TCP window size is a byte (not packet) based option. The default setting is normally 4k, with 64k or higher in common usage. Values of 0 to 2**30 (2 to the 30th power) are legal with zero being interpreted as a congestion induced “back pressure” indication. In practice the window size should be adjusted based on the number of streams per session and congestion/delay.

There are two options as to the source of the problem:
1. To achieve the window size values above 64k requires negotiation of a scaling factor. Misnegotiation of the scaling factor is possible if there is some REALLY legacy/off brand customer premise equipment at Craig’s List or the equipment defaults are badly misconfigured. Misnegotiation of the scaling factor could cause the observed problem.

2. The other potential source of the problem is a site upgrade or site change as Craigs List. If level of competence of the system administrator of Craig’s list, who set up the server or some of the other customer premise equipment (routers/switches/firewalls), was too low to allow him to understand what he was doing when he set some of the default equipment parameters, problems would ensue. This is the “he actually set the window size to zero” scenario.

They were answered, Craig lies about this.

Don’t mean to sound tooo snarky, but if Craig’s email systems are even half as bad as his webhosting infrastructure, perhaps the email never made it to Authenium in the first place:)

1. why did it take so long?

It took a few days for Authentium to give Craig’s List the special treatment it demands, and Craig’s List is still sending out garbage.

2. why were my calls and emails unanswered?

They were answered, Craig lies about this.

3. how will this be fixed in the field?

How do you fix any end-to-end software bug in the field? You update all the affected computers, or you update Craig’s List’s computers. Craig is unwilling to fix his system, so the Authentium customers will have to update theirs; or quit using Craig’s List for hookups.

1. why did it take so long?

The technical issue caused by the conflict between Craigslist servers and the Authentium firewall is fully resolved, and was resolved back in March. The beta fix was made available to all customers at that time. It was made available through their support organizations to every subscriber requesting it. This is normal procedure for our beta software releases.

So is this new beta software being handed out to all new customers or is the flawed software still being shipped. Is there any method to advise customers that that they might want to run the beta? What does Cox recommend users run at this point—beta software or production software? Its not “fully resolved” until the end users are running working software
2. why were my calls and emails unanswered?

In terms of our responsiveness, Authentium reacted immediately upon hearing about the issue by calling Craig. Upon understanding the issue, we acted immediately to resolve it. We posted a fix within days of its emergence in February. The fix has been available ever since.

So why were the emails unaswered? It appears as if they were difficult to contact when the problem first arose, finally placed a phone call after this issue hit the press. Nothing in this response directly addresses Craig’s direct question.
3. how will this be fixed in the field?

Regarding release dates, this fix involved rewriting of a core system-level component. Our process for releasing these kind of components is very strict – the final version enters GA only after the completion of several cycles of QA testing on the next full version release of our security suite, and beta release testing. This practice is followed by most, if not all, system-level software developers.

Once again, absolutely nothing about how this fix will actually be rolled out. Will it be proactive, or will it just replace the sofware in the new user package and be suggested for any legacy users that complain?