17 AM

Archived from groups: microsoft.public.pocketpc (More info?)

On Tue, 21 Dec 2004 11:15:49 -0500, Adam Herscher <ahersche@umich.edu>
wrote:

>
>> Cheers & Happy Solstice - Neil
>>
>
>Out of curiosity.. what is the communication protocol between the
>discussions on this newsgroup, relevant people at Microsoft, and the MVPs?

Well sometimes we can get to speak to somebody who knows somebody who
..... (etc) which might eventually result in a bug fix. Other times
it's like pulling teeth ;-)

I guess it's considered that the MVPs have reached the best possible
resolution avaialable to them with detailed product knowledge, and so
if we forward something FAO MS then there's probably a good reason.

>Does your response imply that you've specifically submitted his bug

Not me, sorry, I was just appreciating your reply. I'm a digital media
MVP so I sometimes interact a little with the product teams for
windows media, but not really the PPC ones. I just hang out here cause
I have one so sometimes people ask about digital media on the PPC.

Bev or Alan are the people to ask I guess.

Cheers - Neil
Anonymous
December 22, 2004 2:40:18 AM

Archived from groups: microsoft.public.pocketpc (More info?)

>> Bev or Alan are the people to ask I guess. <<

Not me... imho, MVP's have very little impact on MS compared to the
impact of the general public.

What additional impact we have is primarily because we are "in the face"
of a few MS employees but have only a slightly elevated visibility, and,
it's a reality that the more "senior" MVP's have to walk a narrow line
in their continuous efforts to get MS to address serious user issues
without "wearing out our welcome" as far as MS is concerned. We _are_
the face of your complaints.

MVP's are simply MS' recognition that we have been around long enough to
know a few more of the bit's an pieces and are able to help solve
problems more than most, plus we endure the punishment of doing so much
longer than most humans.

It's more likely that MS sees MVP's as their link to the users rather
than the other way around, so, it ends up that we're just caught in the
middle ;-)

imho, the core problem with mobile devices is that the end users are not
MS' customers, rather the OEM's are because they pay MS the $$$... so...
with important issues like this one, in addition to posting and
highlighting them here, hammer the OEM who produced your ppc's... if
they get enough grief about important problems, they are gonna call MS
and the amount of $$$ on the table is incentive for MS to respond.

Final note... the above is only _my personal view_ of the realities of
the MVP program, the MVP community and, in no way reflects the opinions
and feelings of other MVP's or the Microsoft MVP program.

Beverly Howard [MS MVP-Mobile Devices]
Anonymous
December 22, 2004 2:40:19 AM

Archived from groups: microsoft.public.pocketpc (More info?)

Beverly Howard [Ms-MVP/MobileDev] wrote:

> It's more likely that MS sees MVP's as their link to the users rather
> than the other way around, so, it ends up that we're just caught in the
> middle ;-)

Gotcha.

> imho, the core problem with mobile devices is that the end users are not
> MS' customers, rather the OEM's are because they pay MS the $$$... so...
> with important issues like this one, in addition to posting and
> highlighting them here, hammer the OEM who produced your ppc's... if
> they get enough grief about important problems, they are gonna call MS
> and the amount of $$$ on the table is incentive for MS to respond.

I see where you're coming from, though I believe the MS<>OEM<>Customer
model is a bit oversimplified. There is some direct relationship
between Microsoft and the customer. My phone shipped with a Windows
Mobile CD and license, just like my Dell desktop. My today screen has
Microsoft branding all over it. If Microsoft wants to reap the benefits
of the branding and customer loyalty to the OS, they need to address the
needs of the customer, not just the OEM (and don't get me wrong, I'm by
no means suggesting that they aren't doing so).

I don't believe the MS<>OEM<>Customer model is sustainable beyond the
OEM providing hardware and very basic software support (like PC OEMs
do). Imagine if you had to rely on each PC OEM to provide their own
Windows Update service. What happens when people start writing worms
that exploit vulnerabilities in Pocket Internet Explorer?

Suggesting that users call their cell phone company (my OEM is T-Mobile)
and file a bug report for Pocket Outlook through them reminds me of
those tv commercials telling people to call their cable operators today
or chain letters urging people to write their congressmen. It wouldn't
work well for bug reports where Microsoft would lose the relevant
information as it got tallied as a tick mark/vote for a feature and
would also lose the ability to communicate directly with the person
experiencing the problem (this is especially troublesome in the case of
a security vulnerability being discovered).

2 cents. :-)

- Adam
Anonymous
December 22, 2004 2:40:20 AM

Archived from groups: microsoft.public.pocketpc (More info?)

>> My phone shipped with a Windows Mobile CD and license, just like my
Dell desktop. <<

If you check most documentation on "bundled" MS software, there is
normally an strong statement that for tech support the user should
contact the OEM and _not_ MS... Part of the OS licensing agreement is
for the OEM to agree to providing support for MS products.

The only way (in addition to funding and maintaining this forum) MS will
provide direct tech support for WMobile is their paid support option
which is costly.

With respect to the service providers, that may or may not be an option,
but most of the phones are branded with the OEM's name (Samsung, HP,
etc) which do provide OS tech support options.

HTH,
Beverly Howard [MS MVP-Mobile Devices]
December 23, 2004 1:58:11 AM

Archived from groups: microsoft.public.pocketpc (More info?)

*Sigh* So can I assume that this microsoft bug with microsoft messaging on
microsoft mobile 2003se is not going to be fixed by microsoft? But should
be sent for Dell, who have but a few people in India that can answer a phone
with an english sounding name and tell me to hard reset the device?
*Sigh*....



"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
message news:o LzlwV85EHA.3596@TK2MSFTNGP12.phx.gbl...
> >> My phone shipped with a Windows Mobile CD and license, just like my
> Dell desktop. <<
>
> If you check most documentation on "bundled" MS software, there is
> normally an strong statement that for tech support the user should contact
> the OEM and _not_ MS... Part of the OS licensing agreement is for the OEM
> to agree to providing support for MS products.
>
> The only way (in addition to funding and maintaining this forum) MS will
> provide direct tech support for WMobile is their paid support option which
> is costly.
>
> With respect to the service providers, that may or may not be an option,
> but most of the phones are branded with the OEM's name (Samsung, HP, etc)
> which do provide OS tech support options.
>
> HTH,
> Beverly Howard [MS MVP-Mobile Devices]
Anonymous
December 23, 2004 1:58:12 AM

Archived from groups: microsoft.public.pocketpc (More info?)

>> *Sigh* So can I assume that this microsoft bug with microsoft
messaging on
microsoft mobile 2003se is not going to be fixed by microsoft? But should
be sent for Dell, who have but a few people in India that can answer a
phone
with an english sounding name and tell me to hard reset the device?
*Sigh*.... <<

Boy... you have the current "state of the user" pretty well pegged ;-)

We all have hope, otherwise, I wouldn't be here. Now that this thread
has peaked, will submit to the contacts that are available at MS and
will hope that you will do the same with dell. Unfortunately, my
experience with getting info to and feedback from dell has not been
good, not nearly as good as with MS ;-/

Suggestion... don't call, but log onto the dell support forums and find
the pocketpc section and post the detailed information there... it get's
more exposure and it's also likely that you will gain support from other
dell users there to escalate it within dell... remember, that
escalation will not be visible.

Good luck and wish the MS report the same.

Beverly Howard [MS MVP-Mobile Devices]
Anonymous
December 23, 2004 1:58:12 AM

Archived from groups: microsoft.public.pocketpc (More info?)

DS,

Please send me valid contact information (replace nospam with the "at"
sign) as I will refer ms directly to you _if_ they elect to respond...
i.e. don't hold your breath while waiting.

Beverly Howard [MS MVP-Mobile Devices]
Anonymous
December 30, 2004 1:02:58 PM

Archived from groups: microsoft.public.pocketpc (More info?)

"Adam Herscher" <ahersche@umich.edu> wrote in message
news:o GNcpw65EHA.2568@TK2MSFTNGP11.phx.gbl...
>
> I see where you're coming from, though I believe the MS<>OEM<>Customer
> model is a bit oversimplified. There is some direct relationship between
> Microsoft and the customer. My phone shipped with a Windows Mobile CD and
> license, just like my Dell desktop. My today screen has Microsoft
> branding all over it. If Microsoft wants to reap the benefits of the
> branding and customer loyalty to the OS, they need to address the needs of
> the customer, not just the OEM (and don't get me wrong, I'm by no means
> suggesting that they aren't doing so).
>

Good point Adam.

MS<>OEM<>Customer applies to Pocket PC. Pocket PC Phone Edition or
Smartphone users have yet another link in this chain, making it more like
MS<>OEM<>Mobile operator<>User.

The problem here is that we know Mobile Operators are not very savvy in
terms of computing and help desk assistance to anything more sophisticated
than a standard mobile phone :( 

Although Bev explanation is a good one, I'd add that there's a mechanism
that allows MVP to inform Microsoft of anything that is really out of the
usual. But again, the deployment of anything that results of this reporting
is still dependant on the OEM doing its work.

Also, some software is not supplied by Microsoft. For example, the Bluetooth
stack in some Pocket PC... Microsoft provides one, but some OEM prefer to
use some other companie's software (which is better in my opinion). So, if
something doesn't work well (like the BT problems with some h6315 and i-mate
PDA2k models) then we're very out of luck - until the OEM feels the
pressure. Again the model is "I have a h6365 from T-Mobile, I'll complain to
them, that will most likely tell me to reset my Pocket PC, and only complain
to HP if a thousand users complain of the same thing, that will only do
something if the product is not at the end of the line or being replaced
soon..."

PS Note I'm not saying the product in this example is at the end of the
line...

--
Mauricio Freitas, Microsoft MVP Mobile Devices
Bluetooth guides: http://www.geekzone.co.nz/content.asp?contentid=449
Geekzone Software Store: http://www.geekzone.co.nz/store
Our RSS feeds give you up to date information on new software as soon as
they're available: http://www.geekzone.co.nz/content.asp?contentid=3344
!