ietf-mxcomp
[Top] [All Lists]

The Village Idiot's point of view (Re: The Crystal Ball Says...)

2004-09-23 04:00:16



Hi Gordon

On Wed, Sep 22, 2004 at 07:14:22PM -0500, Gordon Fecyk wrote:
[...a lot of awkward but true and correct things]

Thanks for your comments, you're absolutely correct here.



6) Oh yes, let's not forget that there will be a fellow who will say that He
Started It All and He Should Be Rich and He Will Sue Microsoft And SPFi for
Stealing His Ideas and that The IETF Is Corrupt.[2]

...
[2] As much as I respect you Hadmut, for your gall and knowledge and sheer
guts, blasting the IETF and raving like The Village Idiot throughout this
process earned you that paragraph.  *I'M* supposed to be The Village
Idiot!


Thanks for at least mentioning. 

Unfortunately, this point is correct as well. Except for the fact that
I didn't say I should be rich. I agree with you that I look like an
idiot, but I'd like to defend against that money argument.  If I
wanted to earn money I wouldn't have published it the way I did. This
was supposed to be open and available for everyone as many of those
IETF publications.


You certainly don't know why I developed RMX. Let me elaborate the
two reasons:

The first and simple reason was, that at that time I was flooded with 
thousands of bounce messages because some spammer used my domain 
danisch.de to forge the sender address. Since I worked on
organizational e-mail security since the mid-nineties, it was just the
consequence to develeop RMX. The records that had formerly been held
in a local database were moved to DNS, the same way /etc/hosts was
made public years before. I wanted to get rid of bounce messages.


But the more important reason was completely different. Germany is
suffering from a dramatic rise of corruption since the early
nineties. I was a scientist at the European Institute for System
Security (E.I.S.S.) at the University of Karlsruhe and wrote a
dissertation about communication security in 1997, finished in 
spring 1998. Unfortunately it became common at many germany
universities that an examiner demands money or other worthy services
for an examination or degree. This is completely unlawful and a crime
under german law, but it became reality. When I left the university
and took a job in industries, the examiner demanded that my employer
lets me work for him for about a year - for free, on the employer's
expense. When my employer and myself denied to pay that kind of 
protection money, the university denied the examination. I complained
to the ministry and they were forced to examine. They then 
rejected my dissertation with giving wrong technical opinions. 
I have proven that the examiner's reports are technically wrong and
that one examiner didn't even read the dissertation. I was successful
and won a lawsuit. 

Unfortunately, the university told me that they will keep me in an
endless loop: They'll give me one wrong opinion after another, and
whenever I succeed with a lawsuit, they'll just give me the next one
and let me start again.

How to escape from that loop? The german constitutional court had
stated in 1991, that you can't fail an examination (about your
profession) if your examination performance is "usable". 

I have secured the network of a nuclear power plant based on my
dissertation, but needed to have a more obvious proof that my
dissertation is "usable". It describes how to design security
mechanisms. When I was flooded with bounce messages and when 
my domain was heavily abused, I said that someone should do anything
against. - Wait a moment: I'm a security engineer myself and I just 
wrote a dissertation about how to deal with security threads. If my 
dissertation works, then it should be able to give a simple solution 
for that problem. I dropped in the problem and it spitted out RMX. 
I thought "Hey, this might be something which could convince a
court. Let's hope that the judges use e-mail and are themselves 
annoyed by spam, so they will understand the problem and the solution"

That's why I wrote the first RMX draft. It was meant to be a proof of 
concept of my dissertation for the court and the university. This was
not about money, this was just about the label "invented by Danisch" 
to have something as that proof of concept. And yes, I feel bitterness
because of the way I was treated, the way RMX was plagiarized, and
when I am blamed for plagiarizing SPF as RMX (or even beeing blamed
for writing RMX at all, thus disturbing the development).

Now turning this into "the idiot who wants to be rich" is quite
nasty and evil.


My intention has never been to get any rich with that (although I 
spent a lot of my private money even when I was unemployed and hoped
to get at least some compensation of my own expenses by those who
would save millions by getting rid of spam).

But my intention has neither been to pay the development of my own 
expense that others earn money, make patents and marketing, save 
millions of dollar.


And I admit that I am very disappointed, annoyed, and to some degree
filled with bitterness. And it was a long process to get there,
starting in spring 2003:

- From the very beginning of ASRG I have been personally attacked just
  because of the idea to invent some kind of
  authentication/authorization into e-mail.

- The ASRG group had been abused by its first chair to put himself 
  in front of the camera, suppressing any progress in technical 
  development, especially if it didn't meet his personal marketing 
  plans.

- I was chased away from ASRG, and then called back to help in 
  development (to the ASRG-RMX-List) just to learn that I was supposed
  to do the work while others gave interviews to the press telling
  that they did all that stuff.


- I was attacked from the so called "open source community" who blamed
  me for not doing proper marketing. It would be my own fault if that
  idea was relabled and reauthored. 

  Sorry, but that doesn't meet my idea of open source protocol
  development. At least I learned that there are pickpockets 
  both at the cathedral and the bazaar. 


- I then was attacked in the way that RMX was bullshit because it 
  required a new DNS RR type and that for this reason SPF was
  superior. Lateron I saw that SPF was said to be even more superior
  because it now would get a new RR type.

  Ironically, neither RMX nor SPF do depend on having or not having a
  new RR type. That's just a minor implementation detail, but only few
  people had the engineering and security skills to know that. 


- I also was told that RMX is bad design because it verified the 
  envelope sender (of course, it was designed to also stop those
  bounce messages).

  I was told that other methods are better because they do not 
  verify the envelope sender (and thus do not stop those bounce
  messages). And when Microsoft came with their patent, it was
  proposed to verify the MAIL FROM. Hooray. 



Beyond the fact of authorship, invention, and naming, this all caused
a delay of development of about a year. Without that SPF/MARID circus 
it would have become an RFC about a year ago. First make an RFC and
then the marketing hype would have been the better approach. The time
delay was what allowed Microsoft to get the patent foot in the door. 


From my (idiot's) point of view, it was exactly the way the ASRG and 
MARID groups were chaired and the way the marketing was done which
caused the confusion and the delay which finally defeated it all. 
This could never work and it was obvious from the early days. 


If you leave me the choice between those two roles, between those who 
crashed that whole thing by incompetence, commercial attitude, and 
abusive propaganda, and that idiot who was raving and not agreeing
with all that, well, I do not feel too uncomfortable with that idiot's
role. I'm happy with the fact that I did not agree with that all. 


Maybe you know a little bit about european history. In the dark middle
age, a long time before the USA existed, it was common at the king's
courts to have a person known as the joker, fool, idiot. He was
wearing funny clothes and not respected, everyone was laughing 
at hime.

Actually, everyone had to dance around the golden calw, had to bow and
to lie to please the king. This "Hoffnarr" (joker/fool/idiot) was the
only one who told the truth and didn't have to bow or to lie. He was
the only one who could sit or stand in presence of the king. While
wrapped in funny clothes and playing the idiot, he actually was one of
the most important and most sapient advisor of the king.

And, btw, the word "idiot" comes from ancient greek and just means 
"a private person". I'd like to emphasize that in contrast to most of
those who defeated MARID, I was indeed here as a private person,
speaking for myself and not bound to commerical interests. So in that
ancient greek sense of the word "idiot",  I do attach importance to
the fact that I am suche a private person. This ist much more honest.


I hope that those who delayed and caused that all will get happy with
the amounts of spam in their mailbox.


regards
Hadmut (the village idiot)

PS: After the university I was working for Xlink, first german
internet provider, which became KPNQwest, which was hosting Strato, a
major domain provider. We were hosting millions of domains, their web
servers and mail relays. Unfortunatley, KPNQwest went bankrupt in
2002. If KPNQwest would have survived, I would have had the perfect
experimental platform and could have invented RMX with some millions
of domains just by a finger snip. SPF, CallerID and SenderID would
never have existed if KPNQwest hadn't gone bankrupt.












  







<Prev in Thread] Current Thread [Next in Thread>
  • The Crystal Ball Says..., Gordon Fecyk
    • The Village Idiot's point of view (Re: The Crystal Ball Says...), Hadmut Danisch <=