Hi Gordon
On Wed, Sep 22, 2004 at 07:14:22PM -0500, Gordon Fecyk wrote:
[...a lot of awkward but true and correct things]
Thanks for your comments, you're absolutely correct here.
6) Oh yes, let's not forget that there will be a fellow who will say that He
Started It All and He Should Be Rich and He Will Sue Microsoft And SPFi for
Stealing His Ideas and that The IETF Is Corrupt.[2]
...
[2] As much as I respect you Hadmut, for your gall and knowledge and sheer
guts, blasting the IETF and raving like The Village Idiot throughout this
process earned you that paragraph. *I'M* supposed to be The Village
Idiot!
Thanks for at least mentioning.
Unfortunately, this point is correct as well. Except for the fact that
I didn't say I should be rich. I agree with you that I look like an
idiot, but I'd like to defend against that money argument. If I
wanted to earn money I wouldn't have published it the way I did. This
was supposed to be open and available for everyone as many of those
IETF publications.
You certainly don't know why I developed RMX. Let me elaborate the
two reasons:
The first and simple reason was, that at that time I was flooded with
thousands of bounce messages because some spammer used my domain
danisch.de to forge the sender address. Since I worked on
organizational e-mail security since the mid-nineties, it was just the
consequence to develeop RMX. The records that had formerly been held
in a local database were moved to DNS, the same way /etc/hosts was
made public years before. I wanted to get rid of bounce messages.
But the more important reason was completely different. Germany is
suffering from a dramatic rise of corruption since the early
nineties. I was a scientist at the European Institute for System
Security (E.I.S.S.) at the University of Karlsruhe and wrote a
dissertation about communication security in 1997, finished in
spring 1998. Unfortunately it became common at many germany
universities that an examiner demands money or other worthy services
for an examination or degree. This is completely unlawful and a crime
under german law, but it became reality. When I left the university
and took a job in industries, the examiner demanded that my employer
lets me work for him for about a year - for free, on the employer's
expense. When my employer and myself denied to pay that kind of
protection money, the university denied the examination. I complained
to the ministry and they were forced to examine. They then
rejected my dissertation with giving wrong technical opinions.
I have proven that the examiner's reports are technically wrong and
that one examiner didn't even read the dissertation. I was successful
and won a lawsuit.
Unfortunately, the university told me that they will keep me in an
endless loop: They'll give me one wrong opinion after another, and
whenever I succeed with a lawsuit, they'll just give me the next one
and let me start again.
How to escape from that loop? The german constitutional court had
stated in 1991, that you can't fail an examination (about your
profession) if your examination performance is "usable".
I have secured the network of a nuclear power plant based on my
dissertation, but needed to have a more obvious proof that my
dissertation is "usable". It describes how to design security
mechanisms. When I was flooded with bounce messages and when
my domain was heavily abused, I said that someone should do anything
against. - Wait a moment: I'm a security engineer myself and I just
wrote a dissertation about how to deal with security threads. If my
dissertation works, then it should be able to give a simple solution
for that problem. I dropped in the problem and it spitted out RMX.
I thought "Hey, this might be something which could convince a
court. Let's hope that the judges use e-mail and are themselves
annoyed by spam, so they will understand the problem and the solution"
That's why I wrote the first RMX draft. It was meant to be a proof of
concept of my dissertation for the court and the university. This was
not about money, this was just about the label "invented by Danisch"
to have something as that proof of concept. And yes, I feel bitterness
because of the way I was treated, the way RMX was plagiarized, and
when I am blamed for plagiarizing SPF as RMX (or even beeing blamed
for writing RMX at all, thus disturbing the development).
Now turning this into "the idiot who wants to be rich" is quite
nasty and evil.
My intention has never been to get any rich with that (although I
spent a lot of my private money even when I was unemployed and hoped
to get at least some compensation of my own expenses by those who
would save millions by getting rid of spam).
But my intention has neither been to pay the development of my own
expense that others earn money, make patents and marketing, save
millions of dollar.
And I admit that I am very disappointed, annoyed, and to some degree
filled with bitterness. And it was a long process to get there,
starting in spring 2003:
- From the very beginning of ASRG I have been personally attacked just
because of the idea to invent some kind of
authentication/authorization into e-mail.
- The ASRG group had been abused by its first chair to put himself
in front of the camera, suppressing any progress in technical
development, especially if it didn't meet his personal marketing
plans.
- I was chased away from ASRG, and then called back to help in
development (to the ASRG-RMX-List) just to learn that I was supposed
to do the work while others gave interviews to the press telling
that they did all that stuff.
- I was attacked from the so called "open source community" who blamed
me for not doing proper marketing. It would be my own fault if that
idea was relabled and reauthored.
Sorry, but that doesn't meet my idea of open source protocol
development. At least I learned that there are pickpockets
both at the cathedral and the bazaar.
- I then was attacked in the way that RMX was bullshit because it
required a new DNS RR type and that for this reason SPF was
superior. Lateron I saw that SPF was said to be even more superior
because it now would get a new RR type.
Ironically, neither RMX nor SPF do depend on having or not having a
new RR type. That's just a minor implementation detail, but only few
people had the engineering and security skills to know that.
- I also was told that RMX is bad design because it verified the
envelope sender (of course, it was designed to also stop those
bounce messages).
I was told that other methods are better because they do not
verify the envelope sender (and thus do not stop those bounce
messages). And when Microsoft came with their patent, it was
proposed to verify the MAIL FROM. Hooray.
Beyond the fact of authorship, invention, and naming, this all caused
a delay of development of about a year. Without that SPF/MARID circus
it would have become an RFC about a year ago. First make an RFC and
then the marketing hype would have been the better approach. The time
delay was what allowed Microsoft to get the patent foot in the door.
From my (idiot's) point of view, it was exactly the way the ASRG and
MARID groups were chaired and the way the marketing was done which
caused the confusion and the delay which finally defeated it all.
This could never work and it was obvious from the early days.
If you leave me the choice between those two roles, between those who
crashed that whole thing by incompetence, commercial attitude, and
abusive propaganda, and that idiot who was raving and not agreeing
with all that, well, I do not feel too uncomfortable with that idiot's
role. I'm happy with the fact that I did not agree with that all.
Maybe you know a little bit about european history. In the dark middle
age, a long time before the USA existed, it was common at the king's
courts to have a person known as the joker, fool, idiot. He was
wearing funny clothes and not respected, everyone was laughing
at hime.
Actually, everyone had to dance around the golden calw, had to bow and
to lie to please the king. This "Hoffnarr" (joker/fool/idiot) was the
only one who told the truth and didn't have to bow or to lie. He was
the only one who could sit or stand in presence of the king. While
wrapped in funny clothes and playing the idiot, he actually was one of
the most important and most sapient advisor of the king.
And, btw, the word "idiot" comes from ancient greek and just means
"a private person". I'd like to emphasize that in contrast to most of
those who defeated MARID, I was indeed here as a private person,
speaking for myself and not bound to commerical interests. So in that
ancient greek sense of the word "idiot", I do attach importance to
the fact that I am suche a private person. This ist much more honest.
I hope that those who delayed and caused that all will get happy with
the amounts of spam in their mailbox.
regards
Hadmut (the village idiot)
PS: After the university I was working for Xlink, first german
internet provider, which became KPNQwest, which was hosting Strato, a
major domain provider. We were hosting millions of domains, their web
servers and mail relays. Unfortunatley, KPNQwest went bankrupt in
2002. If KPNQwest would have survived, I would have had the perfect
experimental platform and could have invented RMX with some millions
of domains just by a finger snip. SPF, CallerID and SenderID would
never have existed if KPNQwest hadn't gone bankrupt.