Suggestions please for what POP or IMAP servers to use

[Ted Mittelstaedt]

> -----Original Message-----
> From: Frank Shute [mailto:frank at esperance-linux.co.uk]
> Sent: Wednesday, December 19, 2007 1:48 AM
> To: David Schwartz
> Cc: tedm at toybox.placo.com; FreeBSD Chat
> Subject: Re: Suggestions please for what POP or IMAP servers to use
>
>
> On Tue, Dec 18, 2007 at 11:07:46PM -0800, David Schwartz wrote:
> >
> >
> > > MS dumped a pile of money into development of IE7 because it gets a
> > > pile of money in return from the root certificate authorities.  Just
> > > like MS dumps a pile of money into development of operating systems
> > > because they get a pile of money in return from the PC companies
> > > that sell PC's with Windows preloaded.  All of this rubbish about
> > > MS positioning IE so they can "take over" the Internet (ie: html and
> > > browser standards) is a pile of nonsense, it is nothing more than
> > > smokescreen mostly from Microsoft, designed to keep customers from
> > > understanding how they -really- make money.
> >
> > > Ted
> >
> > This is getting really tiring. Do you have such much as a shred
> of evidence
> > to support this? Yes or no. If you have no evidence, go away.
> If you have
> > evidence, present it.
> >
>
> Just because there is no evidence for a conspiracy doesn't mean it's
> not real. As someone else pointed out, they believe OJ did it (as do I
> and many others) yet there is no (or little) evidence he did it.
>
> To support Ted's thesis, I'd point out that when the DOJ v MS came to
> court the browser war was moot, MS had already won. Yet the media
> concentrated on this aspect of the trial, but if you read Jacksons's
> findings of fact, it was the general anti-competitive behaviour of MS
> that Jackson dwelt on, not just browsers, which is why he recommended
> they be broken up.
>
> Why did the media report it like so? Because MS spin doctors were
> telling the journalists that this was what it was all about.
>
> Journalists are lazy, incompetent and technically inept, just like
> most people, and they couldn't be bothered to pick their way through
> the findings of fact and understand why MS was presenting this as
> "browser wars" rather than as their sustained anti-competitive,
> monopoly abusing behaviour.
>
> It wouldn't surprise me one iota if this smokescreen was to cover up
> their scamming millions from the root certificate authorities amongst
> many other abuses.
>

These days they do things a bit differently, but the money flow is
the same.  Partly to answer David but as folks are interested, here's
how it works.

As of Windows XP, MS ceased adding in new root certificates into the
certificate store they distributed with the web browsers.  The existing
roots, Verisign and the like, were undoubtedly scammed millions during
the height of the dot-com boom, -directly- from MS.

Today, the money still goes to Microsoft, but MS hides it a little
better.  What happens today is as follows:

1) A root certificate authority wants to
insert it's public key into Internet Explorer.  They submit the
key to Microsoft which distributes it to all the Windows Update
Servers.

2) When IE hits a SSL site with a certificate signed by the new
root, (or singned by an old root with a new certificate) if it
 lacks the root public key it silently contacts a
windows update server and checks if a key for that CA is available,
if so it downloads and installs it without informing the user.

This process is documented here:

http://www.microsoft.com/technet/archive/security/news/rootcert.mspx?mfr=tru
e

This is how Microsoft distributes root keys.  Now, the question is,
how does the root CA go about getting it's key into the Windows
Update Servers and what do they have to pay?  It turns out, quite
a bit.

ON that page, MS lists the requirements for the root CA.  Primary
among them is:

"...Engage a licensed auditor of the WebTrust for CAs program and
complete that process..."

3) WebTrust (http://www.webtrust.org/) is jointly developed by the
AICPA and the CICA as part of SysTrust.  You can get their standard
cheaply enough.  The rub is buried in the standard:

"...The entity's confidentiality and security performance is
periodically reviewed and compared with the defined confidentiality
and related security policies..."

In short, the world's Certificate Authorities must undergo audits
every 6 to 12 months by a provider that is certified under Webtrust
by the AICPA/CICA.  These are not cheap and pricing isn't easily
available - but I did find a comment in an old 2001 article that
stated they can run upwards of a quarter million dollars for a
large enterprise (like a CA) PER AUDIT.

Of course, that's money that is paid to the CPA firm doing the
audit - not directly to Microsoft - but, we aren't done with the
money chain yet.

4) AICPA defines CPA's that are experienced with doing WebTrust
audits as Certified Information Technology Professionals (CITP).
Where are these people?  It turns out that most of them are
working at firms that sell and install and integrate accounting
software solutions, which is about what you would expect.

5) Now, what is the most popular software package that these
accounting firms recommend to their clients?  Is it Navision?
Solomon?  Great Plains?  Well, as a matter of fact, yes.  All
those were acquired by Microsoft years ago and are now part of
what Microsoft calls "Microsoft Dynamics"

Microsoft Dynamics is today the most sold software package for
firms large enough to require an accounting firm to install it,
the same firms that Microsoft tells the root CA's that they must
be certified by, in order to install their root CA's into the
Windows Update servers.  It is no wonder that these accounting
CPA firms recommend Microsoft Dynamics to their clients.  They
aren't out there recommending Linux accounting packages.  They
are pushing Dynamics, and the constant stream of updates to it
from Microsoft.  In exchange for all that free business Microsoft
is more than happy to throw a bone to these firms by requiring
the root CAs to submit to their periodic audits.

Security - it's a family business.

Ted