Mandatory numeric examples in crypto-RFCs?
Hi, I am currently debugging some ISAKMP problems and thus using RFCs like 2085, 2412, etc. about cryptographic algorithms and data formats. Such RFCs are sometimes a little bit ambiguous or difficult to read since details are spread around the paper. When implementing such algorithms or data parsers, you don't know whether the implementation is correct without a test case, e.g. feeding in some examples and check whether the result is what is expected. I'd therefore propose that every RFC dealing with crypto algorithms or data formats has to have a mandatory appendix section with examples to be used as a test case. (Every I-Draft should have.) E.g. when describing key agreements precise examples of the random numbers and secrets, byte sequences of example messages, and the results (signatures, keys,...) should be given allowing to do a simple check of any implementation to see, whether the implementation works in principle, and does not have such common bugs like wrong padding, byte order problems etc. regards Hadmut ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: The rights of email senders and IETF rough consensus
Hi, On Sat, Dec 17, 2005 at 01:21:15PM -0600, wayne wrote: Hallam-Baker, In this context whining on about the wishes of the Hallam-Baker, sender is pointless. The entire point is that the Hallam-Baker, sender has no rights in this matter. ... This has to be about rights because the only way for the Internet to work is to understand that there are owners of machines, networks and domains. Without signed contracts, those who are not owners have no rights to tell these owners how to run their systems. Sorry, guys, but that's incorrect. You're putting the discussion on a wrong assumption. There are several countries were the sender has or can have rights by law or constitution. The sender's rights are not constituted by contracts only. E.g. in several countries suppressing e-mail can be considered as a crime under certain circumstances. E.g. in Germany illegal suppression of e-mail can be sentenced with up to five years of prision. There are also some special rules in business-to-business communication. regards Hadmut ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
How security could benefit from high volume spam
How security could benefit from high volume spam The parliament of the European Union today has passed a law that electronical call detail records, such as phone numbers, e-mail addresses, web accesses of all 450 million EU citizens are to be recorded and stored for 6 to 24 months. So everyone will be subject of complete surveillance of telecommunication. No place to hide. The given reasons are the need to investigate and prosecute terrorism and severe crime. But there is no evidence that this law actually has this effect, and that it is worth to sacrifice democracy and civil rights. Our constitution protects the right to communicate confidentially, for all citizens, and especially for lawyers, journalists, priests, etc. So terrorists finally begin to succeed in destructing our european, modern, democratic, and free way of life and civil rights. It is ridiculous that the modern world has not been attacked by a large army, but by just about 30-40 people with knives and a few bombs. The attack is not the primary attack itself. The main attack is to provocate overextended counter measures. Technically spoken, a denial-of-civil-rights-attack. And the EU proved to be vulnerable to this kind of attack. A patch is not available yet. Another threat to privacy and civil rights is the intellectual property industry. We have seen Sony attacking and sabotaging private computers, revealing private data, taking secretly control over people's communication and working equipment. We have seen a mother of five been sued into bankruptcy in the USA just for listening to music. This is perverse. We currently see governments considering to outlaw open source software or any kind of data processing or communication device without a digital rights management. There are good reasons to assume, that the European Union's collection of all telecommunication details will be abused to allow the intellectual property industry to completely track every communication. Just having received any e-mail from someone who had illegally downloaded music could be enough to have your home searched, your computer confiscated, and find yourself sued or prosecuted. The art and science of communication security will have to realign and focus on new goals. When designing telecommunication protocols we have to take much more care about what communication could reveal about the communication parties and the contents. It is not enough to just put some kind of simple encryption on a message body. We need to protect against traffic analysis, in particular the one without democratic legitimation. What does that mean? When designing a protocol we should take more care than we did to describe its vulnerability for and resistance against traffic analysis. Not just whether the contents are encrypted, but what an eavesdropper can tell about the communicating parties. We need to incorporate techniques like oblivious transfer and traffic hiding. An important component of such protection methods is noise. Plenty of noise. Something to hide in, to cover, to overload recording of call details. We should think about and research how to produce noise. We already have some noise. Its called spam. Some of you might know that I am one of the early days fighters against spam. I tried to eliminate as much spam as possible. But now, there could be a positive aspect about spam, virus mails, and other mass mails. Maybe it could become an advantage to receive a million mails per day from any senders. Maybe that is what is needed to hide my personal e-mails. Maybe that's the answer I have to give when someone blames me to have received e-mail from the wrong person: I have no idea what you are talking about. I received about 150,000 virus and spam e-mails that day from arbitrary addresses, and didn't read a single one of them. I have just deleted them. When designing measures against spam, we should take this into consideration. Maybe in near future the advantages of that noise produced by millions of bots will outweigh the disadvantages? Comments are welcome. Hadmut Danisch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: How security could benefit from high volume spam
On Wed, Dec 14, 2005 at 04:46:42PM +0100, Frank Ellermann wrote: The best way to hide a signal is noise, is that's your idea ? Makes sense from my POV. Not necessarily the _best_ way, but one that works under many circumstances. Some questions are: How do we deal with the total surveillance? Do anti-spam measures make surveillance easier? regards Hadmut ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Cautionary tale: Paris pickpockets
On Wed, Aug 10, 2005 at 12:55:42PM -0700, Dave Crocker wrote: when my wallet was lifted, 2 months ago in the Paris metro, it was in my front left pocket. much more difficult is simply not correct. I am not that experienced in that kind of security business. Book reference: Bambi Vincent and Bob Arno Travel Advisory! How to Avoid Thefts, Cons, and Street Scams While Travelling Bonus Books, Chicago Hadmut ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Cautionary tale: Paris pickpockets
Two years ago during the IETF in San Francisco I was walking close to the venue, waiting at a traffic light, when I realized that I something gently touched my back, and at the same time the back pocket where I had my wallet in. I immediately turned around and tried to look as angry as possible. A guy was standing behind me, smiling friendly as if he was asking 'Hey, what's wrong with you?'. I was not sure, whether he tried to steal my wallet or just had touched me accidently, so I didn't say anything to blame him, but he saw, that I was suspecting him. We somehow got into a small conversation, talking about this and that, where to dine, how to get a cheap overseas flight, this and that, and I tried to not be rude or impolite while not revealing any information about where I stay, who I am or what I own, taking care not to be touched in any way. After about 10 minutes of conversation he said he'd like me, and therefore he'd give me a good advice. He said he was a professional pickpocket, and even if he was really surprised that I had realized being touched and had flipped around instantly, he said I'd be crazy to have my wallet in the backpocket and urged me to put it somewhere inside my jacket because that would be much more difficult to get. Said this, jumped to the other side of the street, and vanished in the crowd. (I then immediately checked my belongings, nothing missed.) Some years ago I was on a sight-seeing trip to Vienna, and the tour guide urgently asked as to be aware of pickpockets at any time. At the local police they get the same complaints every hour: For reasons they don't understand, women always feel secure in the women's restrooms. The just put their purse anywhere, don't take much care, and then it's gone. At the police station they are upset how this could happen, how a man could make his way into the women's restrooms. The police has to explain again and again, that they also have female pickpockets, and that restrooms are not a holy area. But for some reasons most traveller always presume pickpockets to be nasty men. And for IETF travellers: A good place to become a thief's victim are the restrooms in airports and hotels. When you are in the booth and just, eh, busy, your pants down, then - especially with american style booths - it is pretty easy to grap your bag or purse standing on the floor from under the booth's walls, exactly at the time you're indisposed and temporarily not in the shape to immediately hunt the thief. regards Hadmut ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Multicast / DVMRP not used anymore?
Hi, I was just surprised by the fact that the mrouted package was removed from Debian Linux, because mbone / DVMRP (Distance Vector Multicast Routing Protocol) would not be used in Internet anymore. I guess I've missed anything. Has multicast IP been abandoned or obsoleted? Can anyone give me a hint about where and why this has happened? What about the IETF broadcasts? Are they still delivered over multicast? regards Hadmut ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: A new technique to anti spam
On Sat, Oct 23, 2004 at 07:18:57PM +0800, test wrote: The advantages of the new technique: 1.As a receiver,you first judges the useful of the email by simple information(email-pointer:subject,from,to and etc).if is,you can refuse it to forbid download the body of the email(reducing the Internet flux) This is not an advantage over existing SMTP. Case 1: If you can judge by the given simple information (basically the mail header), then you could simply discard/tag the message after reception or even abort the connection after transmission of the header. (Violation of SMTP, but spam is an excuse). So there is not advantage over SMTP. Also no advantage from user's point of view. If you can tell from sender/subject that it is spam, than you won't read it. Just a bandwidth matter. Case 2: If you can't judge, then you need to fetch the message anyway. Again, no advantage. This is also a legal problem: What is the transmission time? Imagine you have to fulfill a contract by sending something by email. When did you fulfill? when the receiver starts to fetch? How long would you have to keep your server online? A day? A week? A month? The proposal is not new, and has been discussed on ASRG about more than a year ago. You furthermore run into several problems: When will the server be allowed to delete the message? After a download? What if the message is aliased to several recipients? How would the sender tell how many downloads it will take for all recipients to get the message? What if the recipient never downloads? What if the diskspace of the server is exhausted? It is also a security problem: You need to protect the server against faked fetches. E.g. if a message is forwarded or bounce to someone else, the new recipient could delete the message from the server. BTW, it is not correct to assume that all people use pop3 to fetch messages. How should someone fetch emails when not online? (e.g. I do use UUCP). And, ironically, it makes spammer's life even easier: Your proposal makes sending email much more complicated for those who deliver normal mail. But for those who do mass mailing and are sending the same message a million times, your proposal saves a huge amount of bandwidth, because they need to transmit the header only and to keep just a single message available for download for those who read the message. So it just reduces the bandwidth needed for spamming. That's not exactly what an anti-spam-system can be expected to do. regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
NSA Crypto Museum?
Hi, will anyone be visiting the NSA crypto museum? regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
On Tue, Oct 05, 2004 at 04:06:18AM -0400, Eric S. Raymond wrote: When Meng Weng Wong was thinking about how to evangelize SPF, his first instinct was to bypass IETF and go straight to the open-source MTA developers -- I had to lobby hard to persuade him to go through the RFC process, and now I wonder if I was right to do that. The IETF is a problem, but not the worst one. The worst thing in that dirty game was that some were evangelizing and lobbying hard. Wasn't it you who partizipated in the SPF marketing show at MIT? Wasn't it you who blamed me for not doing proper marketing? Security is about engineering, but not evangelizing, lobbying, or marketing. This is what poisoned the whole process, and the IETF is who allowed the process to be poisoned. While I agree that the IETF made awful mistakes and spoiled MARID, I do consider your critics as malicious, because it is exactly that what you praise what finally caused all that trouble. Without SPF and Meng's personality show and all that marketing, evangelizing and lobbying, IETF could have finished the work and defined an RFC about half a year ago, before M$ could have applied for a patent. And FYI, Meng did not go straigt to the open-source MTA developers. He went to the evil cathedral, not to the bazaar. Don't tell tales here. You'd better not persuaded him. Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Re: Shuffle those deck chairs!
On Tue, Oct 05, 2004 at 01:20:33PM -0400, [EMAIL PROTECTED] wrote: Did M$ scan IETF for patent ideas? When was this first written, if you have doc with date, you can challenge/share the patent. Thanks for the hint. M$ was scanning the ASRG-RMX mailing list in fall 2003, because they replied to one of my postings. So they were aware of RMX long time before they applied for a patent (the even mention RMX in both patents). regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Academics locked out by tight visa controls
See: http://www.mercurynews.com/mld/mercurynews/9710963.htm?template=contentModules/printstory.jsp1c regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: IETF 62 (was: Re: first steps)
On Fri, Sep 17, 2004 at 09:23:40AM +0100, Tim Chown wrote: With the impending visa/biometrics/etc mess for the US, having more of the IETFs elsewhere would reduce the travel burden. Maybe Canada? I'd really appreciate that. AFAIK the US require taking fingerprints even from europeans starting at Oct 1. So IETF60 was the last IETF I could attend without having my fingerprints taken. I feel everything but comfortable with that way to treat people. Currently IETF is held at east- and west-coast. Why not change this into south/north? Canada in Summertime, Mexiko in Wintertime. regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: How IETF treats contributors
Dean, On Mon, Aug 30, 2004 at 04:43:57PM -0400, Dean Anderson wrote: That said, it is a reprehensible shame that you are not being given credit for your work in SPF and RMX. Thanks for that. We demonstrated that RMX did not solve the problem it set out to solve. I do not remember that anyone did demonstrate that. On the contrary, RMX solved a major problem in contrast to the current SenderID proposal. Many people, including myself, do receive significant more false bounce messages and spam complaints than spam messages, because spammers abuse my e-mail address or domain. Therefore RMX was designed to verify the envelope sender and it does that job. In contrast, SenderID does not solve that problem. Guess why. No doubt, the MARID group chairs do not want to appear to simply re-hash RMX under a different name. In order to avoid that, they have to pretend it wasn't written by you. This might be true. Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: How IETF treats contributors
[ Sorry, but I couldn't resists to give a nasty side comment: Vernon Shryver was one of the persons who most unobjectively and maliciously attacked RMX and any other proposal against Spam. He was displeased because his own invention has major flaws, and that I showed in the RMX draft that his proposal can and is abused for censoring e-mail traffic. His posting appears to me as if he took the opportunity for revenge. I'll nevertheless reply to correct some of his misleading and wrong statements. ] First, my name is Danisch, not Danish. On Tue, Aug 31, 2004 at 08:40:44AM -0600, Vernon Schryver wrote: - None of the versions of Mr. Danish's proposal that I've seen credited Mr. Vixie's document or some others than preceded Mr. Danish's work. I think that was due to ignornance and disinterest instead of malice, but it does reduce Mr. Danish's standing to more credit than he already receives. This is pure nonsense. The same kind of defamation he already used on the early asrg mailing list. I did not cite or credit anyone else because at the time I wrote RMX I did not know of anyone else's work in this field. RMX is in no way derived from or based on anyone else's work. If anyone has any doubt about this, I can show that I was working on organizational security, especially in context of e-mail, that RMX is just the logical continuation of my former work and that I had very good reasons to design RMX the way it is. How should I have cited or credited someone else's work without knowing it? And why? In contrast, SPF and CallerID were provably based on RMX, the authors were familiar with RMX, and the first version of SPF was explicetely announced to cover RMX. - Mr. Danish's proposal was always an obvious non-starter for various reasons, including the requirement for defining new DNS RR types before it could be deployed or even tested. RMX is not the requirement for defining the new DNS RR type. This was just the proposal how to implement it. That's the illogical point of the story: SPF was derived from RMX by simply omitting the invention of a new DNS RR type. This didn't change the idea of RMX, just changed the way to implement it a little bit. And the same time certain people claimed that SPF is 'new' and that RMX is wrong because it required a new DNS RR type. Typical way of intentional misinformation. - It is ironic or something that few people who are openly concerned about credit for their work have enviable reputations. They tend to be inventors of such as IPv8. ??? Does anyone have a clue what this is about? Hadmut Danisch ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: How IETF treats contributors
On Mon, Aug 30, 2004 at 09:51:54AM -0700, Ted Hardie wrote: It was cited as an input draft to the MARID working group, and it was recommended for publication as an Experimental RFC with the other input drafts that came out of the ASRG process. Thanks for that information. I didn't know that. The former ASRG co-chair who asked me to submit RMX as an exp RFC is not co-chair anymore. I asked the MARID chairs whether they know about the current state of the submission. I understood the answer in the way that RMX will not be published as an RFC anymore. In other words, the IETF took you up on your offer to consider the draft seriously and to use it as input into the evolving standard in this area. I highly appreciate that. Thanks. It is just that I didn't know that and that this doesn't match the MARID chairs statements. regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: YATS? Re: T-shirts, and some suggestions for future ietf meetings
I, btw, just checked in at the Usenix Security Symposium and received a very nice, durable, and usable, but still not too expensive bag with a Usenix logo printed on. That's much better than any T-Shirt. regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: T-shirts, and some suggestions for future ietf meetings
On Fri, Aug 06, 2004 at 01:00:09AM -0400, Tony Hansen wrote: I know, this isn't the most important issue in the world. But, I want to say that I miss the IETF meeting T-shirts. As confirmed by Harald at tonight's plenary, the T-shirts are normally paid for by the sponsor. And since we don't have a sponsor here, there was no T-shirt. Why always T-Shirts? Everyone gives T-Shirts. I have tons of T-Shirts from conventions and conferences. Why not anything different at every meeting? Socks, ties, caps, jumpers, blousons, jackets, sunglasses, swimsuits, undies... After attending IETF meetings for 2-3 years you've got a complete IETF outfit. :-) Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Jabber at ietf60
On Mon, Aug 02, 2004 at 11:37:55PM +0100, Tim Chown wrote: Sure, e.g. On Mon, Aug 02, 2004 at 09:32:30AM -0700, [EMAIL PROTECTED] wrote: Are folks using it? Does this server allow to register an account? Or which server should I use to do so? regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Defining Internet services/service levels?
OK, there was some discussion about different levels of Internet services and categories. So should the IETF publish a definition? regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: What exactly is an internet (service) provider?
On Sun, Jun 20, 2004 at 09:52:51AM -0700, Ole Jacobsen wrote: Much as I understand the moral outrage that NATs cause in some people's mind, NATs are still a reality AND they (usually anyway) provide connectivity to the Internet. Have you tried using a hotelroom Ethernet port or a WiFi network recently? I can't remember the last time I was assigned something that looked like a real routable IP address, but as a consumer of paid-for Internet service (that works) is there any reason (apart from religion) that I should care?? That's currently a consequence of the shortage of IP addresses. With IPv4 not every hotel or restaurant can have a Class-C address range. Unfortunately, this shortage doesn't make people ask for IPv6, but makes them getting used to have such NATs, and even more, it appears to be an advantage, because it gives kind of protection to unprotected windows machines. Internet is becoming decadent. However, such a service might be sufficient as long as you just poll your e-mail or visit the web from your hotel room. Would you be happy with it at home? What if you need an open port? What if you want to receive multicast packages? What if you want to contact someone else who also has a NAT provider? What if you want to receive instant messages, e-mail notifications, peer-to-peer services? With such providers Internet is not anymore what it used and was supposed to be. Internet means (at least in my opinion) that in principle every node can comunicate with every other node. Clients behind NAT can't communicate with other such clients. Internet is split into clients and servers, where clients can communicate with servers only. No peer to peer anymore. Do we consider this as internet? Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: What exactly is an internet (service) provider?
On Sun, Jun 20, 2004 at 02:23:51PM -0700, Ole Jacobsen wrote: We can certainly have an argument about what is a reasonable price, but if I can do *exactly* the same things (read/send e-mail, browse the web, transfer files, make connections to remote hosts via SSH, listen to BBC Radio 4, etc.) as I can from inside the corporate network, then what - How would you do a Voice-over-IP phone call with someone else if both of you are in such a NAT-hotel-room? - How do you join a multicast session (actually this is not a matter of NAT, but of different levels of Internet services). - I and some friends use a UDP based protocol to exchange status messages with a central server. The next version will allow to send notifications if mail has arrived to avoid polling continuously. How would you do that? (I'm sometimes using IP over GRPS with my cellphone, where I receive a RFC1918 address, which is NATed. When I am awaiting an important e-mail, I have to poll every few minutes. Polling over GPRS is expensive. The provider which seems to be the cheaper could turn out to be more expensive.) - How would you do IP-address based authorization (e.g. RMX/SPF/CallerID) if other people can have the same IP address at the same time? - IPSec through NAT (if not UDP-encapsulated)? - What about UDP or TCP protocols which run into the NAT timeout? - What about forensics? How do you track back an attack from behind a hotel's NAT router? I don't say that all hotels have to support full internet. But I'd like to know what I pay for in advance and decide whether it is sufficient for my needs before purchasing. I've never seen hotel staff people who could explain what's going on there. But if you give things a name, then they can simple tell you what they offer without the need to understand anything. They just need to learn We offer XXX service for x$ and YYY for y$. And with home internet providers you can compare whether the one for US$n-2 is really cheaper than the one with US$n. regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
60th IETF - public transports?
Hi, does anyone know how one can get from San Diego downtown to the conference hotel without renting a car? Are there public transports? Rent a bicycle? regards Hadmut ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
MBONE access?
Hi, I'd like to watch the MARID BOF on mbone, but unfortunately my IP provider does not support multicast. Can anyone give me a hint about where to get an mbone tunneling access point? regards Hadmut
Re: MBONE access?
On Wed, Mar 03, 2004 at 04:18:42PM -0500, Joe Abley wrote: If you find an answer, telling this list would be good. In the past the answer has been you don't, often coupled with enthusiastic statements about the mbone being in full production, and tunnels no longer being necessary. Please tell me you're kidding... I just phoned the hotline of my provider T-DSL/T-Online. They didn't even know what I was talking about. All they said is that they can't help if I'm using Linux, because that operating system is not supported. I'd have to call a 0190 number (62ct / min), which I did. Listening to the wait queue music for about 1,5 minutes. Then there was a Lady who also hasn't ever heard about this and couldn't imagine what I was talking about... Hadmut
No MBONE access
Hi, just a summary of my last night's (german time) experiences: - mbone is not available at most (german) provider's - there are no tunnel providers anymore - even those who had mbone access couldn't receive the IETF stream - The oregon multicast crew took several hours to answer to a mail request (I guess they all were in Seoul), but all I received was You aren't going to be able to get multicast connectivity in a couple of hours. A full day is usually sufficient to arrange for multicast if all goes well. You'll be able to watch the archived video when we get back from IETF and have had a chance to edit the video. That's ridiculous and not a good advertising for IETF. A full day if all goes well is a joke. (Why does it take a day to enter a line to an mrouted ?) - Most surprisingly many, many people seem to have had problems with accessing the mcast streams, but actually nobody seems to ever have spent a minute to think about how to access mcast. I was under the impression as if I was the very first human asking for an mbone tunnel and mbone tunnels would be a brand new invention not yet available. What's the point in sending multicast video sessions if nobody cares how to receive them? Of course, sending to a multicast IP address makes live easier in the way to not need to care for the receiver's address, but how many successful receivers have there been after all? regards Hadmut