SSH Claims Trademark Infringement by OpenSSH

Olmy's Jart writes: "Tatu Ylonen has just posted the following message to the Openssh developers mailing list, openssh-unix-dev@mindrot.org. He is claiming OpenSSH, http://www.openssh.com, is infringing on his trademark on the terms "SSH" and "Secure Shell" and demanding that the OpenSSH project change their name." Thanks to Olmy's Jart for attaching the message - I've included it in the text below. The e-mail provides the background and thinking behind the letter. This has not yet shown up on the OpenSSH mailing list archives, http://marc.theaimsgroup.com/?l=openssh-unix-dev&r=1&w=2, although some replies are already there.

==================================================

From: Tatu Ylonen
To: openssh-unix-dev@mindrot.org
Subject: SSH trademarks and the OpenSSH product name
Organization: SSH Communications Security, Finland
Sender: owner-openssh-unix-dev@mindrot.org

Friends,

Sorry to write this to a developer mailing list. I have already
approached some OpenSSH/OpenBSD core members on this, including Markus
Friedl, Theo de Raadt, and Niels Provos, but they have chosen not to
bring the issue up on the mailing list. I am not aware of any other
forum where I would reach the OpenSSH developers, so I will post this
here.

As you know, I have been using the SSH trademark as the brand name of
my SSH (Secure Shell) secure remote login product and related
technology ever since I released the first version in July 1995. I
have explicitly claimed them as trademarks at least from early 1996.

In December 1995, I started SSH Communications Security Corp to
support and further develop the SSH (Secure Shell) secure remote login
products and to develop other network security solutions (especially
in the IPSEC and PKI areas). SSH Communications Security Corp is now
publicly listed in the Helsinki Exchange, employs 180 people working
in various areas of cryptographic network security, and our products
are distributed directly and indirectly by hundreds of licensed
distributors and OEMs worldwide using the SSH brand name. There are
several million users of products that we have licensed under the
SSH brand.

To protect the SSH trademark I (or SSH Communications Security Corp.,
to be more accurate) registered the SSH mark in the United States and
European Union in 1996 (others pending). We also have a registration
pending on the Secure Shell mark.

The SSH mark is a significant asset of SSH Communications Security and
the company strives to protect its valuable rights in the SSH® name
and mark. SSH Communications Security has made a substantial
investment in time and money in its SSH mark, such that end users have
come to recognize that the mark represents SSH Communications Security
as the source of the high quality products offered under the mark.
This resulting goodwill is of vital importance to SSH Communications
Security Corp.
We have also been distributing free versions of SSH Secure Shell under
the SSH brand since 1995. The latest version, ssh-2.4.0, is free for
any use on the Linux, FreeBSD, NetBSD, and OpenBSD operating systems,
as well as for universities and charity organizations, and for
personal hobby/recreational use by individuals.

We have been including trademark markings in SSH distributions, on the
www.ssh.fi, www.ssh.com, and www.ssh.org web sites, IETF standards
documents, license/readme files and product packaging long before the
OpenSSH group was formed. Accordingly, we would like you to
understand the importance of the SSH mark to us, and, by necessity,
our need to protect the trademark against the unauthorized use by
others.

Many of you are (and the initiators of the OpenSSH group certainly
should have been) well aware of the existence of the trademark. Some
of the OpenBSD/OpenSSH developers/sponsors have also received a formal
legal notice about the infringement earlier.

I have started receiving a significant amount of e-mail where people
are confusing OpenSSH as either my product or my company's product, or
are confusing or misrepresenting the meaning of the SSH and Secure
Shell trademarks. I have also been informed of several recent press
articles and outright advertisements that are further confusing the
origin and meaning of the trademark.

The confusion is made even worse by the fact that OpenSSH is also a
derivative of my original SSH Secure Shell product, and it still looks
very much like my product (without my approval for any of it, by the
way). The old SSH1 protocol and implementation are known to have
fundamental security problems, some of which have been described in
recent CERT vulnerability notices and various conference papers.
OpenSSH is doing a disservice to the whole Internet security community
by lengthening the life cycle of the fundamentally broken SSH1
protocols.

The use of the SSH trademark by OpenSSH is in violation of my
company's intellectual property rights, and is causing me, my company,
our licensees, and our products considerable financial and other
damage.

I would thus like to ask you to change the name OpenSSH to something
else that doesn't infringe the SSH or Secure Shell trademarks,
basically to something that is clearly different and doesn't cause
confusion.

Also, please understand that I have nothing against independent
implementations of the SSH Secure Shell protocols. I started and
fully support the IETF SECSH working group in its standardization
efforts, and we have offered certain licenses to use the SSH mark to
refer to the protocol and to indicate that a product complies with the
standard. Anyone can implement the IETF SECSH working group standard
without requiring any special licenses from us. It is the use of the
"SSH" and "Secure Shell" trademarks in product names or in otherwise
confusing manner that we wish to prevent.

Please also try to look at this from my viewpoint. I developed SSH
(Secure Shell), started using the name for it, established a company
using the name, all of our products are marketed using the SSH brand,
and we have created a fairly widely known global brand using the name.
Unauthorized use of the SSH mark by the OpenSSH group is threathening
to destroy everything I have built on it during the last several
years. I want to be able to continue using the SSH and Secure Shell
names as identifying my own and my company's products and
technologies, which the unlawful use of the SSH name by OpenSSH is
making very hard.

Therefore, I am asking you to please choose another name for the
OpenSSH product and stop using the SSH mark in your product name and
in otherwise confusing manner.

Regards,

Tatu Ylonen

SSH Communications Security http://www.ssh.com/
SSH IPSEC Toolkit http://www.ipsec.com/
SSH(R) Secure Shell(TM) http://www.ssh.com/products/ssh


"

Update: 02/14 02:44 PM by CT : I just wanted to insert my 2 bits into this story. This is a problem close to my heart: I hate getting tech support for PHPSlash. I don't care that it exists, in fact, I'm happy that it does, it fills a need and a lot of people like it. But there is no doubt that this is confusing to people, I get the bug reports to prove it. (My other peeve examples are Linux Mandrake taking a certain Linux developer's name even though they knew better, and the K5 guys naming their project 'Scoop' even tho another major Web site was created by a guy with the same name). I have no problem with any of these projects: I think all 3 of them are great projects, but if they were just a little more original there would be no confusion. Now I'd personally never go so far as to call copyright infringement, I shouldn't have to. We're all nice people here. Maybe I'm just a bit idealistic on this one.

Name Suggestion

[Anthony+Boyd]

I like the FRESH acronym another person suggested. I would also suggest:

Better Secure Telnet, or "BeST" for short.

My reason is that this clearly changes the name, as he requested, but it also implies that his closed, costly implementation has been superceded by something superior. Which it has.

Re:The original SSH license

[WhiteDragon]

he is not complaining about the openssh ssh "product" or "protocol", merely the project name, I think.

Re:the motion of FRESH (my random opinions)

[Paradise_Pete]

nformation flows into the public domain as water to the sea. Copyright is an increasingly ineffectual dam.

Copyright is not about protecting information. It's about protecting its presentation.

Read the actual law

[halbritt]

I'm sure Mr. Ylonen holds copyright on the code that he's written but in this particular case he holds the trademark for the names "SSH®" and "Secure Shell®". I wish you fucking slashdot buffoons could sort out the difference between trademarks, copyrights, and patents. If you're interested in IP law, and you seem to be, since you're bothering to comment on this, why don't you go read the source, or in this case, the law. It's in US Code Title 15, Chapter 22. Copyrights are US Code Title 17 and patents are in Title 35.

Re:I think that covers more than the logo

[powerlord]

I don't know, but I wish we could "Bring this to the attention of the apropriate authorities" (not THAT would make a fun headline) :)

Maybe they BOTH should change their names...

[Dr.Dubious+DDQ]

It seems pretty obvious, at least among people posting here, that "ssh" is thought of as the name of a protocol first, a command second, and MAYBE a "brand name" after that.

For marketing reasons, maybe SSH, Inc might be better off changing THEIR name to something less generic.

On the "OpenSSH" side, perhaps instead of removing/changing the "ssh" part of the name, they could change the name to something like "OtherSSH" or "DifferentSSH" or something equally obviously "not the SSH, inc product".

While I've got to give the guy credit for apparently writing his own cease-and-desist letters before shoveling money on lawyers, the wording of the letter posted to Bugtraq (as reported by this Newsforge article) didn't give me a good impression. In the last paragraph he writes:

"I now ask you to also change the name ScanSSH to something else. Since you have already been notified of the trademark and have been asked to cease the infringement of the SSH trademark, I can see no other possible reason for your choice of this name than to willfully damage our trademarks and brand name."[emphasis added]

Maybe this is just standard issue legal blather, but to a non-lawyerly person like me it sounds like he's completely refusing to acknowledge the established use of SSH as a "generic" description for things involving the SSH protocol, and instead claiming everyone using it is obviously just out to "get" him.

My take, anyway...

---
"They have strategic air commands, nuclear submarines, and John Wayne. We have this"

Re:The original SSH license

[Matthew+Weigel]

For the curious, the license is available at http://www.openssh.com/LICENCE. Don't blame me, I didn't misspell LICENSE.

Re:Ah ha!

[manyoso]

This obviously implies that he did not have any problem with derived works using SSH or Secure Shell in there name as long as they were compatible with his protocal. And remember this was licensed and made before he had ever attempted to trademark 'SSH' or 'Secure Shell'! OpenSSH stays.

Sounds like X10

[ahknight]

This sounds a lot like X10:
1) There is an open standard by the name.
2) There are many, many makers of the product.
3) There is one company with the standard as the name.

I don't see X-10 (the company, note, has a dash) going after everyone that uses the term "X10" on their equipment. In fact, when you say "X10" many people think of the company, NOT the standard. But can you use "X10" to describe your product? Would "OpenX10" be legal? Yes.

SSH is a STANDARD. When I say SSH I mean the STANDARD, not the IMPLEMENTATION. He can trademark SSH all he wants, that just means that the company is SSH, it does NOT control what the binary can be called or anything derivitive. His TRADEmark is SSH. Fine. OpenSSH's TRADEmark is OpenSSH. Your point, sir?

IN FACT, OpenSSH is different enough to NOT be "confusingly similar" to "SSH Communications, Ltd." so although he's experiencing some confused people heading towards him for OpenSSH support, that's just standard human idiocy flack and should be taken with a grain of salt.

OpenSSH does not need to change its name. While I applaud the owner of SSH Com. for this approch rather than a full legal onslaught, I disagree with his position that OpenSSH is confusingly similar to his product.

What next? Does he want the IETF standard renamed? Is that too similar? I agree with the second poster: this industry is getting more depressing as the days go by, as greedy people (not this fellow, really) hunt down their "IP" and try and milk it. <sigh>
--

Re:He *has* to do so

[tanpiover2]

"osh" is already the "Orchestrate Shell", owned by Torrent Systems.
I kinda like ONS myself.

Re:These idiots HAVE TO BE STOPPED

[jamesoden]

Yes, I see your point, the problem is there is no reason that openSSH would ssh in there name were it not for its wide spread use as a noun to describe a particular protocol. For instance, what kind of protocol does openSSH implement? Well it implements the ssh protocol. In the case of IBM, there is no thing that there trademark either stands for or describes other than themselves. It has not become part of the popular culture to describe anything by the name IBM except things that belong to them. Actually, I think his claim to the SSH trademark is completely bogus; what do you think they teach students in computer science about, the SecSH protocol or the SSH protocol. That being said if you were writting a product that implemented the ssh protocol (cause that is what is called even in the RFC's, and was called well before Tatu's trademark) what would you call it (actually I have seen enough silly names that for Open Source projects that I would not be amazed by the "glaSSHouse" project (-; ). Also, look at the command ftp. Now when I speak of that command I am speaking of the general lore and RFC that have been built up about that command. There are tens of companies that have their own ftp implementation. Do you think someone should come along and trade mark it. Do you think that confusion exists between new users about who to get support for a particular version of ftp from? Tatu's basis for all of his arguments are flawed and serpentine at best.

Re:Another reason for this

[hattig]

Score5???? For incorrect information as well!

Amazing... Some people don't read the stories or the other posts. THE PROTOCOL IS CALLED SECSH. NOT SHH.

Okay? Got it? SSH is an implementation of SecSH. OpenSSH is an implementation of SecSH. Clearly, OpenSSH is leaching off the brand and name that SSH has developed. Renaming it, as they are doing to OpenSecSH, solves all these problems, and the guy is happy with that.

Crikes, why should SSH Communications have to spend time and money dealing with support for OpenSSH just because the person is confused?

Imagine that the first car was a Ford Explorer. Along comes Toyota and calls their car Toyota Explorer. This is clearly not right. This is exactly the same.

The guy has been in contact with them before to try and get them to change the name. He has not got sufficiently annoyed so as to post it on a public developers list as they will not change the name. Next step will be a lawyer, and this would not do the open source cause any good at all. He is being reasonable, think about the people who are not being reasonable?!

I know the difference between ssh and openssh, so do you. But IT consultant X running 'ssh' on a Unix box doesn't know (or care) whether it is SSH or OpenSSH - but if something is funny, or goes wrong, the first port of call is SSH, not OpenSSH.

So, the steps to be taken:

1. Rename ssh in the /etc/services file to secsh - this applies to all operating systems
2. Rename OpenSSH to OpenSecSH. Already done, look at http://www.opensecsh.org/
3. Change references to ssh on all websites to secsh. Only mention ssh as an instance of the secsh protocol.
4. Etc....

Sorry if this is a little terse, and I doubt it will do my karma any good, but this is how I see the problem, and how I see the solution.

SHHH

[xant]

Shell Hopefully Having no Holes
--

Open SSH == SSH so SSH == sh?

[Scraph]

<PARODY>
If Open SSH is infringing upon the trademark of SSH, is SSH infringing upon the *cough* trademark? of /bin/sh? :) I mean, when I first started using Linux, I thought they were the same thing, and I installed ssh and removed bash because secure looked better than bourne again and my computer stopped working. It really confused me and hurt me financially and such, as I'm sure it did the same to every other shell that creates a symlink to /bin/sh ... </PARODY>

How 'bout OSH ?

[Black+Parrot]

> The hardest part for most people would be learning to type "fresh" after their fingers are trained to type "ssh"

"osh" would be easy to type: Open Secure Hwatever.

Also note that it's not a "shell" in the ordinary sense anyway:

#!/usr/bin/ssh-agent /bin/sh

You could remove the SH part will little damage to the concept, IMO.

--

"free software", "liberated software", etc.

[LinuxParanoid]

While we're offtopic and proposing alternatives to "free software" as a term... I've always thought "freedom software" would have the closest match of clarity and connotations.

Freedom is the fundamental secular American virtue. It's very hard in American culture to argue that people or products should have less freedom. What is more American than more freedom in your software?

(Whereas in a capitalistic society, connotations around 'free' are more mixed. 'Free' can imply cheap/low-quality, no-free-lunch, little-profit-opporunity, etc. Freedom on the other hand is worth any price... ;)

As far as the term "Open" goes, it's less awkward, verbally. Still, I think "Freedom Software" has harder-to-argue-against connotations, culturally. "Open" is kind of a vague word that needs plenty of explaining.

--LP

Re:So what _is_ it supposed to be called, then?

[jovlinger]

Good point. A brief web search turned up arguments both ways. You are clearly correct about the timing; it was a trademark before WWI, and they lost a lawsuit attempting to protect it in 1921.

It appears that it was more of a strange patent ruling than a trademark dispute; the patent the drug ran out in 1917, and with it -- the court ruled -- did the trademark. This ruling confuses me, but I guess we can excuse it because it is old.

Check it out yourself at

http://cyber.law.harvard.edu/metaschool/fisher/d om ain/tmcases/bayer.htm

or just a quote:

The most striking part of the label read, 'Bayer-- Tablets of Aspirin.' While this did not show any abandonment of the name, which there has never been, it did show how the plaintiff itself recognized the meaning which the word had acquired, because the phrase most properly means that these tablets were Bayer's make of the drug known as 'Aspirin.' It presupposes that the persons reached were using the word to denote a kind of product. Were it not so, why the addition of 'Bayer,' and especially why the significant word 'of'?

So I fess up. I was talking outta my ass again. You were right in questioning me.

Re:He *has* to do so

[thomash]

So, how about OSTAKAS (Open Secure Telnet Also Known As SSH).

No, but maybe TAFKAPS: The Application Formerly Known As oPenSSH.

hmm

[Garen]

I always thought of SSH as a protocol, having both commercial (ssh.com) and non-commercial (openssh) implementations. I think it would confuse people to change the name of openssh at this stage in the game. If it were going to, maybe "Secure Remote Login" (SRL) sounds like a good name to use.

An easy name change...

[Black+Jack+Hyde]

How about Secure Login Access Shell, and the OpenSSH folks can call it SLASH. :-)

Jack

Re:No.

[bwt]

Gee, "sh" certainly exists in the prior art. Perhaps he is thinking that "Openssh" is meant as Open-ssh, when it's obvious to us in the know that it is really Opens-sh, which sort of describes what it does in plain old english, which is surely not trademark infringement.

I also note that he added 1 letter to a public domain program name -- "s" to "sh", wheres we added five "opens" to the same public domain program name.

We're talking about a 3 letter trademark, two-thirds of which is derivitive. It really strikes me as phenominally bizarre to then claim that the addition of four more letters is not sufficient to avoid confusion. Out of 7 letters in "Openssh", four are new, two are prior art, and only one is really original. Basing a trademark infringement on reuse of one letter seems almost laughable. Worse, the letter is "s" - that's only a single crummy point in scrabble.

I also wonder about the fact that openssh actually does have a common code base with ssh. Does that not afford it some licence to have a somewhat similar name. If a lot of the code actually is a licenced derivitive version of ssh, doesn't that implicitly grant you the right to have 42.85% of your name in common?

Public base/modulus *NOT* broken.

[Eric+Green]

Diffie-Hellman requires that the base and modulus be publically shared between the two ends. So the base and modulus would not be secret in any event. A given base and modulus is supposed to generate a prime field. If it does, then the NSA can study it all they want and there will be no problem. If it doesn't, I want to know beforehand, not after the NSA discovers that a "probably prime" modulus and base that were dynamically generated at runtime generates repeating subfields (i.e., drastically reduces the shared key space) rather than a single prime field.

The kind of "probably prime" number generators that can operate in real time are pretty lousy, in my opinion, and I'd much rather trust a known good modulus and base pair.

-E

Re:Public base/modulus *NOT* broken.

[crucini]

I'll go out on a limb here:
The original poster was not saying that the base and modulus should be generated in real time. That would be pointless. Rather, I think he was saying they should be generated per-machine or per-site. That way the benefit of 'studying' these values is minimized. Also, magic numbers are always undesirable in a cryptographic protocol. Even if you can't see any way they could be cooked.
That's why Schneier used digits from PI for constants.

Trademake Law, SSH and Linux

[dorzak]

You can't have it both ways.

The name Linux is protected by a trademark held by Linus Torvalds. It has been used to stop infringement in the past.

If he has been able to register the patent SSH, then there is two options for the OpenSSH project. Change the name, or challenge the trademark.

However a challenge may not be a good idea, if you erode Trademark law, what's next? I am sure slashdot is registered as a trademark. Linux, BSD, Slashdot, and others could be used by companies that are not desirable. How would you like slashdot.com to point to a porn site? etc.

IP law is a two edged sword, sometimes it rebounds and you cut yourself.

Re:Trademake Law, SSH and Linux

[dorzak]

Linux has come down a few times and said you can't use that word. I remember somewhere about a porn site with linux in the domain name or something. Also to retain a trademark yu have to exercise it.

Re:Trademake Law, SSH and Linux

[demon]

You have to defend it, you mean. And Linus is, then - he's just not getting uptight about it. From what I understand, his main requests are, in effect, keep it clean, and keep it relevant. He's not saying you can't use it, just use it correctly. Which I don't think is too much to ask.
_____

Re:Trademake Law, SSH and Linux

[demon]

Yes, but Linus isn't submitting an IETF draft for a Linux protocol, and then telling people "You can't use that word!!!!!(@**$()*#**$)(". Tatu's selling a product called SSH, from his company of the same name, that implements a protocol (of the same name) which is an IETF draft standard. Why shouldn't OpenSSH be able to have a name that describes what it does? It's an SSH server and client package (i.e., it implements the SSH protocol).

As others have said, more eloquently than I, if he cared so much about his trademark, why'd he use the same name for a supposedly-open protocol, only to come along later, when a project that implements the protocol is moving along successfully (based on BSD-licensed code he wrote some time ago), and say "Oh no, you can't use that word, it's mine." Give me a break. He can do one of two things - change the name of the protocol (somehow, I'm not sure that that'll take) - or change the name of his company, and trademark that.
_____

Re:Right!

[cnkeller]

I always thought YAHOO stood for something like Yet Another Hierarachy Of Objects??

Is that just an urban legend?

Re:A SSH by any other name...

[Ben+Hutchings]

Even the standards documents are unclear on what the name of the protocol is: see the list of Internet Drafts on the IETF Secure Shell Working Group page.

SSH vs OpenSSH = SEA's .ARC vs PKWare .ZIP

[meadman]

I am really disapointed to see the approach that is being taken on the trademark of SSH. Since it does appear that the usage of SSH is a legal trademark, I guess that the next step is to develop an open and non-infringing trademark that is held for the benefit of open source community.

My take on this is that once that is done, that SSH and SSH Communications Security Corp will disappear from view just as fast as the .ARC file format and SEA Inc. did after winning their court case against PKWare and PKARC.

My suggestion for a new name would be either Protected SHell or Private SHell aka, psh (PSH). Pronounce it pea-shell.

My machines will have the OpenSSH product aliases to the new pea-shell name from now on.

Dirk

Re:Name suggestions:

[jonMC]

• What about:
• SECS -- SECure Shell

-=-=-=-=-=-=-=-=-

Follow the IETF Designation

[pimp]

One option is follow the IETF designation of SECSH.

IETF SECSH papers

Re:Hmmm...

[ncc74656]

PuTTy.. It rocks. Free, GPL, SSH1 and SSH2. Great product

It's also small enough that you can throw the binary (no DLLs or other crud needed) on a webserver so you can run it on any Win32 box with a net connection. It's nice to be able to hit Start, Run, and then punch in http://www.foo.bar/putty.exe, wait a few seconds, and then log into your computer.

So name it after the IETF protocol

[Nailer]

* secsh - secure remote sh - "kinda like running sh, but remotely"
* seccp - secure remote cp - "kinda like running cp, but remotely"

etc...

Name suggestion

[Matthias+Saou]

How about "Helix Shell"?
From what I understood it's a name much too common to have any legal hassles with it and people are so confused already ;-)

Looks pretty weak to me

[terrymr]

So we have a trademark registered as ssh - yet we also have an open standard called ssh and apparently a program from AT&T Unix called ssh which predates the ssh trademark. Not to mention no efforts to prevent the use of ssh (uncapitalised no registered trademark symbol) from falling into common usage. Doesn't look enforceable to me. Ask Kleenex about not protecting trademark rights.

Re:OpenSSH does not infringe!

[Big+Jojo]

It's not like there haven't been many Secure SHell (ssh) products on UNIX for ages and ages. I remember using them on BSD 4.1 distributions back in the 1980s.

If there's a trademark, it's yet another example of the USPTO causing trouble ... in this case, by taking a generic term and granting a monopoly on it to one (relatively) undeserving entity, rather than letting it continue to be a generic term. ("Personal Computer" comes to mind...)

Too bad trademark law doesn't seem to incorporate "prior art" ... though of course, the USPTO doesn't seem to act according to its responsibilities in that context.

These idiots HAVE TO BE STOPPED

[JamesGreenhalgh]

The computer industry is getting more and more depressing with each passing day. Honestly, since the command name will probably be the same regardless of the name the project uses (lets see them try to patent command names..), what can they possibly hope to gain from this aside from contempt for their litigious asses?

I'll be switching all my ssh servers and clients to OpenSSH immediately.

--

Re:These idiots HAVE TO BE STOPPED

[Stephen]

Honestly, since the command name will probably be the same regardless of the name the project uses (lets see them try to patent command names..)

Trademark, not patent.

It's not at all clear to me that one can't trademark command names. Is there any legal precedent on this? If you want to find out, try releasing a program called "Excellent Game" with command name "Excel" and see what happens.

Re:These idiots HAVE TO BE STOPPED

[plague3106]

yes...especially when you're more used to typing remove then remote.

Re:These idiots HAVE TO BE STOPPED

[bkocik]

Change the name to SECSH and be done with it. You get your own name without having to stoop to putting Open in front of it to differentiate it

Plus that way we can all walk around sounding like Sean Connery saying the word sex. "Yeah, I access my systems with SECSH". (Try saying it out loud).

=)

Regards,

Re:These idiots HAVE TO BE STOPPED

[rifter]

There is one, Caldera, a corporation merging with SCO has provided OpenLinux for years, as for SCo they are known for their OpenServer and UnixWare products.

No, Linus is not upset about it. He has a trademark on Linux, not OpenLinux or RedHat Linux or even Yellow Dog Linux, and has treated it as such.

Re:These idiots HAVE TO BE STOPPED

[divec]

All it takes to be 'insightful' is to say 'Screw the business, he just wants money, open source gets to do what they want'.

While I don't know the intentions of the moderators, that wasn't the intention of my comment.

I happen to believe that in this instance, Tatu has given up any rights he had on the name "SSH" by saying people can modify it (and must rename it if it doesn't work like SSH - i.e. they don't have to rename it if it does).

Open source is great

You presumably believe in the principle that an apparently open-source license should not be revokable then. I happen to believe that he's permitted people to use the name "ssh" in his license. You may disagree, but don't assume I'm just company-bashing because of that.

Re:These idiots HAVE TO BE STOPPED

[Oztun]

No I think its you thats in idiot! Rsh isn't a company that has to feed 180 people in there family and SSH is. If you had read my post maybe you would know what I said. Only a total fucking loser would respond to something he didn't read.

Re:These idiots HAVE TO BE STOPPED

[Kwikymart]

Sure, thats what they all say :P

Re:These idiots HAVE TO BE STOPPED

[alangmead]

The fact that copyright is granted on the creation of a work is a fairly recent change the copyright law. It was the Berne convention that changed that in the US.

The is a difference in protection allowed to the copyright owner of a work if they file an application with the copyright office. In cases of infringement, copyright owners that have applications on file can sue for punitave damages, where copyright owners who haven't filed can only sue to suspend further infringment.

Re:These idiots HAVE TO BE STOPPED

[MeNeXT]

Let's forget the protocols for a minute.

What's the diff between SSH, CSH, BASH, KSH etc...

Ther is nothing original in SSH. ie I have a shell (which is allready abbriviated as sh) and I add the s for secure.

To use your own argument OpenSSH is not going by the acronym SSH but by OpenSSH. If people can't defirentiate the two who are/is the idiot. Your logic states that no one can use MO, MSO because they represent Microsoft Office.

Re:These idiots HAVE TO BE STOPPED

[divec]

The guy creates a product. The guy builds a business around his product. Other people use the product to create a different product of their own.

You missed out sentences 2 and 3: "He releases it under a Free license. That free license helps it to gain popularity." He's already given away his right to limit modification and redistribution (and by doing so, gained a vast amount of uptake for his product). He can't now take that back. It's like a bank offering zero-interest 5-year loans, then saying "hang on, this is damaging our business, you have to pay us interest after all".

Re:These idiots HAVE TO BE STOPPED

can we please stop confusing copyright and trademarks?
there is no such deed as 'copyrighting something'. copyright is an intrinsic right you get by the mere act of creating whatever you did, be it music, text, image, ...
copyright does not require the author to do anything special to have it. nor does he have to actively and generally protect it. he can sue whoever he wants whenever he wants, independently of the actions he took towards previous 'infringements'.

now trademarks on te contrary are an entierly different class of IP. a trademark is a sign or a word or a phrase that someone went out and got registered (like in this case).
contrary to thecopyright holder, a trademark holder is required to actively defend his mark. failure to do so may lead to the trademark being lost.

this isnt meant to specifically flame the parent post here, but im growing sick and tired of people making silly claims about what an IP holder should or shouldnt be doing if they dont even understand the very basic differences between the different types of IP.

Re:These idiots HAVE TO BE STOPPED

[Gorgonzola]

First of all I think the SSH guy is right. With regard to the idea of trademarking a command name the answer is pretty simple: it won't live long. The idea behind a trade mark is pretty straightforward: it enables the consumer (you, in other words) to to figure out the origins of a certain product. In order to achieve this goal the trademark name has to be distinguishable from other names, whether they are trademarked or not. As soon as a certain trademark becomes a description of a certain product, like aspirin for pain killers, it becomes diluted and will no longer be protected by trademark law. That is why Rolls Royce sued Fender for calling their guitars the Rolls Royces among guitars. Trademarking a command name would be pretty pointless, since using the command as a verb would soon dilute the trademark. On top of that, the average command name is too descriptive to be protected by trade mark law at all. To get back to the SSH bloke: I think he is perfectly right in asking the OpenSSH guys to change their project's name. It is apparently confusing to consumers and therefore trademark infringement.

Re:These idiots HAVE TO BE STOPPED

[kurioszyn]

Who is an idiot here ?
Certainly not them.

Re:These idiots HAVE TO BE STOPPED

[Oztun]

What's the diff between SSH, CSH, BASH, KSH etc...

Sorry but sh, csh, bash, and ksh are programs.
SSH is a client/server based application that has nothing to do with a shell interrepter.

The big difference here is something else though. SSH is a company (unlike the shells mentioned) that has 180 employees. If SSH loses money due to confusion and these people get laid off then to me something is wrong here. This business makes most its money off this one product. I don't feel sorry for big corporations losing money this way (I.E. Micro$not) but I feel we need to protect smaller businesses. Especially when that business only has one main product.

Before someone calls me a biggot let me say I don't believe in incorporating anything. I think all businesses should have a soul and a spirit if they are going to have control of peoples lives. People need to be held accountable for their actions.

Re:These idiots HAVE TO BE STOPPED

[Kwikymart]

rsh stands for "Remote Shell"

Re:These idiots HAVE TO BE STOPPED

[JamesGreenhalgh]

I think you'd more likely just annoy people ;-)

I did mean to say trademark, but 'patent' just rolled off my tongue - you get to use it a lot these days when discussing companies and their "technologies".

I'd be really surprised if you can actually trademark a command name - and worried. Hopefully that one will never have a legal precedent set. I can't think of any clashes off the top of my head - but surely it would be similar to file extensions that clash? There's a massive list of extension types floating about somewhere, and there are several clashes.

--

Re:These idiots HAVE TO BE STOPPED

[slonob]

Wasn't ksh protective of it's name for a while?

And isn't it unfortunate that a bunch of half-assed implementations have caused confusion as far as ksh goes? Kinda makes you wonder if the ksh folks should have done more to protect it's identity. What we might have gained is a clear sense of what ksh can and should do.

Re:These idiots HAVE TO BE STOPPED

[aug24]

Huh?

Why shouldn't the guy protect his own, copyrighted, name? Seems like a perfectly reasonable request to me.

Why should anyone think that they have a right to use a name that someone else has dreampt up and copyrighted? The guy has a business going and wants to make some money. All credit to him for not wanting his publicity money watered down. If we want to make Open Source work, then we should be prepared to accede to requests like this and be seen to be developing on our own.
--

Re:These idiots HAVE TO BE STOPPED

[NialScorva]

Irrelavent. He wants the organization to change its name. It is confusing (in a legal sense), and there's no reason why OpenSSH can't change to OpenSecureShell and abbreviate it OSSH, thus removing the trademark problems. Probably wouldn't be a bad idea to change the name of the command to ossh too. Symlink 'em together if you don't have ssh. No legal confusion then.

Re:These idiots HAVE TO BE STOPPED

[JamesGreenhalgh]

Well in that case Microsoft should probably start cracking down on all those pesky applications with 'word' in the title, or company names with 'Micro' or 'soft' in them, etc. IMHO - SSH is a fairly obvious product name, and openssh is a fairly far enough derivative of it. Maybe they have a lot of customers who can't see the lines *shrug*.

--

Re:These idiots HAVE TO BE STOPPED

[sqlrob]

IANAL, so this may not apply. Lotus lost a L&F lawsuit against MS (Excel imitating Lotus) Is the L&F of a command line the command names?

Re:These idiots HAVE TO BE STOPPED

[Fervent]

SSH is different in that it's not really a word in the English language, whereas "Word" is. If MS tried to enforce a lawsuit regarding the name "Word" to any extent, they'd likely be laughed out of court.

Re:These idiots HAVE TO BE STOPPED

[jamesoden]

Look I have no problems with trade marks, but this is taking it too far. What he is doing that really causes me annoyance, is that he is saying that just having the letters 's''s''h' in a word is is cause for treading on his precious trademark. Well, carried to its absurd end, then one could never use the word glaSSHouse in a product name. I am sure there are other exmaples. Are we treading on IBMs trade mark when we call the standard math library libm.so? This is just absurd.

Re:These idiots HAVE TO BE STOPPED

[akc]

I think there is a difference here. Microsoft calls their product "Microsoft Word" (two words) not just "Word". If someone had a product called "Open MSWord" then that would be different. We already have "Microsoft Office", "KOffice" and "Star Office".

The other problem, is that he is getting support e-mails from users of OpenSSH - demonstrating clearly that there is a confusion in users minds

Re:These idiots HAVE TO BE STOPPED

[Art+Tatum]

While i can certainly understand that, i'm not sure we should be using laws to try and fix peoples' utter stupidity...

Well, that's the whole point of Trademark law. It's to protect a business from stupid consumers. Trademark is about the only IP law that I consider to be enforced properly.

Re:These idiots HAVE TO BE STOPPED

[ncc74656]

Let's just give in and rename it kwijybo. Of course, it will cost thousands of extra keystrokes.

Naah...

cd /usr/local/bin
ln -s kwijybo ssh

Of course, then it'd be you that's in hot water and not the OpenSSH guys (but only if you're discovered to be using a link named ssh)...

Re:These idiots HAVE TO BE STOPPED

[Art+Tatum]

Uh, this has NOTHING to do with the license. This is TRADEMARK. They're different.

Re:These idiots HAVE TO BE STOPPED

[hitchhikerjim]

Command names? Don't know. But there is precident. Remember that Sun's NIS was originally called Yellow Pages until the owner of the Yellow Pages trademark complained.

... but the complaint didn't chagne the command names, just the way it's referred to in documentation.

Re:These idiots HAVE TO BE STOPPED

[sql*kitten]

If MS tried to enforce a lawsuit regarding the name "Word" to any extent, they'd likely be laughed out of court.

On the contrary. If you released an equivalent product under the same name, they'd probably have quite a good case. If, on the other hand, you wanted to sell a chocolate bar named "Word", there would be nothing Microsoft could say.

I cite the long running VAX (computers) vs VAX (vacuum cleaners) trademark clash. What seems to happen is that as soon as a new lawyer joins either organization, they notice the "infringement" and send a form letter. The opposite organization sends a form letter back, and that side's senior lawyers thwap the junior upside the head, then both organizations just go back to quietly ignoring each other :0)

Re:These idiots HAVE TO BE STOPPED

[cah1]

How about pulling your finger out for a moment and thinking about the situation for a moment. Just one moment, then you can fly off the handle again in a completely unnecessary and humourless way.

The guy creates a product. The guy builds a business around his product. Other people use the product to create a different product of their own.

I don't think he's being unreasonable in the slightest, it seems to me he's actively trying to avoid being too heavy handed.

... and whether or not the CLI would see a change is unclear.

Re:These idiots HAVE TO BE STOPPED

[zakureth]

I'm confused here... is he really talking about patenting the command name? I gathered that ssh was just the short or common name of the Secure Shell product, and it was that short name that was pattented. The fact that the commands are based on the products short name is just good sense.

That all seems quite legit to me.

Re:These idiots HAVE TO BE STOPPED

[BinaryC]

The major difference is OpenSSH is a product exactly like SSH, while glaSSHouse is a house made of glass. IBM is a company libm.so is a math library. See the difference? If I made a computer company called "International Binary Machines" then IBM very well could go after me. But if I made a candy bar called, "I Bite Mocha" then they would have no case.

Re:These idiots HAVE TO BE STOPPED

[ahde]

it'd be like someone trying to trademark "door"

Re:These idiots HAVE TO BE STOPPED

[patter]

sh is actually the original bourne shell, but this analogy is reasonably solid otherwise.

But regardless, I don't see anything wrong with credit where credit is due. If someone else started marketing a *nix clone which ran on Intel (and other) processors, and called in OpenLinux (or some derivitive), I am fairly sure we would all support Linus' efforts to have the name changed, n'est pas?

Re:These idiots HAVE TO BE STOPPED

[plague3106]

Not that i am aware of (but then, i onliy started unix 5 years ago...). As far as crappy implmentations, i know of pdksh, which i know is not the same as the real ksh. I don't know of 'fake' kshs out there...

Re:These idiots HAVE TO BE STOPPED

[plague3106]

Oh come on now thats obviously a typo :) Yes i meant remote shell...

Re:These idiots HAVE TO BE STOPPED

[plague3106]

Somehow i doubt they can stop you from naming your files whatever you want, trademark or not...

Re:These idiots HAVE TO BE STOPPED

[MadAhab]

Don't be an idiot. Functionally, you are right. Linguistically, you are wrong. Now let's try "rsh" instead and you should get the point.

I demand that that damn Finn stop using "ssh", because it makes people think it's like "rsh" and encourages them to continue using that outdated, insecure protocol.

Tambourine, fooey.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Re:These idiots HAVE TO BE STOPPED

[plague3106]

I know thats the point of trademark law; i was saying we should attack the problem not the symtom (sp?).

Re:These idiots HAVE TO BE STOPPED

[plague3106]

My only problem with this is that he obviously took a standard unix naming convention and is trying to claim trademark.

sh = shell
bash = Borne Again shell
ksh = Korn Shell
rsh = Remove Shell (hmm...no that couldn't have inspired it..)
ssh = secure shell.

sh is simply unix shorthand for sh, and the few letters before it designate what kind of shell (borne, korn, remove, secure).

Re:These idiots HAVE TO BE STOPPED

[imcsk8]

What kind of user gets confused with ssh / openSSH? It's obvious that the two a are diferent products. Of course if we are talking about people that doesn't read the README files, we are talking about people that in a very remotely possibiliy is gong to be capable of installing one of the two products.

Re:These idiots HAVE TO BE STOPPED

[MadAhab]

Not only that, but it's where the name for "ssh" came from. "Secure shell."

Let's just give in and rename it kwijybo. Of course, it will cost thousands of extra keystrokes. Maybe I should send the Finn a bill. Or at least a reminder that he got a big head start because of bone-headed US export laws.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Re:These idiots HAVE TO BE STOPPED

[shokk]

Change the name to SECSH and be done with it. You get your own name without having to stoop to putting Open in front of it to differentiate it, and everyone will know that you are implementing SECSH. It's not worth the time and distraction from the coding to fight this and the guy does have a point. Invalidating trademarks of this type only means less $$ for the rest of us later on, and we all have to eat.

Re:These idiots HAVE TO BE STOPPED

[plague3106]

The other problem, is that he is getting support e-mails from users of OpenSSH - demonstrating clearly that there is a confusion in users minds

While i can certainly understand that, i'm not sure we should be using laws to try and fix peoples' utter stupidity...

Maybe we should be teaching people to pay more attention (which would help the driving situation out!), and read things carefully (like those nice long contracts...)

Re:These idiots HAVE TO BE STOPPED

[shotfeel]

yeah, or even "windows"

Re:These idiots HAVE TO BE STOPPED

[MeNeXT]

My point. I would moderate you up but I have already posted on this thread.

Re:These idiots HAVE TO BE STOPPED

[raju1kabir]

If MS tried to enforce a lawsuit regarding the name "Word" to any extent, they'd likely be laughed out of court.

On the contrary. If you released an equivalent product under the same name, they'd probably have quite a good case.

Nope. There's a litter of text editing programs with "Word" in the name. None of them is named simply "Word", because that wouldn't provide any protection to the vendor. There are, however: Microsoft Word, WordPerfect, AmiWord, WordStar, and so on.

All of these products are roughly "equivalent" in the sense that they provide the same functionality and can read each other's files - that's the same as the proportional level of similarity between the ssh implementations in question.

Yeah, but.....

I understand he has to protect it or lose it, but did he originally coin the terms "SSH" and/or "Secure Shell"??

Re:Yeah, but.....

[gimpboy]

We also have a registration pending on the Secure Shell mark.

they dont have that one yet.

use LaTeX? want an online reference manager that

Re:Yeah, but.....

[dan_linder]

Opps, forgot to login as myself, the above comment was mine if anyone cares.... :)

Dan

Re:Yeah, but.....

[sallen]

understand he has to protect it or lose it, but did he originally coin the terms "SSH" and/or "Secure Shell"??

If he did, on the SSH, it appears his request is pretty reasonable, particularly if there is confusion. (And, if he originally attempted to protect it when he first realized the use, not necessarily just when he found there was confusion.) The part of the letter that I do question is 'secure shell'. The letter has the little old (R) on ssh, inticating registered trademark, and he indicates the when/where it was registered. However, it seems 'secure shell' is being swept into that as well, and I see no indication of its registration.

Re:Yeah, but.....

[tuupola]

NAME
ssh - (somewhat) secure CFS shell

SYNOPSIS
ssh directory

I dont actually remember when SSH first came out but the above lines are from CFS (Cryptographic File System) package which includes the ssh program. Sources have the following copyright line: Copyright (c) 1992, 1993, 1994 by AT&T.

Re:Yeah, but.....

[mjbtn]

We had someone come after us once on a trademark infringement doodad. We had to cave as our use was after the published filing date of the claimee. However, our attorney said that had we been using it prior to the filing date, then we could probably have prevailed. Trademark's (as we determined in our effort) are much weaker should you be able to show "open" usage of the mark prior to the filing date. I would say that this may be a perfect way to put an end to this mess - just reference the AT&T docs. IANAL - but exercise the law as laid!

Just rename it to secure open shell ..

[RedLaggedTeut]

.. or whatever.

Sheesh ...

[ghoti]

I have a proposal for a new name: "Sheesh ..." (including the ellispis). Would be very appropriate, don't you think?

Respect his wishes. He's earned it.

[Decimal]

I agree. Look back at the letter, and ask yourself: Would Microsoft have asked so nicely? I believe that the company's trademark should be respected.

How about OpenScSh?

Re:Hmmm...

[ConsumedByTV]

Well first of all it doesnt work right for me, and IT does crash (or rather it did untill i got SecureCRT) and Secure CRT has support for everything you would want to open a terminal connection to.



Fight censors!

What's wrong with this?

[FuegoFuerte]

This may be redundant, I don't know, but I don't have time to read through all the posts. Anyway, I just wanted to say that I personally respect this company.
First, they could've started off with a really nasty lawyer letter. Instead, they start off by asking relatively politely that the OpenSSH project change it's name, and give some relatively valid reasons for this request. Rather than starting everything with a stupid lawsuit, they start with a simple request, which is not too hard to honor.
I'm not saying I think the company is in the right with their request, but they do have some valid points and went about it in a respectable manner. For the sake of avoiding a waste of time and money known as a court battle, it seems the reasonable thing to do is for the OpenSSH project to change their name.
I'm not good at figuring out names, but it shouldn't be too hard to come up with a more distinct name and simply avoid unneeded hassles.

Re:Helsi...Everything else was up too!

[Linux2Mars]

...which part did you not get? I didn't say that everything went up 30%, just that allmost all was UP...just up.

Re:No.

[mithrandr]

"SSH" is simply an acronym for "Secure Shell", how can you take a descriptive term, turn it into an acronym, and have it be any less descriptive?

Depends if you count installed copies, or media...

[emil]

There are a lot of RH7 cds out there. OpenSSH is finding its way into many places where commercial ssh will never go.

Is English your first language?

[halbritt]

Did you read the documents that you linked up or were you just karma whoring? Each draft standard contains the following text:

9. Trademark Issues

SSH is a registered trademark and Secure Shell is a trademark of SSH
Communications Security Corp. SSH Communications Security Corp permits
the use of these trademarks as the name of this standard and protocol,
and permits their use to describe that a product conforms to this
standard, provided that the following acknowledgement is included where
the trademarks are used: ``SSH is a registered trademark and Secure
Shell is a trademark of SSH Communications Security Corp
(www.ssh.com)''. These trademarks may not be used as part of a product
name or in otherwise confusing manner without prior written permission
of SSH Communications Security Corp.

So it does very clearly state in the text of each document that "SSH®" is a registered trademark of SSH Communications Security Corp.

Re:Is English your first language?

[lpontiac]

I think my second-last paragraph addresses your concern... OpenSSH was derived from the original SSH according to it's license, and uses the SSH protocol. What does he expect people to call it?

I've been slow to reply in this thread because I believe over top-level posts have said all I'd have to say anyway, but just to sum up, I think that using the term "SSH" in the name of a product that interoperates with computers using SSH is fair enough. I don't think it's confusingly similar at all (the Open is there for a reason). By allowing SSH to permeate the industry as a command name, and the name of a protocol (basically a noun - see this post), and leaving all of the products called *SSH* alone up to now, the trademark's already been diluted. Legal claims in the small print aside, I don't think he can fairly claim exclusive rights to *SSH*.

Re:Some Corrections

[mindstrm]

You still have to make it know that it's a mark... you can still protect what you do without registering the mark. THis is trademark, not patent.

Re:Hmmm...

[StenD]

Until then, I don't really think that he can trademark SSH because just like RSH and the others it's a standard acronym.

More precisely, SSH and (more clearly) Secure Shell are descriptive terms, and, at least in the United States, that's grounds for refusal of the mark.

Re:*banging head against wall*

[Nailer]

not everyone is going to be a security guru right off the bat, but until you actually are able to distinguish SSH from OpenSSH, then I'm not sure why it matters as you clearly haven't passed the minimum intelligence test to use either.

Um, you don't get it. The point of the protocol is they're not supposed to be limited to security professonals, but to people without seignificant security experience and need to remotely access shells, graphical apps, perform secure copies, anbd secure FTP etc. I'd hate if anything `secure' was limited to security professionals. Wouldn't you? As you said, there's a whole heap of Telnet servers around and people who think its okay to use them (printer and router companies that don't use SSH give me the shits. They aren't security professionals. SSH discourages that behaviour.

Re:Name suggestions:

[Drakantus]

Not really. The OSH you pointed at isn't software, so no conflict. Just like Duron is both a CPU and a brand of paint.

No.. my argument is right.

[mindstrm]

What you are referring to is correct, it's called 'trade secret'. The recipe for KFC or Coke is a trade secret, and as long as it remains a secret, it can be protected quite extensively by the law. They could get the recipe back because it was possible to do so, as those who had it hadn't revealed it yet, in other words, it hadn't become public knowledge yet.

If the recipe for coke was wide public knowledge, because coke 'ignored' a threat to it for a week ro two, and everyone in the country and every newspaper had a copy in it, then they could no longer claim *ANY* trade secret protections on it. It's no longer a secret.

And no.. that has nothing to do with this case.

Re:No, he doesn't have to do so

[Art+Tatum]

It isn't good will. If it were, he'd leave them alone or license the name.

So, if someone wanted to use your social security number and drivers license you'd be cool with that? I doubt it. Those are things that *identify* you.

Licensing? You don't get it. He doesn't want people to confuse OpenSSH with his product.

People are being seriously confused by the name, his private requests to Theo and others have been ignored, and he has a trademark: he would be entirely within his rights to sue the hell out of them. If it were Apple or Sun, he would have done this months ago.

Let all the commercial versions of SSH know

[mikehoskins]

Let all the commercial versions of SSH know that you won't be buying their products until this is dropped: SSH Personally, I planned to buy commercial SSH for my business, especially for Windoze clients to Unix/Linux machines, but now I won't.

Re:Name suggestions:

[X]

Well, those suggestions were mostly a joke. However, I'd point out that "GNU" is not considered to infringe on UNIX, so I think GNASSH would be considered safe as well.

As for the ASS thing, I think you completely miss the cynical sense of humor that most people have. Admittedly, ASS is not a good brand name to establish yourself in the general populace, but it's probably a great name to establish yourself in the IT community.

Re:Hmmm... Problem with that

[drudd]

Interesting point, but here are two areas which I think negate it's imporance

1) the user links to rsh, not ssh. If ssh installed itself as rsh by default, then yes, that might be a problem (similar to if openSSH installed itself as openSSH, not ssh, so you were reminded every time you ran the program that it wasn't the official ssh).

2) I doubt Berkeley has a trademark on rsh... it's just a minor util after all, and not an entire product, as in the case of ssh. If they had (or could) trademark the name of every minor unix utility, it would be nearly impossible to create a unix clone.

Doug

Are you all insane?

[Anal+Surprise]

Jesus H-Bomb Fucking Christ, this man is a hero, and lamerz who are either too young or too inbred to figure it out are treating him like a devil.

Before ssh, there was nothing but telnet, an insecure nightmare. If the explosive growth of the Internet had occurred while administrators were still telnetting into their servers, we'd have many more owned servers, an exponental creep into darkness.

So we have this fantastic tool, thanks to the work of one man, Tatu Ylonen. Now he's gone and turned this work into a product, and a company. You may not respect that, but you should respect this: without his work, we'd all be owned.

So Tatu discovered fire, and he shared the fire, and then he asked people to bring him stuff to eat, in return for the fire. You may not like the last part, but you'd be eating raw whatever-the-fuck-it-is-you-just-caught in the dark without him.

Whether you agree with the letter or not, you can tell he understood the issues and the community. He's trying to break this as lightly as he can, but he does need to break it, if he hopes to keep ssh (a name he created) for his product.

As far as I'm concerned, this man was and continues to be a hero, so please just stop the ignorant criticism.

Re:Protecting Copyrighted name? I don't think so..

[elflord]

Let me give you an example. In my home state, there were a couple of water parks, Magic Waters, and Rageing Waters. Both had Trademarked names. Rageing Waters came first, but had no right to tell Magic Waters to change their name because the use of Waters might make it difficult for people to differentiate them.

Neither name is a proper subset of the other, and that makes a big difference.

Correct me if I am wrong, but telnet used that Look and Feel LONG before SSH ever came into the picture. So getting this jokers "approval" was not an issue. Further, this was completely off the topic of the letter. It should never have been brought up. If his beef was to get the OpenSSH guys to change their L&F, then he should have SAID that.

You didn't understand the letter. Let me try and explain -- he is NOT complaining about similarity in look and feel. The point however is that there exists a possibility for confusion between the two products, and it is when such a possibility arises that one enforces trademarks. If someone made a car called "ssh" they would not easily be able to take action -- in fact the car manufacturer would possibly be able to acquire a trademark. The fact that the products in question are very similar is a key part of the dispute, and it is completely relevant to the complaint.

Example: Windows, and the Open Windows projects. I don't see M$ flipping out over that one.

IIRC, Microsoft don't have a trademark on "Windows".

It is time for companies to stop stomping on the little guys and INNOVATE instead. Instead of jumping on the litigous bandwagon, make your product BETTER than the competition.

What ????? May I remind you that the complainant wrote the original ssh and the other guys basically ripped it off ? The innovator here is the complainant, the OpenSSH guys are the copycats here.

Re:US Trade marks held by SSH COMMUNICATIONS SECUR

[CaseStudy]

"Secure Shell" isn't generic, it's descriptive. "Encryption-Employing Shell" would be generic.

less=more = shell out = shout

[korpiq]

Encrypted Terminal [Session] : et, or ets
Encrypted Terminal Connection, or rather, "so on to the next [box]": etc

Or just "esh" for Encrypted SHell, because the security is never factual anyway.

This is fun :)

Just my 0,02 FIM

Do NOT use the term `Telnet'

[Nailer]

I'd be greatly concerned about any product called `secure Telnet'. Simple because I've been telling clients to uninstall Telnet and ban the protocols use within their networks for quite some time. I'm sure many other admins have too. `Secure Telnet' would make things confusing.
Furthermore, that isn't what SSH does - Telnet is generally used (in sites I work at) to test SMTP and HTTP servers. SSH is used as a secure method of running shells, and graphical apps (Telnet should be avoided for the first and makes the second a headache). Telnet lacks file transfer mechanisms.

What if I

[shao]

register a trademark "Soft"? Does that mean Microsoft will have to change their name?

Re:What if I

[mikehoskins]

Please do. The more bogus patents/copyrights/trademarks there are to dispute, the more attention ("awareness") will be generated about this problem. Maybe, if you trademarked the terms "government", "senate", and "congress", somebody might actually DO SOMETHING ABOUT THIS! For now, I think we need to tell SSH off. Go visit their web site, and Contact them, telling them you won't buy their product and that you'd recommend that your company and friends not do the same, until this is resolved.

Re:Take a look at these IETF documents...

[lahi]

Looking at www.ssh.com, I now see that F-Secure is listed as "partners", which presumably implies a permission. This is not obvious from looking at www.f-secure.com, however. And I believe it is required that TM () and (R) (®) are acknowledged explicitly somewhere, if they are used. (That is: "various trademarks belong to their respective owners" blabla is not sufficient.)

-Lasse

Re:So what _is_ it supposed to be called, then?

[cpt+kangarooski]

Of course, someone (Reynolds?) lost the trademark on Cellophane because there was really no other way to describe the stuff. It was too new, and too unique.

I could see a trademark on SSH as in SSH-brand Secure Shell, but not on 'Secure Shell' itself.That's how you describe the entire class of products. They're shells, they're secure, it's in common usage.

Re:I second the motion of FRESH

[mo]

4) Free projects change their name fairly regularly without losing a users.

I dunno. I don't think I could handle it if this Chips N Dips news site ever changed their name.

Re:Take a look at these IETF documents...

[lahi]

Sushi? And with the blowfish as logo? That's just brilliant!

(Try searching for "blowfish sushi" on Google.)

-Lasse

Re:Hmmm...

[beta64]

I also agree. If he didn't want people basing a product off of his work he should not have made it available in the first place. At least, he could have made it, very clear that the term SSH was not to be used in any derivative products. If he had done that in the first place, I don't think that OpenSSH would have used the name OpenSSH. In any case, I think that the SSH trademark is questionable.

The debate between OpenSSH and SSH somewhat reminds me of the Debate between Guiness and GuinessSucks . . . except that OpenSSH is offering something and the XXXSucks were just complaining about XXX. My point is, if you don't confuse GuinessSucks with Guiness, why would you confuse OpenSSH with SSH?

I do believe that the guy has a right to defend his trademark. So my advice to him is defend it, so the courts can throw it out. If he happens to win, then OpenSSH can Change it's name to OpenShell or something. Until then, I don't really think that he can trademark SSH because just like RSH and the others it's a standard acronym.
SSH - secure shell
RSH - remote shell
SH - shell
BASH - Bourne Again Shell
KSH - Korn Shell
etc... but he probably has the right to try.

One interesting thing to note, who does he sue in this case, the developers? Anyone who distributs OpenSSH?

Re:OpenSSH is *exempt* (IANAL)

[CaseStudy]

The creation of a competing product is not non-commercial usage, even if you give it away for free.

Re:Name suggestions:

[SurfsUp]

Seriously, the best suggestions I've seen so far (on linuxtoday, by the way) are:

SHH - Shh! I'm talking to my computer

FRESH - Free Remote Encypted Shell

But coming up with a good name is the easy part, the hard part is determining if it's morally right for the author to attempt to enforce an IP claim on an IEC standard. IMHO, he should have enforced his claim *before* it was accepted as a standard, not after. Letting the standard be accepted without moving to enforce his claim should really be the same, legally, as putting the IP into the public domain.

By the way, are you reading this, Scott, please take note.
--

Not copyright

[Hard_Code]

AFAIK, this is not a copyright issue. It's a *trademark* issue. Spare the juvenile flames.

Re:Right!

[ncc74656]

It's the trademark analogy of the GIF trick: releasing a supposedly "open" file format and then patenting the only known algorithm that can generate it.

Compu$erve didn't patent the compression algorithm used by GIF. Unisys did. IIRC, Compu$erve mainly sought acknowledgment from people referring to GIFs that the name was a trademark of theirs. The other problems with GIF were the result of actions by Unisys, a company that was already on a downward spiral toward irrelevancy that must've seen patenting LZW as a means of prolonging the inevitable.

Re:Name suggestions:

[J+Story]

> HSS - Host Secure Session

There might be better names, but this one appeals to me: it's short; it's reminiscent of the 'less' is 'more' naming trick; and it combines a mild slap at ssh(tm) (for putting us through this) with a nod of recognition to its common origin. What's more, there is no way this can be confused with ssh(tm).

It merits a place on the shortlist.

Bollocks.

[mindstrm]

1) This isn't patent infringement; it's a trademark dispute. They are *very* different.

2) The original license on SSH, which OpenSSH is based on, states basically that the name 'ssh' should not be used if the derivative work is incompatable with the ssh protocols specified in the RFCs. This implies that it's OKAY to use the name ssh if you ARE compatable.

3) Under trademark law, you *MUST* defend your mark. This mark is already highly dilute; there are many software packages known to the plaintiff here that use the ssh name, and he's known about openssh for quite some time.

4) ssh is the name of a publicly available protocol as specified in the rfc's, and the name of the common unix command used to implement such a protocol, regardless of vendor. It's already diluted. THe common techie does *not* automatically associate 'ssh' with meaning 'the product from company X'. They mean the protocol.. just like ftp or anything else.

That's why he can't enforce it.

It's not about what we can get away with. If he wanted to protect the name he should have made it clear from the beginning, and that hasn't happened.

Re:Hmmm... PuTTY

[ncc74656]

Even better, carry it on a floppy. It fits!

Floppies suck...they're unreliable. Besides, if you don't have a net connection with which to grab PuTTY, you don't have a net connection with which to log into your computer.

Re:Off-topic, anti-Godwin's Law, etc.

[kubrick]

War means killing people, Business means paying people and making money to pay with.

Murder is not acceptable. Corporate attitudes are partly caused by the ground rules of business.

You should look at the economic reasoning behind most wars. Obviously it was "acceptable" to kill a couple of hundered thousand Iraqis in order to keep oil prices down.

Re:Off-topic, anti-Godwin's Law, etc.

[kubrick]

1) No one who was "just following orders" was tried at Nuremberg. Only those "in charge" were tried.

I'll have to check a list to see that, but almost everyone except Goebbels tried that defence AFAICR...

2) Corporations are not "taking orders".

But if they are acting without the moral compulsions that an ordinary person does, obeying the letter but not the spirit of the law, that is usually their defence when thousands of people are poisoned by the company's actions -- "we were maximizing shareholder value". Sounds a lot like "just following orders" to me.

Furthermore, Tatu Ylonen seems to be a fair and decent sort of person. He didn't try to enforce his trademark until he started getting tons of annoying email and support calls from people who didn't realize they were using OpenSSH.

Why take out the trademark if you won't enforce it? Use it or lose it...

I was replying to the specific sentence I quoted, which was my I marked my post off-topic (I don't consider that Tatu has this attitude, but the attitude that poster displayed frightened me).

As regards the SSH kerfuffle, hopefully the IETF will rename the standard and then OpenSSH can change their name to match that...

Re:I second the motion of FRESH

[NewWazoo]

]> 3) This guy didn't care about the use of the
]> name OpenSSH until his customers started
]> getting confused.

]This is EXACTLY why they've lost the trademark. ]You have to defend trademarks, you can't just sit ]on your hands until you're worried about
]losing business

You've got that exactly backwards. The purpose of trademarks is to prevent brand name dilution, which is precisely what's going on here.

The New Wazoo
("It's not old!")

Re:He *has* to do so

[thogard]

I just got a message yestersday from him saying that SSH2 had a reasonable license. Not for my uses. I suspect this little stunt will kill SSH for good. He had a monopoly on a very useful technology but tried to milk it for more than it was worth and that created OpenSSH. Had he not been greedy, he would have had a decent license, SSH2 would be wide spread and there would be no OpenSSH and he would have cornered the market. Now he will be competeing and with OpenSSH and I don't think he's going to win. This is going to turn out like CERN's http vs Apache.

Re:From ssh 1.2.12 COPYING

[p2sam]

I can't seem to find the 1.2.12 version of ssh on ftp.ssh.com in fact, the earliest 1.2.x is 1.2.0, and the one that comes after is 1.2.13.

Why not...

[slarti]

Give it in unpronouceable symbol as it's name and then refer to it as. 'The shell formally known as OpenSSH'. Then when everyone is tired of that call it 'The Shell'.

Whaduyatink?

Re:OpenSSH does not infringe!

[elflord]

There is a big exception to trademark laws. If your trademark falls into common use as a generic term for something, it basically loses its protection.

Depends on whether you own the trademark before the term is in common use. There are several cases where products that become popular become common language because of their popularity.

Re:He *has* to do so

[theonetruekeebler]

Trademarks have to be protected, no matter how little you care, or else they will become invalid and anyone can use them. If he doesn't go after OpenSSH, tomorrow it'll be Microsoft using the name.

So license "SSH" to OpenSSH already! Hell, license it for a dollar, under terms Microsoft or any other money-seeking interest will not accept, and be done with it! Trademarks are licensed all the time. GM had do pay Beretta Arms about a million dollars to call one of their cars the "Chevrolet Beretta."

--

Semi-OT: Confused support mail

[Inoshiro]

I don't know why rusty named Scoop Scoop, but I do know that Slashcode isn't alone in getting support emails for PHPSlash :p

Consider this email regardling PHPNuke:
"Subject: The best nuked site Ive never seen
To: Kuro5hin.org Help
Dear Sirs of Kuro5hin,

Im journalist and Im new to PHP nuke.
Ive been visiting many nuked sites and yours is the VERY best.

I wonder if you could send my your theme files, not to use or copy it in my
site, I dont have a site, just to learn to develope a good theme.

Thank you very much, and sorry about my english.

Best regards, .."
--

Re:He *has* to do so

[TekPolitik]

Don't blame him, he has no real choice in this matter. Trademarks have to be protected, no matter how little you care, or else they will become invalid and anyone can use them. If he doesn't go after OpenSSH, tomorrow it'll be Microsoft using the name.

There's more to it than that. Firstly, he's claiming "Secure Shell" as a trademark. This is unlikely to fly, as it is merely descriptive of the functionality provided, and thus not capable of being trademarked.

Regarding OpenSSH - how long has that project been running? He's left it alone this long, so he's already failed to protect the name.

In any case, they have used SSH to refer to the protocol, which has always had that name (just look in /etc/services):

ssh 22/tcp # Secure Shell Protocol

The original use of the same contraction for the product name and the protocol is a fatal flaw. There is probably no way that anybody can stop them using the name of the protocol in their product name if that name is also merely descriptive.

Let's compare the headlines:

[scrytch]

Linux Today: Tatu Ylonen requests OpenSSH to change its name
Slashdot: SSH Claims Trademark Infringement by OpenSSH

Linux Today: Quotes the letter.
Slashdot: Links to it, surrounds it with summary like "demanding that the OpenSSH project change their name". At least there wasn't any color commentary for spin value this time, could be because Taco didn't post it.

Look, it's SSH and it's more than three letters, it's basically the same damn product. The author (not his lawyers) is personally asking to change the name to something that causes less confusion with his product that came first. Yet people are ready to string him up for this, because the reporting of it practically has him banging his shoe and screaming and sending forth the lawyers.
--

Re:He *has* to do so

[EJB]

I'm very sorry, but this is nonsense. All he has to do is officially grant OpenSSH the use of the trademark "SSH" in a legally binding contract, and there's no more question of trademark dillution.

He will then have every means to defend himself should Microsoft use the term "SSH" against his wishes.

It's a good thing that he is clear and objective about his stand towards OpenSSH, but that doesn't make his claim in itself more ethical than any other trademark claim.

Erwin

Re:From ssh 1.2.12 COPYING

[bferrell]

He can ask, but at best he looks like an ass. In 1995, He pretty clearly acknowleges that there are/will be other implimentations of ssh: >> if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

Re:I second the motion of FRESH

[Dwonis]

So because he's a nice guy and doesn't jump on everyone like a hungry lion, we tell him to screw off?

I say we don't HAVE to let him have his way, but we should show our goodwill and do it anyway.

Or do we have any goodwill left?
--------
Genius dies of the same blow that destroys liberty.

Re:He *has* to do so

[scrytch]

ssh is not telnet. telnet is a specific protocol, with lots of protocol commands and options. ssh implements none of them. you can't call any ssh implementation telnet any more than you can call it ftp.
--

Re:Another reason for this

[emmons]

That's a server, not a client.

----

Don't look at it from a legal POV

[Wolfier]

I mean, c'mon. He is asking us to do so and with very valid reasons from his point of view.

Think of it this way. We ripped his code to start OpenSSH - taking his program as a gift. Even the ssh 1 license says you may do so, don't you think the author is a real nice person in doing so?

Not that we're legally bound to change the name, but don't you think it is one nice thing we can do in return of his code?

Of course, the new name has to resemble the old name so users will not be confused. And we should be given a long enough grace period to use the old name and the new name together so everyone will see "so this is what OpenSSH becomes" without scratching their heads for a bit. It's for the project's own protection, of course.

(If he's a nice peron, I think it is not his intention to use a name change to blast our recognition to oblivion. That's why we need a grace period)

Why wait for years before the enforcement? Hm...do you mean he actually have to hire a team to research for trademark infringements and find every one of them? It should not be the responsibility of the trademark holder to explicitly look for infringers. And here goes the "why wait for years" argument.

Finally, I vote for OpenSecSH. It's an excellent name. And the pun to "OpenSex" makes it even better.

Re:Don't look at it from a legal POV

[demon]

Well, read other posts about the terms in the ssh 1.2.12 license text - according to the license agreement enclosed with that version (the one from whence OpenSSH sprung - the last BSD-licensed release), they have the right to use the term SSH to describe their implementation, so long as it is compatible with his implementation. (Which OpenSSH certainly is.) But Tatu getting a trademark should now invalidate the licensing terms he used?
_____

Re:I second the motion of FRESH

[emmons]

So because he's a nice guy and doesn't jump on everyone like a hungry lion, we tell him to screw off?

Unfortunately, because of the way that the law is written, yes.

I say we don't HAVE to let him have his way, but we should show our goodwill and do it anyway.

Although out of graditude for his releasing the code in the first place I think that it would be good for us to just change the name. Next time, remember to ask to use a trademark first. :)

----

Re:Hmmm...

[cymen]

Putty is the *worst* software you've ever used? That statement makes you look like a moron. Putty has some rough edges (changing settings in saved sessions is a pain) but it doesn't crash. I think a big 'ol CRASH would be required for any program to make it onto my worst software list.

Putty is small (so, as others have pointed out, you can put it on your www and run it from anywhere), fast, and free. What is not to like?

Name Suggestion

[WestonB]

Similar to SMB = Samba:

SSH = Sashay

'We used to telnet into our servers, now we sashay into them'

Re:Scoop

[GandalfGreyhame]

freshmeat.net isn't relevant to me. Why should I care? Just because Taco uses it?

Linux is only free if your time is of no value

Re:The original SSH license

[tswinzig]

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

Sure looks like 'permission' to me.

Errr he gave permission to derive work from SSH, and permission to call your project something other than SSH and Secure Shell.

He did not give permission to infringe on the SSH trademark.

Or are we reading a different bit of text?

Lets vote

[MobyDisk]

We should put this on a Slashdot poll.

Should OpenSSH be renamed to a name that does not include the term SSH?

or maybe:

New name for OpenSSH:

• OpenXYZ
  
• OpenThis
  
• OpenThat
  
• Keep the name
  
• CowboyNeal
  

"ssh" as a name of executable

[Alex+Belits]

It is necessary to name executable "ssh" to make it compatible with scripts and other programs that intend to use the functionality of SSH protocol, so, trademarked or not, the reason to name executable "ssh" is not to create confusion but to provide actual functionality in a compatible manner. The name OpenSSH both reflects the functionality (open implementation of SSH protocol) and provides enough distinction to avoid confusion as much as possible.

The fact that OpenSSH is a superior product is pretty much irrelevant to the issue, however it explains why OpenSSH is more popular then the original SSH now -- certainly users chosen it because they expected that it will work better and because of more liberal license, not because they thought that they are installing the original SSH.

Re:Off-topic, anti-Godwin's Law, etc.

[rodgerd]

Wrong. Nuremberg, and subsequent Nazi trials, tried a number of people who were not "in charge" in any significant sense of the Nazi regime.

Re:The original SSH license

[asjo]

Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

Sure looks like 'permission' to me.

Errr he gave permission to derive work from SSH, and permission to call your project something other than SSH and Secure Shell. Read the text again. It says you have to call it something else if it is incompatible with the spec.

So if it's compatible with the spec (which I guess it pretty much has to, to work/be usable) the above quoted text does not tell you to call it something different from "ssh" or "Secure Shell".

It rather hints at the opposite, I'd say.

Ylonen enterprise is built on this "confusion"

[Morgaine]

I think you're missing a key aspect of the piece you quoted:

I would thus like to ask you to change the name OpenSSH to ... something that is clearly different and doesn't cause confusion. ... The confusion is made even worse by the fact that OpenSSH is also a derivative of my original SSH Secure Shell product, and it still looks very much like my product

Tatu is being very disingenuous here, because it was entirely on the back of his original ssh1 that SSH the protocol became famous, and so his commercial sales of ssh2 are primarily a consequence of the so-called "confusion" (actually a mental association) with ssh1 and hence OpenSSH by his own admission in the mind of the buyer. Nobody buys ssh2 in isolation; they buy it because it is an implementation of the SSH protocol, and very commonly the decision is also strongly influenced by community support for the protocol which arose through using ssh1 and/or OpenSSH.

In other words, it goes something like this. As a sysadmin at a commercial site, I hear from the open software and security communities that SSH the protocol is good. So, I look for an implementation, I try out either ssh1 or OpenSSH and I like it, then if I want support I buy the commercial version of ssh2 from Ylonen, otherwise I stick with ssh1 or with OpenSSH. These are all implementations of the SSH protocol, and the fact that there is a choice of implementations doesn't cause confusion --- it merely creates multiple associations, a "confusion" I "struggle" with every time that I want bread and have to decide whether to buy Sunblest or Hovis. Ssh1 and OpenSSH are no less an implementation of the SSH protocol than ssh2.

[In fact, the only source of confusion that there has ever been was caused by Tatu himself when he created a new product and made it partly incompatible with the tool that he himself had earlier called "ssh".]

OpenSSH through being similar to ssh1 continues to lay the groundwork on which Ylonen's commercial success is based, just like his old product did. Many people will buy ssh2 as a result of trying ssh1 or OpenSSH annd associating it with ssh2. It is utterly disingenuous that Ylonen should even think of preventing them from associating the SSH protocol with pre-ssh2 implementations when the whole existence of his enterprise is based on people's earlier associations between protocol and product.

The RFC? That's a laugh.

[ungerware]

I've developed a client as a school project. SSH isn't even in compliance with the RFCs.

It's just little things, like keys being sent as SSH-strings instead of SSH-mpints, or headers being formatted slightly differently. It's a good thing you can peruse and play around with the source. Otherwise, figuring out the protocol would be damn near impossible!

Re:Hmmm...

[ibbey]

I use SecureCRT at work, PuTTY at home. SecureCRT does have a few more features, but it costs $100. PuTTY is fast, stable (more so then SecureCRT) and as has already been pointed out, tiny. I recommend it to all my customers. Get it at http://www.chiark.greenend.org.uk/~sgtatham/putty/

Re:A SSH by any other name...

[Balp]

There is already a version of SSH that is called ossh it's availible from ftp://ftp.pdc.kth.se/pub/krypto/ossh/.

The out cource one could wounder about other SSH versions as ttssh, java-ssh, NiftyTelnet SSH.

/ Balp

His position?

[Late]

My guess is that Ylönen originally meant ssh mainly as a contribution to the community and didn't care much about the name. Slightly later he realized that he could make a living out of ssh and founded a company named after it.

The problem now is that SSH Communications Security (now a PLC) has grown much faster than he ever originally anticipated. Nor did he originally think OpenSSH was any kind of a problem (to him). Now the problem is that he runs a large company and their owners/legal/whatever aren't going to let him ignore other products with the name SSH any more.

This would put him in an awkward position and he is trying to ask nicely, even if he doesn't really want to ask at all, as he knows lawyers will be unavoidable otherwise.

-Late

Re:A SSH by any other name...

[Balp]

If if had anything to with GNU that might be possible. Now it's Free real free software as in BSD licenced.

Re:OpenSSH does not infringe!

[RealUlli]

Did you ever hoover you floor? I think the name Hoover (who were making - guess what - vacuum cleaners ;-)) started out as a trademark, too...

Cheers, Ulli

fear of competition, not confusion

[Quietti]

The true reason for Tatu Ylönen's claim is obvious: someone else released a version of his work that is better, free of any licensing restrictions and cost-free:

• OpenSSH has sturdier code, is easier to port to a variety of obscure platforms and combines both protocol versions in a single client/server pair.
• By contrast, the original SSH is a huge patchwork, produces all sorts of weird compiler errors or non-working binaries when porting to obscure platforms, and requires separate packages for SSH1 and SSH2 versions. Also, SSH2's license is too restrictive for anything else than educuational and home use; it forces money-making users to buy commercial products by F-Secure or SSH Oy.

Also, as someone else pointed out, Tatu's own license specifically said others are welcome to create derived work, as long as it is clearly stated that it is such. OpenSSH clearly identifies itself as derived work, so it's perfectly Kosher.

IMHO, Tatu should realize that adding cryptology to common commandline telecom tools was a one-trick poney; it was bound to happen sooner or later and, by today's standards, is fairly obvious work. Commandline utilities contribute to the overall advancement of software development, but they are nothing precious; merely usefull.

Instead of clinging on to his 15 minutes of fame over a few commandline tools, may I recommend that he moves on to higher challenges of cryptography like IPv6 and network security, where true expertise is required and his name can be a truely powerfull statement? The same idea goes for his company, SSH Oy: you guys are network cryptology experts, so create some more, act as consultants and make money with big paying customers; causing needless turmoil among the developer community can only result in people dropping you dead and comming up with more non-compatible crypto in reaction. Be smarter than that!

PS: SSH Oy is a great company. Why else would I constantly be bugging them for a job?!

--

Re:We should be good neighbors here.

[Balp]

> I believe it was British Telecom who held the trademark for the "Yellow Pages" name,
> and Sun was forced to change the name of their product. Did it cause confusion for the user?
> Maybe some initially, while people got acclimated to the new name in documentation,

Yes, it confuses users and does so still today, usally the original version is called yp in day to day talk along users and the new version (nis+) is called nis by the users. There exists a loot of persons that don't know of this as sais nis when they med yp and don't know what yp is.

Now, is this stops OpenSSH from finding a better name is a bifferent story.

what's the point of ssh anyway?

[phr1]

Ssh (the protocol, not just particular implementations) always seemed like a half-done kludge to me, a quick substitute for telnets/ftps (telnet or ftp over SSL) done at a time when SSL wasn't readily available.

These days, OpenSSL is widely distributed (included in Red Hat 7, for example) and runs on lots of platforms; and SSL is simply a more mature protocol than SSH. SSL supports certificate based authentication at both the client and the server ends--as normally used, it's much less vulnerable to MITM attacks than SSH; there's a big CA infrastructure including commercial CA's that check real-world credentials, so you can be reasonably sure the host you're connecting to is what it says it is; there are also plenty of hardware SSL authentication devices (e.g. smart cards containing X509 cert/key pairs) so you don't have to worry about your keys getting accidentally copied, etc. etc.

Maybe there's a good reason that SSH usage is increasing rather than decreasing, but I haven't figured it out. Any thoughts?

TTI is the best!

[X]

Oooh! I really like this one. Clever, humorous, and on top of all that, quite convenient to use.

And if Tim Lee decided that you shouldnt say HTML?

[Donem]

Come on. SSH is a standard protocol. What if Tim Lee decided that he invented HTML(which he did) and everyone needs to call their shit something else?

You'd say. You wonderfull and everything, but you just crapped on yourself.

Re:Hmmm...

[Delphis]

I tried PuTTY out, it is quite cool .. I like the minimal setup thing too, no install program it just runs. Great. :)

--

Re:Another reason for this

[emmons]

He asked, "How many HTTP clients do you know that have "HTTP" in their name?" You responded by giving him the name of a server. A server is not a client.

----

Patent vs Trademark

[frankie]

this is exactly equivalent to the GIF trick, because he's waited until the OpenSSH name is well established before acting.

Actually, there's one significant difference, and it's heavily in OpenSSH's favor. Unisys has a patent on LZW compression. Patents are legally binding at the discretion of the holder and may be prosecuted at will (or not) until they expire.

Tatu has a trademark on the name SSH. Trademarks only remain valid so long as they are agressively protected. 3Com has a really funny page about this topic. Since Tatu has implicitly allowed numerous outside groups to use the SSH name, he's probably lost his claim to it already.

Re:Another reason for this

[Steeltoe]

"He asked, "How many HTTP clients do you know that have "HTTP" in their name?" You responded by giving him the name of a server. "

I was perfectly aware of that. I was not responding to him like a query, but to provoke some thought. How many pure http-clients exists anyways?

"A server is not a client."

Tell that to the XFree86-gang. They have polluted my mind. *grins* :-)

- Steeltoe

Re:Name suggestions:

[Grotus]

Or "Do you think my ASS is too big?"

Re:Name game

[dwoods99]

Although I don't think that the OpenSSH team needs to change the name, my suggestion would be to use the name "OpenSuSHi" ... :)

Re:Another reason for this

[emmons]

I see your point then.

Re: XFree86 - they're just screwed up anyway :)

----

Re:Helsi...Everything else was up too!

[Linux2Mars]

If you looked in to it, SSH was up like every other in the IT-field.

Press Release *** Microsoft Acquisition ***

[kireK]

Microsoft is proud to announce that the acquisition of SSH Communications this week.

Is it me,did this just happen this week? I thought only Microsoft would do something like this?

Re:OpenSSH replacement - OSS

[lacoste]

I haven't seen anyone with this one:

OSS - Open Secure Shell (plus various other cool meanings in the past ;)

Lac

Re:He *has* to do so

[Alokito]

> Uh, no, the acronym must be recursive, like ONS (O's Not SSH).

That's not recursive. Try something like
ONS = ONS's not SSH

Re:The original SSH license

[mrfiddlehead]

The question then might be, is openssh completely in compliance with the RFC?

Re:Another reason for this

[CodeMonky]

Except that OpenSSH supports both Protocols 1 and 2 and protocol 1 can be turned off and only older clients are still using version 1 by default. I think for a period of time you will need ssh1 around until those older version are phased out. I think he's just pissed he released it (v1) under an open license and then thought better of it and released a new product under a very different license and just wants people to move to the new non-free version.

A breath of fresh air!

[JerseyTom]

That was the *most* polite "please don't use my trademark" message I've ever seen. Usually you get a legally worded "go away or we'll sue your ass off!" note.

I think he deserves credit for trying to bring civility to the process.

--Tom

Re:A breath of fresh air!

[DarkDust]

Yes, I do think so, too. He did show the situation and really kindly asked them to not use his brand. To me this is OK although SSH is normally used for the service/protocol instead of Tatu's product, just because he didn't say "If you don't rename I'll have to force you" or something. We don't see polite mails regarding unauthorized trademark use very often, do we ? So let's all try not to give a reason for beeing impolite

Re:A SSH by any other name...

[CodeMonky]

I'll just setup a system wide alias to ssh anyway.

Can they claim infringement on an alias?
God i hope not.

Having been through something like this before ...

[martin-k]

Having fought through a cancellation of a registered trademark before, here are a couple of things one should consider:

1. Is there a likelihood of confusion between SSH and OpenSSH? I'd say "yes" because they are similar products and the trademark "SSH" is contained in the name "OpenSSH". So not much of a chance for defending OpenSSH on the grounds of "no likelihood of confusion".

2. Was Tatu the first to use the name "SSH" for a secure shell? If not, then there might be grounds for having his trademark cancelled on grounds of "application in bad faith". This is possibly in Germany, for example, for 10 years after the trademark has been applied for.

3. Having not defended his trademark for four years, Tatu will have trouble getting others to drop the name "SSH" or combinations thereof. HOWEVER, this protects only existing uses of the name "SSH", not other individuals or companies using the name for future products. Also, while he have not have a case against the OpenSSH people, he might thereby have a case against companies like Red Hat or Suse distributing OpenSSH as part of their distributions, and definitely against companies that will be bringing out new Linux distributions in the future. If you have trademark case, you can go after everybody in the food chain. This can get messy.

4. Tatu says he has registrations for "Secure Shell" pending. If someone feels that this name should be free, please contact a lawyer and have him send a nice letter to the respective trademark offices opposing the registration. NOW it is relatively easy to oppose the registration, LATER ON this will be much more difficult.

5. Do any of the OpenSSH developers have sufficient funds to fight this through? This could be getting mighty expensive soon.

This all said, I think the e-mail this guy sent has been very polite and not the typical lawyer-attack letter. Either he's just polite and interested in finding a solution, or he knows he's on shaky grounds.

I put this together just to show you what's possible. If Tatu is in his right to use his trademark, then work out a solution. If there are legitimate reasons for keeping the name "SSH" free, then go ahead and defend against it!

As always, IANAL, but I won a trademark lawsuit before.

-Martin

Re: secsh

[Mike+Gleason]

Why not "secsh", as in what the IETF lists at their site.

• Secure Shell (secsh)

Plus it has a nice ring, almost like "sex" and "sh" put together.

Take a look at these IETF documents...

[lpontiac]

SSH Connection Protocol (36516 bytes)
SSH Transport Layer Protocol (53476 bytes)
SSH Authentication Protocol (26537 bytes)
SSH Protocol Architecture (27345 bytes)

All of these documents are published on the IETF website. All of these documents cite Mr. Ylonen as an author. And all of these documents describe the SSH protocol. Not the "secsh" protocol - they consistantly refer to the discussed protocol as "SSH."

It's clear that "SSH" is the common name for the protocol that OpenSSH uses. Furthermore, by putting his name on a standards document that doesn't refer to the protocol by another name, surely he's endorsing this common use of "SSH"? And surely by publishing an open standard that in itself makes no claim to the name (I don't see the documents referring to the "SSH (R)" protocol), he should be relinquishing all exclusive rights to the name as a means of describing the protocol?

I don't see how OpenSSH could be construed to be deceptive in any way. It's derived from the original SSH in accordance with it's license, and interoperates with other computers using the SSH protocol. To turn around now and claim it's trademark violation which deceives the consumer, is analogous to Microsoft saying that "Word Viewer" is a trademark violation. Actually, it's closer to the Regents of the University of California accusing FreeBSD of trademark violation.

At best, it doesn't make sense. At worse, it's a deliberate and deceitful attempt to stab the people that are using the protocol (whose name he gave his blessing!) in the back.

Re:Take a look at these IETF documents...

[thetech]

Taking an even closer look, specifically at Section 9:

9. Trademark Issues

SSH is a registered trademark and Secure Shell is a trademark of SSH
Communications Security Corp. SSH Communications Security Corp permits
the use of these trademarks as the name of this standard and protocol,
and permits their use to describe that a product conforms to this
standard, provided that the following acknowledgement is included where
the trademarks are used: ``SSH is a registered trademark and Secure
Shell is a trademark of SSH Communications Security Corp
(www.ssh.com)''. These trademarks may not be used as part of a product
name or in otherwise confusing manner without prior written permission
of SSH Communications Security Corp.

I'd say that that does indeed show that they have interest in protecting the SSH and Secure Shell names.

From the looks of this email, these people obviously have a claim to the name, and they have shown cause for concern in the usage of the SSH name.

So, by current IP law, they probably do have the right to demand this. But then again, my feelings towards Intellectual Property are not all that kind...

Re:Take a look at these IETF documents...

[Shimbo]

I note that they all explicitly acknowledge the SSH trademark.

"SSH is a registered trademark...These trademarks may not be used as part of a product name or in otherwise confusing manner".

It's always bad news when the name of a product derives from its canonical implementation. It's not a BFD though - Samba is none the worse for a forced name change. At least with trademark infringment, nobody stops you hacking the code. If the name matters so much to them, I say let them have it.

Re:Take a look at these IETF documents...

[asb]

So, by current IP law, they probably do have the right to demand this. But then again, my feelings towards Intellectual Property are not all that kind...

This is not about Intellectual Property. This is about protecting a trademark.

Re:Take a look at these IETF documents...

[hta]

BTW, the reason why the IETF WG was named SECSH and not SSH was that there was already an SSH group - Site Security Handbook.
So this was not an attempt to avoid the SSH name either.

Re:Take a look at these IETF documents...

[dclove]

So let OpenSSH follow the Samba example:

SMB ==> Samba

SSH ==> Sasha

And Sasha's easier to say....

Re:Take a look at these IETF documents...

[Omnifarious]

That is also 'intellectual property'. Patents and trademarks are handled by the same bit of buearacracy, the USPTO. Trademarks are the form of 'IP' that I have the least problem with though.

Re:Take a look at these IETF documents...

[portnoy]

SSH ==> Sasha

How about "SuSHi"?

"SuSHi: It's time to fish or cut bait..."

Re:may as well change the name of openssh

[yoghurt]

rsh isn't a shell either. there was no "style of
naming" since rsh was the only odd man out. why
continue down a bad path?

Wild predictions enclosed... =)

[rakslice]

If OpenSSH is really in wide enough usage "to destroy everything [T. Ylönen has] built on it during the last several years", then I don't see how see how "SSH" and "Secure Shell" aren't in wide enough usage to void his trademark... That would be like me suggesting that Ylönen's violation of libgmp's license back when it was GPLed (it is now LGPLed) has seriously harmed the free software community... =)

It's more likely that a) OpenSSH would still be in as wide usage if it had originally called itself something else, b) OpenSSH will still be in as wide usage tomorrow, after (I predict) the name changes, and c) this isn't going to stop any BSD or Linux flavour that packages OpenSSH to not create an ssh symlink. =)

What I really don't understand: the complaint about OpenSSH encouraging SSH 1 usage. OpenSSH has supported the SSH2 protocol since June of last year. Sure, it also supports SSH 1. But even SSH will fall back into (absolutely insecure) rsh mode. And it's not like the more restrictive later SSH licensing is helping 1.2.27 dry up any more quickly...

Re:may as well change the name of openssh

[agentZ]

I never said we should. Personally, I think the protocol should get the short, easy name, ssh (like FTP or HTTP) and the implementations should build on those (e.g. OpenSSH, TrademarkedSSH, SSHisCool, etc)

Yet Again...

...the typical slashdot crowd start shouting "so what", "tough", "can't trademark this that or the other".

This bloke has had the courtesy to write a mild mannered letter _asking_ for the OpenSSH group to find another name, but no, he goes ignored and the typical rants show up here.

Yet, had he done what most other companies would have done, i.e: Cease and decist & get ISP to remove site, you lot would have got your usual hard on, about how dare a company affront an "Open" software group as such.

You lot need to fucking sort your act out.

Anonymous Coward

That has to be the nicest c & d I've read.

[Hollins]

This letter is the nicest cease and desist I've read. Probably because it wasn't written by lawyers who usually say something like "stop doing this right now and we'll probably sue you anyway. Deliver us your first born child or I'll generate 80 billable hours this week to bring the wrath of our perverted court system down upon your ass."

This letter contained every nicety but "Wishing you and yours well in the coming New Year(tm)".

Re:No, he doesn't have to do so

[(void*)]

You can't trademark a number. This is why Intel named the processor Pentium. They discovered in court that Cyrix can call their chip 386's, and 486's without problems.

OT: Liberated vs. Free

[FreeUser]

Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....

That is not such a good idea.

"Liberated" is slang in many areas for "procured by illicit means" (e.g. he "liberated" a pack of cigarretts from the local five and dime). To many "liberated software" has an unsavory implication of "warez."

The Free Speach/Free Beer discussion is IMHO a good one ... it forces people to think about what freedom and free really mean, and allows an easy and natural avenue for pointing it out to those less aware.

ObSSH: if the SSH trademark should be enforceable (which I doubt, given that "ssh" is the name of an IETF standard, the original license allowed derivative products to use the term "ssh" as long is such products adhered to the RFCs, and OpenSSH has been using it for over a year now) I think your suggestion (Fresh) would be an excellent choice.

Re:OT: Liberated vs. Free

[The+G]

Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....

That is not such a good idea.

"Liberated" is slang in many areas for "procured by illicit means" (e.g. he "liberated" a pack of cigarretts from the local five and dime). To many "liberated software" has an unsavory implication of "warez."

Perhaps "liberation software?"

That touches on the fact that it is both free and freeing -- it is software that liberates you (if only for a brief, blissful moment) from the world of EULAs, NDAs, and arcane legalism.
--G

Re:OT: Liberated vs. Free

[adamy]

Are you the Software Liberation Front?

piss off

what?

We're the Liberation Front of Software.

I thought we were the popular front of software

Naw, he's over there.

Splitter!

You forgot the best one - as a verb

[snicker]

"I've got to go shit into the webserver to fix some shit."

"Here, let me shit onto your desktop and try some shit out."

*sn
ro da poi ratcu zo'u da pensi zmado do

Re:OpenSSH replacements offer...

[mfkap]

About your IBM thing... go ahead and try selling computers as IBM and say that it stands for Internal Bus Maachines or something... you wouldn't even find a company to manufacture something with IBM on it because of the fact that it is trademarked, and you would be sued in a matter of seconds. This guy built a brand on the term SSH... and openSSH DOES confuse some people (don't bother with the "If I know it everyone does and if they don't know they aren't worthy to use a computer!!!" please) and he does have the legal right to defend his trademark. Just cause you make something free to compete with a named product, doesn't mean you can name it virtually the same thing. If it WAS legal, think of the havoc MS could cause.

Re:Name suggestions:

[Miss+Pereira]

Or perhaps

SNS - SNS's Not SSH

so next ...

[Ankou]

So I suppose next Microsoft will patent the name "windows", "window", and "win". After all I don't know about you guys but when instructions call to open a new window it always confuses me with Microsoft Windows 9X. *grin*

I personally think that SSH was a bad name for a product anyways, of course if you name your product what it is instead of something else there will be confusion. ie nameing your toaster, "Toaster" etc. OpenSSH is a "Secure Shell" what else do you want to call it then? "Mickeys Proctecto Interface"? What a load of symantic legistical crap. IMHO

The secret to all life's problems envolves a law suit.

Re:so next ...

[ColdGrits]

So I suppose next Microsoft will patent the name "windows", "window", and "win"

You didn't mean patent, you meant trademark, so why did you say patent?

*Sigh*

Is it REALLY too much trouble for you to use the correct terminology when launching into your rants?

--

Re:Yes.. but..

[rakslice]

"furor over SSH1 security holes"? What does that have to do with OpenSSH?

Oh come on

[sharkticon]

Don't blame the nazis, they had no choice in the matter.

Strawman.

For a start the nazis were individual people who could each make their own decisions, whereas a corporate entity is obliged to act in the best interests of its shareholders.

Secondly, I think persuing a trademark infringemnt is somewhat different from butchering innocents. You may as well say that the RIAA or the MPAA are as bad as the Nazis.

Re:Oh come on

[vsync64]

For a start the nazis were individual people who could each make their own decisions, whereas a corporate entity is obliged to act in the best interests of its shareholders.

Define "best interests". I think playing nice with the Internet community could certainly turn out to be beneficial to a company's stock price in the long run. Surely the law doesn't require a greedy approach to corporate strategy that disallows any long-term planning...

--

Re:Name suggestions:

[ghoti]

RSSH: Really Secure SHell.

The inventor of RSH(tm) is going to sue them over this one ...

So what _is_ it supposed to be called, then?

[nakaduct]

[in addition to SSH, I] also have a registration pending on the Secure Shell mark. ... I want to be able to continue using the SSH and Secure Shell names as identifying my ... products and technologies,

Well then, Mr. Secure Shell, what should we call it? Trademark law essentially prohibits trademarking nouns (and, in fact, you can lose the trademark if it's commonly used as a noun). Thus you have Tylenol-brand pain reliever, Rollerblade-brand inline skates, and so on. If there's no common noun to describe your product other than its trade name, then you don't get to keep the trademark. A quick search will turn up lots of tidbits like this:

it is imperative that trademarks be used in advertising copy as adjectives, never as nouns or verbs

In the letter, he repeatedly uses both SSH and Secure Shell as nouns. He called it a "secure remote login product" a couple of times, but that's inadequately descriptive. "Tylenol-brand pain reliever" is OK; "Aspirin-brand pills" is not.

It seems to me this guy wants to erase, or at least obscure, the excellent free replacement that's made his product irrelevant.

Going forward, and in the interests of bringing closure to this pressing issue, I'd suggest Mr. Ylonen piss up a Rope(TM)-brand rope.

cheers,
mike

Re:So what _is_ it supposed to be called, then?

[jovlinger]

You know this, but others may not:

"aspirin" is one of the watershed cases in trademark law: Bayer failed to adequately protect its trademark on the name "aspirin", so the name stopped being their property and became public property.

That is why trademark holders HAVE to be pricks about people using their name; if you let people get away with using it long enough, you no longer have a right to it.

Re:So what _is_ it supposed to be called, then?

[martin-k]

Trademark law essentially prohibits trademarking nouns

No, it does not. Trademarks will not be registered if they are describing the goods that are named after them and/or if there is a reason to keep the name free for the general public.

Therefore, Apple and Sun have registered their respective company names (nobody mistakes a computer for an apple or the sun), but Microsoft had to pull some strings to get "Windows" registered (well, it uses on-screen windows).

-Martin

Re:So what _is_ it supposed to be called, then?

[Robotech_Master]

That's not the way I remember it. I'd always been told that America nationalized the Aspirin trademark during World War II, since it was held by a German company and this was a way to get back at them.
--

Re:So what _is_ it supposed to be called, then?

[nakaduct]

Trademark law essentially prohibits trademarking nouns

No, it does not.

My wording was unclear; your explanation is better. You can trademark an existing noun, but you can't use a trademark as a noun. "Macintosh" is a noun; an Apple Macintosh is a Macintosh-brand personal computer.

The implications of this principle are not always clear-cut since our language permits nounification of adjectives ("I'll take one chocolate, one sugar-glazed, and one jelly-filled" -- since "donut" is implied by context you don't need to say it outright).

I'm no expert in trademark law (or any other kind), but from what I've read, if you use a trademark and omit the noun, it must be implied by context and unambiguously distinct wrt the noun part of the product name. So "Test drive a Macintosh" is OK; "Try our Secure Shell!" is probably not (if "Secure Shell" is the trademark, what's its full name? "Secure Shell-brand secure shell"?)

cheers,
mike

Re:So what _is_ it supposed to be called, then?

[Paradise_Pete]

Thus you have Tylenol-brand pain reliever, Rollerblade-brand inline skates,

Goats.cx brand pr0n...

Re:Name suggestions:

[SilverThorn]

Might have to drop the 'NT" based one or Microsoft might come looking for you as well. ;) -- M

I second the motion of FRESH

[miracle69]

Great name.

I'd also like to comment about the other postings in this thread. There seems to be about 90% of the 2+ posters talking about how he didn't defend his trademark initially, so screw him. OpenSSH should stay. May I ask these posters what the reaction would've been had he done so initially? Exactly. Same negative reaction.

There are also a few who have noted that this isn't a letter from lawyers. It is written by a person who understands and even has contributed to the very open source community he is appealing to. I suggest that these facts are taken into consideration.

My observations are these:

1) This guy isn't a lawyer.
2) This guy helped create openSSH.
3) This guy didn't care about the use of the name OpenSSH until his customers started getting confused.
4) Free projects change their name fairly regularly without losing a users.
5) He wrote a reasonable and non-lawyer request to a group asking not for them to cease and desist design and implementation of their program, but for a name change.

It seems like a reasonable thing to do to change the name.

Re:I second the motion of FRESH

[CyberKnet]

While I agree with you, there is no way he could ask the group to cease and desist design and implementation of OpenSSH. Its an open protocol. He can (and has) demanded they change their name. And that's about as far as his legal rights go... name changing. Personally, if they named it ESH to be Encrypted SHell, I would still use it.

---

Re:I second the motion of FRESH

[roca]

> 3) This guy didn't care about the use of the
> name OpenSSH until his customers started > getting confused.

This is EXACTLY why they've lost the trademark. You have to defend trademarks, you can't just sit on your hands until you're worried about losing business.

> May I ask these posters what the reaction
> would've been had he done so initially? Exactly.
> Same negative reaction.

Not at all. It's much easier to change the name of your project when only a few people have heard of it.

Re:I second the motion of FRESH

[befletch]

My observations are these:

You forgot one:

6) This may allow the OpenSSH project to snag a .org domain name, which they were so upset about not being able to get for OpenSSH. Of course, they should snag a name, *then* announce it...

Re:I second the motion of FRESH

[abe_kabakoff]

Do you seriously believe that he didn't consult with a lawyer before he wrote this? True, he does have the balls to write the letter himself, and send it himself, but I would be surprized to learn that no lawyers were involved here.

Re:I second the motion of FRESH

[cornjones]

i agree. fresh sounds good.
fresh
ssh, fresh
hmmm a bit longer but I suppose in the name a fair play I can get my fingers to learn it.
ssh
fresh
fresh
fresh
ok, got it.

Re:I second the motion of FRESH

[natet]

>5) He wrote a reasonable and non-lawyer request to a group asking not for them to cease and desist design and implementation of their program, but for a name change.

I would just like to point out:
1) This was a message to a mailing list, it didn't make sense to send a "lawyer" request.
2) He had sent "lawyer" requests to the OpenSSH sponsers "earlier". Indicating that at some time in the recent past, legal notices of Trademark infringement had been distributed. He tried the "legal" avenue, and when that failed to scare anyone, he tried the "fireside chat" approach.

I agree, that an open project can change its name without major damage to their user base. But this guys approach stinks, and shows a lack of vision on his part. This is an issue that SHOULD have been resolved early in the history of OpenSSH. And if he was as actively involved in the OpenSSH project as you claim, it would have been an easy matter for him to make such a suggestion at that time.

Further, if his users have a hard time differentiating OpenSSH from SSH, then I restate my claim that they are IDIOTS.

Re:I second the motion of FRESH

[roca]

I'm right and so are you. The purpose of trademarks is to prevent brand dilution. But you have to do that consistently or you lose the trademark. Waiting until the "dilution" reaches what you consider to be "unacceptable" levels is NOT consistency and does not constitute protection of the trademark. You have to go after everyone who uses your trademark illegitimately.

Re:I second the motion of FRESH

[Black+Parrot]

> It seems like a reasonable thing to do to change the name.

I agree. If you want to posture yourself as being of higher moral caliber than $DARKLORD, then you have to split hairs between what you can do and what you should do.

--

OpenSSH does not infringe!

[rkasper]

Check the USPTO trademark database. My search for "ssh" turned up a few hits. There's one match for a withdrawn trademark application on the word "SSH". Since the application was withdrawn, he has no claim.

There's a live claim on an SSH logo . This one is valid. It prevents others from using the logo. It doesn't prevent others from using the word "SSH".

There are a few other SSHs of no significance to this issue. His claim that OpenSSH infringes on his trademark is BS.

Re:OpenSSH does not infringe!

[divec]

OpenSSH does not infringe! [...] Check the USPTO trademark database.

How about in the EU?

Re:OpenSSH does not infringe!

[GigsVT]

There is a big exception to trademark laws. If your trademark falls into common use as a generic term for something, it basically loses its protection.

One court decisions supporting this precedent was Xerox in the 70s. I'm not sure if it was THE precedent case or not, but I know it was one.

Also: CT: I'd personally never go so far as to call copyright infringement, I shouldn't have to.

It's kind of scary that the person who pretty much runs this little party, which so often addresses IP issues doesn't know the difference between a Trademark and a Copyright.
-

Re:OpenSSH does not infringe!

[Sloppy]

But all but one of those are completely unrelated -- some temperature control thingie, mail catalog, and an electronic organ, I think. None of those are likely to ever be confused with the ssh that we're talking about, so the trademarks don't really conflict.

IMHO, Tatu Ylonen's wishes in this matter should be respected. The only serious weaknesses in his trademark are

1. His product and the open protocol have the same name
2. The "submarine" action: apparently (I don't know this for 100% certain) he didn't start trying to do something about the infringement until after OpenSSH became well established.

If it weren't for these two issues, his claim would be quite solid.

But even with these holes in his argument, he's still pretty compelling, for two reasons:

1. It looks to me like he has acted in Good Faith (something you don't see in all these kinds of cases). Even the submarine action is pretty easily explainable: perhaps he didn't think the similarity between the names was going to be a problem. But then his customers started getting confused. And it's not like he's trying to inhibit interoperability -- he just wants a name changed. And furthermore: he's polite and not arrogant. And instead of hiring a lawyer to write his letter and use terms like "demand you cease and desist", he has explained his arguments himself, and uses terms like "I am asking you to please choose another name."
2. Changing the name of a free software project just isn't a big deal. It's not like OpenSSH is a commercial interest where a lot of marketing dollars and effort has been invested in shoving the word "OpenSSH" into the public's mind. Changing OpenSSH's name to something else, has negligable cost. Accomodating this guy's wishes will not be hardship, or mess up anyone's project or significantly restrict what they can do.

And for those reasons, I think the guy deserves some slack and consideration. Adios, OpenSSH.

One other thought: the name of the protocol should be changed too. Yes, it's his fault that the names conflict. So what? Let's just fix the problem.

---

Re:Some Corrections

[belroth]

Or similar product?

Is this why Coca-Cola and Pepsi-Cola both happily co-exist?
----

Re:A SSH by any other name...

[s.a.m]

Well I think that his complaint can be a valid one. When most people in the *nix world are thinking about ssh, most of the people I've talked to think of OpenSSH. They, being the SSH Communications Security Corp., are losing business that they could have gotten from corporations if they were to use their, SSH Communications Security Corp., ssh program which implements the ssh2 protocol.

"I have started receiving a significant amount of e-mail where people are confusing OpenSSH as either my product or my company's product, or are confusing or misrepresenting the meaning of the SSH and Secure Shell trademarks. I have also been informed of several recent press articles and outright advertisements that are further confusing the origin and meaning of the trademark."

As you can see here he's loosing business to a group who have implemented the ssh2 protocol, with a much better nicer and less restrictive license than theirs.

As others have said, if you don't protect your trademark then you loose the ability to enforce it. He's published the protocol under the name of ssh. Now that word just also happens to be the word that they patented. My question is if the word is now used to label something that is implemented in public domain and is avaiable from a standards comittee such as IETF, how the hell can you still use it in a trademark?

"we have offered certain licenses to use the SSH mark to refer to the protocol and to indicate that a product complies with the standard."

It seems to me that his company has allowed the use of the name and if I'm not mistaken, the OpenSSH group got their name from the protocol and not from the originating company. It was not explicitly stated that the name of the protocol couldn't be used in the name itself. If this is the case, then they should be allowed to keep their name as it stands.

Re:Name suggestions:

[s.a.m]

It's have to say that none of those would work. Reason being that they all use the words "Secure Shell" and "SSH", which was trademarked by the company, so you would be back at square one. I say let's call it OpenShell. Unless of course thats already taken

Re:*banging head against wall*

[Grab]

> The OpenSSH 'product'?

Excuse me, did OpenSSH spring fully-formed from a random configuration of bits? Of course not. Ppl worked on it, made it, distributed it. Therefore it's a product, as in "something produced". The fact that it's free is neither here nor there; nor is the fact that bcos you haven't paid for it, you don't consider it a "product". As an example, you haven't paid for songs downloaded from Napster, but these songs are still the product of the music industry.

And why is there a requirement to know how the thing works? All the newbie user needs to know is that SSH improves security. Are you claiming that you don't deserve a secure system until you're reached a certain level of experience?!

Grab.

It's not a WORD

[Merlin.]

You cant copyright three letters. Like somebody would own "AT Computers" and AT is their brandname.

I on the other hand am going to sell sleasy burgers called FreeFat.

OpenSSH is not Open SSH. SSH stands for secure shell, okay he made it and used the name but please... Technically OpenBSD isnt using their name.

My thoughts, feel free to disagree but my thoughts still...

Re:It's not a WORD

[martin-k]

You cant copyright three letters.

No, you can't copyright them. You can however register a trademark consisting of three letters. Sun, IBM and AT&T (OK, that's three letters plus punctuation) come to mind.

The shorter the trademarked word is, however, the tougher it will be in court to get a ruling against infringing trademarks that don't describe an EXACTLY COMPETING product.

OpenSSH and SSH, however, are definitely competing products.

-Martin

PS: No offense intended, but is it so hard to keep trademarks, copyright and patents apart?

Is the IETF to blame?

[stripes]

As far as I know the IETF doesn't like people publishing RFCs for technology that is patented, but they don't seem to have a similar policy for RFCs for protocalls that have a trademark infringing name, and no useful open use of the mark. Or do they and it was violated with SSH?

SMTP is the protocall, sendmail is the program and trademark. DNS is the protocall, bind is the program, and if there is a service mark it is bind, not DNS.

Why should SSH1/SSH2 be accepted as an open standard if nothing can be named that (or the very similar OpenSSH)?

I do think there are acceptable uses of a trademark on protocall names. If the trademark were used to make sure nothing was called "RADIUS" unless it implmented all the MUST parts of the RFC, none of the MUST NOT, and provided a argment on why SHOULD/SHOULD NOT wasn't followed, then I'm all for it. In that case the mark is actually protecting the word. For SSH the mark is being used after the fact to un-level the playing field.

Re:Is the IETF to blame?

[softsign]

This is just silly.

Tatu isn't saying that OpenSSH developers can't use the term SSH anywhere in their product or documentation. He's merely asking that they change the NAME of their implementation to something different so as to avoid confusion with his product.

So, what's the problem here? You know that sendmail is an SMTP daemon, you know that bind is a DNS server... will it be so mind-numbing to call an SSH client/server something OTHER than SSH? Oh god, the horror...

--

Re:There are some legitimate arguements against...

[Ormod]

I've read those comments. But to me it seems the developers of OpenSSH probably were aware that he had a trademark for SSH or one pending. (All the (R)'s they throw around) so it seems to me that he has the moral highground. I honestly don't know either how long one can have a trademark without upholding it. But I believe he wouldn't be upholding the trademark anymore if it wasn't valid. (His lawyers probably could probably have told him the length of time involved) But in case it turns out that the trademark was no longer valid, then I must agree he has no _legal_ recourse available.

Isn't every computer digital?

[hughk]

Back in the days of yore, DEC had a lovely slogan Isn't every computer a Digital computer? Digital as a logo was rigidle protected but you could still talk about digital computers in general.

A secure shell (note the absence of capitals) is just that. It is a description and could be equated to Boeing trademarking "jet fighter". Ok, so OpenSSH has to change, but the commands shouldn't, neither should the description.

Re:Hmmm...

[Fjord]

1) If you didn't want people to hack on the code, why did you initially release it under a license that allowed that? It can't be retroactively retracted, y'know...

2) The OpenSSH team doesn't need your approval; you in effect gave them your approval when you licensed it as you did (see 1).

It's pretty clear from the whole text that this is not his gripe. He doesn't care that they are hacking the systema and he knows he gave them that right with the license. What he cares about is that it "is also a derivative of my original SSH Secure Shell product, and it still looks very much like my product". The paragraph you quited talks about how the cofusion is worse. This all related to the same thing. They are using the SSH trademark, and there are actualy damages in the confusion because customers continue to use the older code thinking it's an equivelent product.

In short, I doubt he would mind them continuing to use the old code base, as long as they change their name.

Check the original "free" SSH source release

[hatless]

I'd guess that SSH Corp. has a problem on its hands if the version of ssh that they released to the open-source community with no strings attached to form the basis of OpenSSH compiles to a binary called "ssh", and if the source tarball itself is called "ssh".

When Netscape and Sun released major products in open source form, they took some time to change the program's name. Netscape released "Mozilla" to the community, not "Netscape Communicator". Sun released "OpenOffice", not "StarOffice'. The trademark holders retained their "product" and opened up the source to an identical thing with a different name.

That the IETF RFCs authored by Mr. Ylonen specifiy protocols called "ssh" doesn't help his company's belated case.

At least he's trying to be civil about it.

Re:Hmmm...

[TheOutlawTorn]

Whether or not they can isn't the point. What he is saying is that continuing to support SSH1 is a Bad Idea. Kinda like saying continuing to drive a Ford Explorer with Firestone tires is a Bad Idea.

Can he stop them? No.
Do they have every right to continue supporting it? Yes.
Is it a good idea to continue supporting it? I don't think so.

Uh... Don't you mean sins?

[rakslice]

I think sins is (are) a much cooler choice anyway. =)

Re:OpenSSH replacements offer...

[mattdm]

I'd say this guy is well within his rights

Except this term is descriptive -- ssh is an acronym for "secure shell", clearly derived from the traditional "remote shell". While it's possible to trademark descriptive terms, they tend to be much much weaker, and do *not* protect against other descriptive use of the term.

--

Re:Name suggestion: FRESH

[(void*)]

I don't know about you, but I am suddenly thinking about Mentos.

Get FRESH!

Kudos to Tatu..

[baptiste]

As opposed to some of these silly things like RAMBUS trying to sue everyone for profit, I think Tatu is right. And he handled it in a very professional and thoughtful manner. Customer confusion can be a major PIA.

He tried to be discreet, and he says he got no exposure, so he posted to all the developers.

I can relate sort of. A few years ago I developed a digital lock product using Dallas iButtons It was intended for residential customers to unlock their houses at the touch of a button. I searched the net extensively trying to see if my preferred name (DigiLock) was used elsewhere. I came up empty. I didn't trademark it myself because we were a small company and I just did want the trademark hassle.

Well, about a year later, I start getting emails and calls from people asking if I sold a DigiLock that would secure a gym locker or cabinet. At first I thought they were confused. Well, eventually, I got someone inquiring to tell me more and eventually found a company that sold locks you could mount on cabinet and locker doors that also used iButtons. They called it the DigiLock and TM was all over the website. Sure enough - a check of the trademark website (which wasn't nearly as useful when I first developed my product) turned up that that company had a trademark for that name and they got it like 6 months before our product was released.

Our products were too close and I honestly didn't want to deal with all the folks inquiring about a product I didn't sell. So I changed the name to something I knew wasn't trademarked. Simple enough and my customers accepted the change easily when we publicized it.

Bottom line is - he's dead on about the added aggrevation dealing with confused customers because of a name.

I vote for secsh.

--

Re:Idiots

[rakslice]

This could be a "friendly" request... But, then, why include the apparent SSH1 security FUD?

Re:Hmmm...

[BJH]

Unfortunately, many platforms (yes, I'm talking about non-UNIX/Linux platforms) don't have clients readily available for SSH2, and if you take away support for SSH1, you can bet that people will go right back to using telnet. SSH1 is still infinitely better than non-encrypted communications.

Re:A new name for SSH

[rakslice]

Maybe abbreviated to eea? Or, how about trg?

Right!

[Simon+Tatham]

The protocol is called SSH. Now it's obvious that people will want to name their applications after the protocols they implement. So: either Tatu should have named his app and his protocol differently, and trademarked the app name only; or he shouldn't have trademarked the name. If he'd trademarked the app name only, OpenSSH would have named itself after the protocol and there'd have been no problem.

Releasing a supposedly "open" protocol and then trademarking the name is an evil business practice, because it means that only Tatu is allowed to name his implementation in the obvious way. It's the trademark analogy of the GIF trick: releasing a supposedly "open" file format and then patenting the only known algorithm that can generate it.

In fact, this is exactly equivalent to the GIF trick, because he's waited until the OpenSSH name is well established before acting. If he'd had a polite word right when OpenSSH was starting out, they'd probably have released it under a different name initially and nobody would have a problem now. But by waiting until they're established and then complaining, he's trying to force the change of a name people are used to - which will do harm to OpenSSH.

If Tatu were genuinely concerned about brand recognition, he would have (a) arranged that the protocol name could be used without restriction, instead of deliberately making it the same as his brand name; and (b) he would have notified OpenSSH at a more appropriate time. Given that he's done neither of these, it seems to me that he's using this trademark as a weapon, not a legitimate form of protection.

(Disclaimer: this is a moral position, not a legal one. The law will probably not recognise arguments like this. If so, the law needs fixing.)

Re:Right!

[DeadSea]

Names do not have to be functional. Sun gets pissed off when people use Java in the name of the product just because it was written in Java, and rightly so. It makes no sense to me that people name their products/websites things like WinSoAndSo, XWidget, EShop, or JavaInvaders.

Does Ebay have the word 'auctions' in its name? Does Yahoo use the word 'directory'? You can name your product something off the wall, and people will pick up on it.

Name your stuff creativly. It doesn't hurt and you won't be crowding in on somebody else's brand image. (Its called creating your own hype folks.)

Re:Right!

[Chris+Pimlott]

Does Ebay have the word 'auctions' in its name? Does Yahoo use the word 'directory'?

eBay's original name was AuctionWeb. eBay was the guy's ISP's name, which he bought out when his site became popular.

Re:Right!

[SubtleNuance]

I believe eBay was written/founded by a women.. FYI.

Re:Right!

[zephiros]

Does Ebay have the word 'auctions' in its name? Does Yahoo use the word 'directory'? You can name your product something off the wall, and people will pick up on it.

Yahoo stands for Yet Another Hierarchical Officious Oracle. Remarkably, prior to becoming a household term, Yahoo actually had to have a descriptive name for people to know what the hell the site did.

Re:Right!

[Dukhat]

Your comparison of OpenSSH's name to that of JavaInvaders is completely wrong. JavaInvaders was written in Java, but it provides no functionality that makes it distinctly a Java product besides running in the Java VM. OpenSSH however provides the SSH protocol, which is it's sole purpose. The JavaInvaders name comparison would have been valid, if OpenSSH had named their product C++CommProgram or UnixCommProgram. The name OpenSSH is instrinsically related to the functionality it provides, and this makes it simple for users to know what the product claims to do.

Yahoo and Ebay are very successful companies whose names do not reflect their functionality, but they chose those names so that they could defend the name against trademark infringement, and so that their branding would be very distinguishable. If Ebay marketed themselves as Ebay Auctions, they would lose some of their distinguishablity whenever another JoeBlow Auction website went up. Yahoo now offers a lot of services beyond being an Internet directory, but it would have been very ineffective for them to market SuperDirectoryMail, etc. instead of YahooMail, etc.

Free software organizations in particular is not interested in spending a lot of money or effort marketing their software. They just want people to be able to find it, know what it's for, and try it out. There are also a lot of commercial programs out there that make sensible use of standardized names in their product names, e.g. Borland C++, McAfee VirusScan.

Think how difficult it would be to find an ssh client if they were named Bobble, George, and Sweet, and your search engine also found the utilities named Welsher, Bingan, and Sorghum that used ssh but didn't provide ssh functionality.

Re:Right!

[Paradise_Pete]

No, they looked in a dictionary until they found a word they liked. Any special meaning it may have had was given after the fact.

Re:Right!

[scooby-doo]

When it comes down to a protocal issue like this look at ftp clients. They almost always use ftp hidden in their name, CuteFTP, WS_FTP, etc. So what's so wrong with Open SSH.

Just to take the oposite side it's not always true of telnet clients, ie. TeraTerm.

Just a thought.

Re:Right!

[abe_kabakoff]

I hope they didn't do a linear search starting at A!

Re:Right!

[Panaflex]

Pezz Dispensers

Re:Right!

[pjrc]

In fact, this is exactly equivalent to the GIF trick, because he's waited until the OpenSSH name is well established before acting.

Unisys obtained a patent, something very different from a trademark, and then demanded that all software using the LZW algorithm either pay outragous licensing fees or remove the code and not use the algorithm at all. They then contacted users of software containing LZW (major websites with GIF images) and demanded that the users pay licensing fees as well.

That's a lot different from claiming that his customers aren't savvy enough to tell OpenSSH apart from his product, and simple ask that the name be changed. He's not telling anyone that they can't use the algorithm (though he does advise against it, for what sounds like solid reasons) He's not demanding that anyone pay royalties, which are the things Unisys did with GIF. He's only asking for a name change.

Re:Right!

[yesthatguy]

No, this guy is right... Yahoo! stands for Yet Another Heirarchical Officious Oracle, according to The Silicon Boys by David Kaplan. However, this acronymization was after the fact - it was initially named after the ruffians in Gilliver's Travels.
---------------

Re:Right!

[demon]

No, it was started by a guy for his wife to buy and sell some collectible (Barbie dolls or something?) that she was really into. The current president of eBay is a woman, OTOH.

I believe this is correct. I think there's info somewhere on eBay itself explaining the whole story, which you'd have to read for the real straight dope on it.
_____

Re:Right!

[Throw+Away+Account]

Actually, they started a linear search beginning with "YA" in their dictionary, because they wanted to name Yahoo in the "Yet Another" tradition.

So they started with two words of an acronym to give them their first two letters, looked for a word, then back-formed the rest of the acronym.

From ssh 1.2.12 COPYING

[Chris+Pimlott]

This the first paragraph from the COPYING file of ssh 1.2.12, the last "free" version of ssh which OpenSSH is based on.

This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland

COPYING POLICY AND OTHER LEGAL ISSUES

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

I find this interesting. By specifically saying when the terms "ssh" and "Secure Shell" can _not_ be used, it is in effect saying that use of these terms in a derivitive work is acceptable (in fact, what better way to show that OpenSSH is derived from SSH that including SSH in the name?).
Moreover, this version was released in November 1995, before either term was registered and before December 1995, when SSH Communicatins Corp. was founded.

I can see him politely asking OpenSSH to change the name, but I can't see that they would be required to do so.

Re:From ssh 1.2.12 COPYING

[demon]

It says "if the derived work is incompatible" - OpenSSH is _quite_ compatible with SSH Communications' implementation, to the best of my knowledge. But Tatu's obviously not going by his own license here...
_____

Name game

[blakestah]

OpenSRL (SecureRemoteShell)

OpenCS (CryptoShell)

OpenSRC (SecureRemoteConnection)

OpenSRSH (SecureRemoteSHell)

Re:Name suggestion: FRESH

[shakazulu]

I have to say that I do like FRESH. Whether the trademark is valid or not. OpenSSH is an uncreative mouthful.

Re:Let try and decide

[p3d0]

The standard is called SECSH, so maybe OpenSSH should be OpenSECSH. Pretty ugly name, I guess, but it's logical.
--
Patrick Doyle

Problems caused by 3rd parties

[volkris]

I hate problems that are caused by third parties.

You know, here one party is demanding a change in a second party because of the stupidity and/or carelessness in a third party that didn't bother to RTFM.

But oh well, what can ya do?

No judgement from me about the appropriateness of this email.

Helsinki Stock Exchange

Hmm... This notice or something else has boosted
SSH Communications stock value quite well today.
It was in spinning dive in January. ;-)

http://www.hex.fi/eng/marketinfo/stock.html

Re:Name suggestions:

[Lughlamfainne]

ohhhhhhhhh I like this one... "so he gave me his file in the ASS" or "man check out that ASS" hmmmm ok scratch the first one and I"ll go with the second one : could lead to some interesting tech talk... "my ASS is better than your ASS"

Re:Another reason for this

[finkployd]

Well, that is akin to trademarking the name FTP and going after every FTP client for using your name. How many FTP clients do you know that don't have FTP in the name? Not many. Wouldn't you expect an SSH client to have SSH in the name?

SSH is a protocol, therefor it stands to reason that a product which sole purpose is using the protocol would want to use it in the name to indicate what it does.

Finkployd

I used to confuse them

[shakazulu]

When I was first using OpenSSH, I did think it was the same as ssh. By golly, the command was "ssh", so how could I, as a user, know the difference.

I don't really care if this is enforcible or not. I think he and my own experience make a good case for the confusion of the two, and I don't think anyone here will claim that is in any way desirable.

Is it now so entrenched that changing the name to FRESH or something else would cause too much breakage?

Re:Well, they (SSH) are pretty much screwed...

[jrennie]

Do you honestly think the first course of action this guy would take would be to send an e-mail to a semi-public mailing list? Of course not, as he said, he has contacted those who initiated openssh. Apparently, they have refused to change the name, so he's doing what he can to avoid getting lawyers involved. SSH is *his* trademark and he has a right to protect that trademark.

He must actively defend his trademark and he must send out notices and take legal action "quickly," but the definition of "quickly" can depend heavily on the circumstances. If someone started a national advertising campaign for openssh, he would need to react within a few months or weeks in order to not lose his copyright due to inaction. However, for a case where an infringement is lesser known and less publicly known, I'm sure judges generally allow for a longer period of time before action must be taken. If Tatu sent out notices to the main openssh developers shortly after he learned of openssh, then I think it is very safe to assume that he would win any copyright battle in court.

Jason

Re:Name suggestions:

[Lughlamfainne]

Open Security SHell: OSSH, gets rid of Secure the "copyright" infringement part.. JMHO unless that's taken too :/

Re:Some Corrections

[mindstrm]

I'm not sure what you're asking...

The term 'cola' is not trademarked... so the 'cola' part has nothing to do with it.

Trademark only protects your 'mark' in a given 'trade' (hence the name).

Re:*banging head against wall*

[Matt+Booth]

I confused the two initially. The problem was not that I can't read, but that I wasn't aware that there were 2 implementations. I thought that maybe ssh had decided to call itself OpenSSH or something. I didn't think much of it. And there lies the problem. Now I know there are 2 it is a different matter. This is clearly a problem and I think the OpenSSH project would not lose by a name change and would be doing a common courtesy to the original author who, after all, is just asking nicely.

Two things

[erat]

First, a trademark is a trademark, and if the usage of another company's/organization's trademark is causing confusion and loss of revenue, the company/organization that owns the trademark should defend it and ask that the trademark not be used without prior arrangement. You would ask nothing less from Linus for misuse of the "Linux" trademark; we should not hold the SSH guys to any other standard.

Second, regarding "Mandrake". I don't recall there being any rule that only one use of the word "Mandrake" is allowed in the entire Linux industry. I have heard of the developer Mandrake and am familiar with his work, but I don't have any problem separating him from the Linux distribution Mandrake. I would guess that newbies who are just picking up the Mandrake distribution would not be familiar enough with the developer Mandrake to be confused (if they're new to Linux, how would they know who Mandrake is?).

By the way, I want all Erik's to stop using the name "Erik". I've been using and evangelizing Linux since 1991, and other than Eric Youngdale I can't think of ANY other Eri[ck]s in the industry that predate me. So, all Eri[ck]s, please stop using your names in public when there is a Linux context involved...

Heh...

To put it a different way.

[mindstrm]

You say "By your reasoning, any company with a trademark should be fascistic about enforcing their rights as soon and as often as possible. There can be no leniency or they will loose their trademark. That's not exactly a situation I want to come about (not that I have the least say in it, of course)."

Well.. that's *exactly* how trademark law DOES work. You enforce them, or you lose them. That's why you see so many stupid-sounding tradmark violation suits, because the lawyers are making sure they actively police their mark, because if they don't, they LOSE it, for good.

Re:To put it a different way.

[alkali]

Exactly right. For this reason, if you pick up the Columbia Journalism Review ("CJR") or Editor & Publisher or any other publication aimed at journalists, there are all kinds of ads along the lines of "Xerox(tm): Not Just Any Copier" and "There's Only One Jeep(tm)." Companies place these ads to urge journalists not to dilute their trademarks, and also to build a record they can point to in court showing that they've made efforts to protect their trademarks.

Re:Name suggestions:

[alprazolam]

or nortel

How about "cash"?

[Clith]

For Canadian Shell [or Canuck Shell] :-)

Off-topic, anti-Godwin's Law, etc.

[kubrick]

For a start the nazis were individual people who could each make their own decisions, whereas a corporate entity is obliged to act in the best interests of its shareholders.

So "I was just following orders", while not accepted as a valid defence at the Nuremberg Trials, is somehow acceptable for members of modern corporations?

The end does not, and never will, justify the means.

(please don't mod too harshly, moderators, I won't do it again...:)

Re:Off-topic, anti-Godwin's Law, etc.

[Rares+Marian]

War means killing people, Business means paying people and making money to pay with.

Murder is not acceptable. Corporate attitudes are partly caused by the ground rules of business.

Re:Off-topic, anti-Godwin's Law, etc.

[Art+Tatum]

1) No one who was "just following orders" was tried at Nuremberg. Only those "in charge" were tried.

2) Corporations are not "taking orders". Trademark laws require you to defend your trademark or you lose it. Imagine if you started selling a soft drink in a red can that was labeled Coke. People would definitely be confused (not everyone, hopefully, but many). If your soft drink didn't taste like Coke, or even worse, tasted downright bad, people would switch to Pepsi or something.

Furthermore, Tatu Ylonen seems to be a fair and decent sort of person. He didn't try to enforce his trademark until he started getting tons of annoying email and support calls from people who didn't realize they were using OpenSSH.

But ssh stands for `super shell' anyway...

[tfb]

The super shell, ssh, was a Bourne-shell related shell which had job control and various other cool features. It dates from the late 80s and was still in use in the early 90s. I used it until bash became good enough to use. It probably still exists somewhere (I know the author quite well).

Given this, do these SSH upstarts stand any chance at all?

There are some legitimate arguements against....

[TobyWong]

...the claim so settle your ass down and read some comments.

I think one of the issues is the length of time that went by before he went after openssh for trademark infringement. Now his letter mentions that the SSH(tm) lawyers have already been in contact with Theo et all regarding this so for me or you to say *when* this all started would be pure speculation. If it was only recently then that means for over a year openssh was openly doing their thing without hearing a peep from our little finnish wunderkind.

OpenFOO

[slonob]

I think it would be a good thing if they changed their name in the long run. As it is, they are followers by design. It might even be obnoxious if the OpenSSH people decided to start implementing their own standards and moving away from SSH Comminuications. And perhaps this is the major concern of the latter company.

If they have their own name, and even call it a new protocol, they can bring it down whichever path is best.

Also, can we try to have reasonable discussions around here. I swear this site gets worse every time I arrive. And it's not the operators who cause this, it's the knee-jerk, immature crowd. When arguing in this medium, only words can make you 10 feet tall. So many people around here act 10 feet tall, yet their words are UTTERLY worthless!

Re:Hmmm...

[mian]

IIRC, OpenSSH was just about the only implementation that wasn't vulnerable to several of the vulnerabilities that have been found so far.

From FreeBSD security list

There are two flaws in the SSH1 protocol as implemented by OpenSSH and ssh.

Re:Some Corrections

[Fervent]

He didn't enforce his trademark for the last year and a bit

Bullshit. So me and a bunch of hardware hackers build a new machine, calling it an "OpenApple". We sell them out of our garage for close to a year, until finally they become so popular that most of the computer industry picks up on it, including Apple itself. Apple now files a complaint.

How could the original SSH guys possibly know how big a breadth OpenSSH would get in a year? It's just a bunch of hackers, after all. Not a definable company.

Re:Some Corrections

[kubrick]

If they called it 'OpenCocaCola' and it was rather popular and it was 2 years before Coke sued them... coke would probably lose it's trademark.

Money talks... I'm sure Coca-Cola can afford to buy a few judges.

Common name

[Frodo]

Personally, I think SSH has long become "common name", just as people call personal computer "a PC", even though there was real IBM PC, and some call general copying machine "a xerox" or general napkin "a cleenex", etc. Nobody really cares if this is Ylonen's product or not anymore, when they are saying "we are allowing access by SSH". This is just as they'd say "we are allowing access by FTP". That's the back side of popularity - the name becomes commodized...

Re:Name suggestion: FRESH

[Ed+Avis]

Why the 'shell' part? SSH isn't a shell.

Bash is a shell. Tcsh is a shell. SSH is a program which makes a connection to another machine, authenticates, and causes a shell (like bash or tcsh) to be run on the remote machine.

Re:Slanting the Coverage

[Col.+Klink+(retired)]

- actually reading the letter doesn't give the impression that the author is "demanding" the name change. He states he is "asking" twice. Yet the comments from slashdot readers are talking about "litigation," "demands," etc.

I guess you missed this part:

Some of the OpenBSD/OpenSSH developers/sponsors have also received a formal legal notice about the infringement earlier.

May I suggest...

[Greyfox]

Butthole Corporate Developers (BCD)

Be Glad

[4of12]

That we weren't talking about the trademark infringement of OpenTCP on a company selling a product TCP® that also uses the same underlying protocol.

In this case, however, I think "OpenSSH" ought to be renamed, although the underlying names of config files, etc. should remain static.

The request, if late, is both respectful and from a man who has contributed much to the community. The hardworking members of OpenSSH should decide on a new name.

BTW, I was thinking of establishing a project for a cleanroom implementation of exec() that I would call openexec()...

Re:He *has* to do so

[Rares+Marian]

Read the law yourself. You don't fight for a trademark you lose it.

Re:Another reason for this

[Steeltoe]

httpd.

- Steeltoe

Furious

[buss_error]

{Waring, serious rant mode set} Idiots, children, and other low brow non-cognitive slime:

Here's a guy that's worked long and hard to make his little slice of the pie. He isn't taking, he's making. Yet most of these posts are along the lines of He's wrong, we are right, and we are not going to comply with a simple, civilly worded request to do the right thing.

That's wrong.

First, Tatu Ylonen has very little choice in this. If he wants to keep his own trademarks, he must defend that mark when confusion arises. If you adolescent punks would read what he wrote, you would see something rare these days: Politeness from an intellectual property owner. Can you see how this would be written if it was from AOL/Time/Warner? First, it would have been hand delivered by the FBI, two SWAT teams, and maybe a division of Rangers if they thought you might have something as deadly as a fingernail file.

There is no question as to where SSH came from. There is no question what the right thing to do is.

Another thing to put on your agenda: GROW UP.

Re:Furious

[demon]

Well, he certainly took his sweet time in defending it. In case you've forgotten, trademarks must be defended by the trademark owner. How long has the OpenSSH project been around now? Long enough, certainly, that this should've been brought up a long time ago.

Also, as a friend of mine mentioned, when he (Tatu) put the term SSH onto those IETF documents, it could be said that he implicitly put the term into the public domain. (IANAL, of course, but I bet a case could be made.) Sorry, but he should've thought of that.

Also, his spiel about extending the life of the outdated SSH1 protocol is kinda hokey - OpenSSH 2.x supports the IETF standard SSH2 protocol, and they went back and fixed many bugs in the original SSH1 code.
_____

Re:What they can gain:

[PharaoH]

IIRC, a patent or trademark holds only if the owning entity enforces it. So, this isn't so much about what they want to gain. It is more about protecting what they worked hard to create. While it is an extreme example, I would shoot someone for entering my home and trying to steal my property. Wouldn't you work hard to protect your belongings? Besides, if they don't enforce their trademarks, then anyone may (legally) use them. Kleenex anyone?

Re:How will this affect current systems?

[benpharr]

Surely they can't stop sysadmins from making a sym-link to the new name. Ben

Maybe this would work

From what I can gather in these threads, Mr. SSH may not have much of a case to stand on. He's waited too long for the change. Similarly, OpenSSH would have to suffer problems from their name change and site registration change(s). However, I wouldn't berate him for what he has done in creating this SSH/secSH thing in the first place.

Rather, wouldn't it be more reasonable to put in a plug for mr. SSH in the home page of OpenSSH.org with a link to his site. It wouldn't have to be an endorsement - but it might be a reasonable solution.

If you ever tried to find squid-cache by typing in a URL of www.squid.org, you don't get there directly. But that site has a link up front to the www.squid-cache.org website. A nice solution IMHO.

Re:Name suggestion: FRESH

[Amokscience]

This already exists. Check on Freshmeat

http://freshmeat.net/projects/fressh/

well, an extra s but whatever.

Re:Well, they (SSH) are pretty much screwed...

[Kwantus]

it just seems he is bitter because openssh hasn't had the same security holes as ssh

Uh, yeah, that's why he complained about the security problem in older forms of both products and how OpenSSH is prolonging their lives.

I'm sorry; I read his letter; he's not asking OpenSSH to stop development, quite the contrary; he's just asking that they change the name enough that his company isn't put to expense and ... what should I call it, faceloss? ... damage to reputation ... getting inquiries or support calls or misleading journalism because of the consequent confusion. He even asks very nicely. I have no grand philosophical problem with his request; if I had any standing with the OpenSSH project I'd say "let's change the name".

Re:Name suggestions:

[deaddog]

Wouldn't that make it "OpenASS"?
--

No.

[Russ+Nelson]

Did I sum it up correctly ?

No. "Bread" is a descriptive english word. You could no more get a trademark on "bread" as a baked wheat/yeast combination than you could for "Windows" as a trademark for a transparent section of a wall. You could get a trademark for "Bread" windows, or "Windows" bread, because neither of them is descriptive.

That's why we gave up on "Open Source" as a trademark. It's too descriptive.

"Secure Shell" is arguably descriptive, however SSH is not, and "SSH" is what is being claimed as a trademark.
-russ

Re:Name suggestions:

[pdqlamb]

I like ASS. (Hmm, Freudian slip?) GNASH, they way you've got it acronymed (GNASH's Not A Secure SHell), should be GNASSH, which will confuse Tatu yet again. Somebody on Linux Today suggested blowshell - nice parallel to blowfish, and a hint of how to instruct the lawyers...

Great Company Name

[blazerw11]

SSH Communications Security Corp, let's expand it shall we?

Secure SHell Communications Security Corporation

This redundantly repeats itself over and over again repeatedly.

The only intelligent solution is to have SSHCSC change its name.

And do you know how much money they are loosing?

[AIXadmin]

"Many of you are (and the initiators of the OpenSSH group certainly should have been) well aware of the existence of the trademark. Some of the OpenBSD/OpenSSH developers/sponsors have also received a formal legal notice about the infringement earlier." And do you know how much money they have lost now that there whole product has been regineered! And put under a BSD style license. So that anyone can use! The least they could do would be to put it under the GPL so that it would turn off half of the users, and operating systems on the planet. You OpenSSH guys cost SSH 5 new ferrari's!! And now the SPA will have one less thing to check the servers at work for! The nerve of some people! Cheers, Thomas
Cheers,
Tomas
===========

Re:He *has* to do so

[frohike]

So, how about OSTAKAS (Open Secure Telnet Also Known As SSH).

I've got an even better idea! How about OSTFKAS (Open Secure Telnet Formerly Known As SSH)? Or perhaps they should just name it after the symbol of the blowfish? ^_-

Damage Control

[AirSupply]

Seems like the best thing he can do in that case is go into "Damage Control" mode. What's that? Give them permission to use the trademark. If he changes his tone to "look, I'll give you permission to use my trademark so long as you include a notice in your product that (a) states the trademark is mine, and (b) clearly explains that SSH and OpenSSH are unrelated products." This means that we don't have to go through the confusion of a name change, he gets to look like the good guy, and we can actually work on what he claims to be the problem: customer confusion. I'm sure the OpenSSH guys have no problem with emphasising the distinction between the two, even if it means giving the commercial SSH a bit of free advertising.

Not only does he get to look like the good guy this way, he might even salvage his trademark rights, assuming that they have a chance of being beaten in court as it stands. "Yes, they are using my trademark, but they have my explicit permission to do so."

A bit of cooperation is better than a tonne of coercion and legal sabre-rattling any day.

Re:Damage Control

[alkali]

Interesting idea; won't work. If he stood by and did nothing while OpenSSH made use of his trademark, the trademark would be destroyed and he couldn't thereafter enforce it. For the same reason, if he explicitly gave OpenSSH permission to do that, the trademark would be destroyed and he couldn't enforce it.

Put another way, the trademark is created by and is enforceable because of the identification of the word (or logo, or whatever) with a particular product in the mind of the consumer. You can't make a private agreement to sever this identification and still enforce the trademark.

Re:Damage Control

[martin-k]

No, trademarks are goods on their own, and they might be sold, leased, licensed, sub-licensed - whatever the trademark owner wants to do with them. This does not dilute the trademark, only non-action on infringements does.

So, giving the OpenSSH people the right to use the trademark under a licensing agreement is a perfectly valid way to solve this. The problem will be however to work out a contract that all parties can agree upon.

-Martin

Re:Name suggestion: FRESH

[wowbagger]

Why the 'shell' part? SSH isn't a shell.

Because a) that's where the final SH in SSH comes from, and b) it was early and I couldn't come up with another 2 words that gave me S H

Time to deal with what is...

[Pitr]

I can see his point, but if HTTP was a company name, they'd have the same problem. He should have chosen a better trade name, one that wasn't a command, regardless of who made it first.

As for the confusion, it's become part of the order of things. All he can do is ask for reasonable disclaimers and friendly links between sites.

Legally he needs to back his trademark or he will lose it, hence he simply needs to officially endorse the use in this case, outlining conditions, blah, blah... [insert lawyers here]

Re:Yes.. but..

[karmawarrior]

The OpenSSH project dates back to 1999, just over a year ago. And there are hints in the letter quoted that he has been trying to get Theo and others to deal with the issue for a while, to wit:

Sorry to write this to a developer mailing list. I have already approached some OpenSSH/OpenBSD core members on this, including Markus Friedl, Theo de Raadt, and Niels Provos, but they have chosen not to bring the issue up on the mailing list. I am not aware of any other forum where I would reach the OpenSSH developers, so I will post this here.

and

Many of you are (and the initiators of the OpenSSH group certainly should have been) well aware of the existence of the trademark. Some of the OpenBSD/OpenSSH developers/sponsors have also received a formal legal notice about the infringement earlier.

Some comments:

• It's clear that the SSH people are making timely attempts to protect their trademarks. If this was 2005 and SSH had never spoken before on the issue, then clearly they'd be risking losing the trademark due to a failure to defend it. It is not 2005, it's 2001, little over a year since the infringment started, and we're seeing the tail end of what appears to have been a longer attempt to enforce the trademark.
• It's clear also that the letter is a last resort. SSH say they have already contacted the project leaders, and the project leaders have failed to respond. Prevaricating on the project's part does not mean that SSH are the guilty party.

I'd also like to say that I think it's probably the most reasonable, polite, cease & desist letter I've ever seen posted. It patiently explains the issues, explains where harm is being done, and it proposes one thing the OpenSSH people can do to fix it, namely change the name of the project. To wit:

I would thus like to ask you to change the name OpenSSH to something else that doesn't infringe the SSH or Secure Shell trademarks, basically to something that is clearly different and doesn't cause confusion.

That's all they're asking for!

Much as I detest pointless IP disputes, this one seems reasonable. They present evidence that people are confusing SSH with OpenSSH, to SSH's detriment, and they're asking for a minor change to OpenSSH, namely a change to the project name. No renaming of tools like 'ssh' is mentioned or implied. They've not waited around for years to jump on something, making it clear that they've been trying to enforce the trademark against OpenSSH for a while.

I don't see what the problem is. Theo: Change it. Secure Telnet or something to that effect would be more descriptive anyway.
--
Keep attacking good things as "communist"

Re:I think that covers more than the logo

[Delphis]

LOL .. I get 'The System Is Busy' error on the Trademark Electronic Search System (TESS) page.

Heh.. slashdotting the USPTO.

--

Hypocrites

[I+Am+Smarter+Than+U]

I am sick of people bashing trademarks and praising the open alternative. All this while even Slashdot is trademarked!

And for your information, I have found SSH2 from Tatu and friends to be superior to OpenSSH. Besides functionality, SSH2 is free and open source, that's all I need.

Re:Hypocrites

[shepd]

>Sounds reasonable to me.

Yeah, but does it sound reasonable to your for-profit company?

Not in the least. because for them it is not free in any sense of the word.

Therefore, the only way you could possible classify this software as "free" or "open" would be: Open/free for non-commercial use ONLY.

There's a big difference between free and "free FOR". One is truly free, the other is like those fake checks Ed McMahon once sent.

Keep your junk mail and your junk software away from me.

bravo

[epicurus]

I have to give kudos to the SSH guy, at least he's not suing (yet), which he surely could be doing. He's doing about the most polite thing you possibly could do in his situation -- asking the OpenSSH development community at large to simply change the name of the project/product. What the hell is wrong with that? He has a requirement to do so if he's to protect his trademark rights.

Don't jump on somebody just because they've actually had an original idea and built a company around it. If you could ever be so inspired, maybe you'd be in his shoes, then you could understand. Untill then, keep slaving away and making money for your employeers instead of yourselves.

Re:No, he doesn't have to do so

[Watts+Martin]

If you look at ssh.com, you'll see "SSH (R) Secure Shell tm." "(R)" means, I wish I had any rights to reserve.

No, "R" means "registered." After a trademark has been in use for two or more years (with the "TM" mark), it can be registered with the patent and trademark office; until it's officially approved it's "trademark pending"--which indicates the process is underway.

Simply using another name isn't going to kill anyone. "FreSH is a free, open source implementation of the SSH2 protocol." Bam. (The hardest part for most people would be learning to type "fresh" after their fingers are trained to type "ssh"... although on second thought, you know everyone's going to just make a symbolic link to "fresh"--or whatever it's called--from "ssh" anyway.)

People in the open source movement are very good at standing on principle, or at least shouting on it, but there are times I think they should be a bit more willing to accept "be courteous" as a valid principle, too. "Technically we can do this, so screw you, corporate whore" may give you a warm fuzzy feeling, but it's an attitude which quashes useful communication.

This is great for OpenSSH

[ajs]

This is an ideal PR moment for OpenSSH.

Here's what you do:

1. Get everyone to know tht the SSH folks are being pains in the ass.
2. Hold a naming contest for OpenSSH.
3. Splash the resulting name around as "the new name of network security"

Get everyone to stop using the term "SSH", since we don't want to confuse anyone into using legacy software. Get them to use the real deal!

He didn't leave them alone

[flatrock]

He sent letters and legal notices in the past. They just ignored him. He obviously tried to settle this in a reasonable manner, but he did try and enforce his trademark. This guy has created a good product that people use. He just wants people to associate the product name with just his product, so his product can compete on it's merrits, not the merrits or lack problems that other people's products have. That's the purpose of trademarks.

Re:Let's play the name game.

[Delphis]

Seriously, what about ESH 'Encrypted Shell' .. seems simple enough.

Keep the command the same though as 'ssh' as it'll just cause problems otherwise.

--

phpSlash - Sorry Taco

[thedude]

--- ORIGINAL
Update: 02/14 02:44 PM by CT: I just wanted to insert my 2 bits into this story. This is a problem close to my heart: I hate getting tech support for PHPSlash. I don't care that it exists, in fact, I'm happy that it does, it fills a need and a lot of people like it.
---

I'm the maintainer of phpSlash. Sorry that you get support questions, if you care to please send them my way to nhruby@arches.uga.edu, direct them to our list: phpslash-users@lists.sourceforge.net ot to the website at http://www.phpslash.org.

As for you resoning about trademarks, you are being a bit idealistic :)

-n

Or how about "Fresher"?

[divec]

I suggest FRESH: Free Remote Encrypted SHell

Since one common pronounciation of SSH is "escher", It would be good if the new name could rhyme with that. Or does Tatu Ylonen think he has trademarked that pronounciation too?

Re:Or how about "Fresher"?

[lizrd]

Actaully calling it Escher would probably be fine too. The way to keep your users happy is of course to just type in

ln -s escher ssh

and noone will really be the wiser. This is pretty similar to the GNU version of vi which is actually called elvis.
_____________

Re:Well, they (SSH) are pretty much screwed...

[Grab]

But he says he's tried to ask the guys leading OpenSSH and they've just ignored him. If they won't pay him attention, what choice has he got? They're bloody lucky he's had the courtesy to post on a forum first, instead of just sending in the lawyers.

Grab.

Re:Name suggestion: FRESH

[cyberdonny]

<Off-topic>
Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....
</Off-topic>

But then, gdb would have been called liberated software debugger. Oops!

Re:Name suggestion: FRESH

[raffe]

if its not gpl or lgpl its not free software

Re:Another reason for this

[scoove]

The OpenSSH can be called OpenTomato and have SSH support claims all over their product description of they want.

Sure. And when they refer to the protocol OpenTomato supports, what will they say then? Includes SS...er... whoops! That's trademarked.

Trademarking "open standards" is intellectual property theft of a more devious sort. It's like donating stuff to Goodwill and then stealing it back at night, after you've claimed credit for being a good guy.

And claiming trademarks for three letters just seems to lead down to the inevitable path often humored on /. - "We're sorry, the letters S, H and E are registered trademarks. Please pick another."

*scoove*

anything logical

[rullskidor]

Why call it *shell in the first place, it's not a shell! Secure remote login or whatever would be better nomatter how extremely boring it sounds.

/oh and why not SSH: Ssh isn't a SHell ;)

Goddamn lazy bastard.

[tietokone-olmi]

From what I can tell, Tatu is pissed off because

1. The SSH stock is about to tank. So he needs a convenient scapegoat so that he can show to the stockholders that it wasn't his fault. ("it" what? dunno.)
2. He has a gigantic second thought about his releasing an early version of SSH1 under the BSD license (fork-and-forget, remember?).

As proof, I'll direct your attention to the "OpenSSH is causing us damage" bit in his e-mail.

On the bright side...

[howardjp]

At least this can get rid of the openssh.org vs. openssh.com complaint...

Not a shell

[wowbagger]

And I just thought of another reason: while *SSH isn't itself a shell, it gives you access to a shell.

CHANGE IT (to FreSH)

[mcrbids]

Yeah, we could prolly just screw him and tell him that we're going to use OpenSSH as the name from now on - but really!

This is the guy that wrote the original product that OpenSSH is built on! And rather than revere him, and afford him the respect that this esteemed position deserves, we make him out to be a money-grubbing, selfish demon, because of the inconvenience of typing "fresh" instead of "ssh".

Come on. This guy has helped us all.

Change the name to something else and step out of his way.

-Ben

Re:Some comments

[Lathi-]

SSH software has been a great gift for the Internet community, and OpenSSH might not exist without it. We should all be very thankful to Tatu for creating SSH (to a reasonable degree!). If OpenSSH people find it easy to change their name, and want to respect Tatu's wishes, just change it.

How many times during the Bush/Gore election contention did we wish for one of them to be gracious and just conceed? I think Tatu's contrubution to the Internet is great. Monumental enough that the Internet wouldn't be the same without it. That having been said, how many of us would describe Theo de Raadt as gracious? I guess the moral is that not everything has to be a fight to the death. Tatu is not doing anything here that takes away my freedom to choose free software.

I don't know if Tatu has complained to OpenSSH about its name before, but he definitely should have done so as soon as possible, when OpenSSH project was started in 1999. It's hard to believe that he wouldn't have heard about it then. Denying the use of the name later can't be interpreted as much else but unfair bashing. Over a year is a long time in "Internet time".

This is an interesting point too. I would be impressed if OpenSSH just changed their name; but they might have a case if they don't want to. When did Tatu first contact them about changing their name? Has he contacted FreSSH? How rigorous has he been defending his trademark? If Tatu wants to keep a positive public image and still press this he should produce the history of his ignored request to the OpenSSH team.

An incongruence on the argument

[Ektanoor]

In a market point of view while I wouldn't blame the author for restricting the use of SSH, I would clearly note that the term "Secure Shell" is less of being considered as a trademark. Sorry Mr. Ylonen but morally you are incorrect on the whole. You also once took the term "Shell" and "SH" from somewhere right? Let us note that these things are "Remote Shell" and "RSH", a UNIX system for remote use. So your restriction is, in a moral point of view quite incorrect.OpenSSH people is doing the same you did some years ago. And don't tell me these things are different. Look back at those times before you started building the Corp.

But let's forget this point and restrict to the money one. SSH Corp., (TM) as we see, is loosing money. So, we may understand they wish to avoid confusions with those who are, _potentially_, hitting their pockets. So it may be understandable that SSH wants to restrict its name. But there is a problem here. Also, in economical terms, SSH didn't do a bunch to secure its own name during all these years. So now "SSH" AND "Secure Shell" are terms of use. Much like "telnet", "ftp", "http". The only to blame here is Mr. Ylonen himself. Well we may give out SSH back to the owner if he wishes to. However the term "Secure Shell", a composition of two common words and being a technical derivate of "Remote Shell" conceptions is harder to give out. Meanwhile it is an established technical concept. Restricting such term for private use is a serious demonstration of being very unfriendly to a huge community of users and developers.

Mr. Ylonen is not only securing a trademark but also creating hassles in hows and whens of the use of a technical concept. By trademarking this concept he is forcing people to create other namings and conventions. This will break a continuity of the use of these namings and conventions on technical docs, manuals and products. Whishes he this or not, he is doing more damage then use. Frankly, this may be the real killer of the SSH mark as people may choose other namings and conventions to avoid such selfish consideration of his own value.

Re:An incongruence on the argument

[magi]

I wouldn't say that SSH is really "loosing money" dramatically. Their last financial review tells that their turnover increased by 138% during the period. Their profits went down to negative (-6Mmk compared to 13Mmk in 1999), because of increased staff expenses (they hired some 100 people apparently to R&D).

Anyhow, I don't see how this would be relevant. Companies should have equal rights and obligations regardless of their profits.

Perhaps OpenSSH project could show their kind appreciation to Tatu and SSH Communications by giving it proper credits in their documentation, and perhaps by advertising it as the primary support and service company for secure shell products. Perhaps it would also be good manner to put disclaimer notices on their web pages, making it more explicit that OpenSSH has nothing to do with SSH Communications, if that is Tatu's problem.

Re:An incongruence on the argument

[Fervent]

No, he is trying to prevent the use of a name which is identical to his product's. It is a very reasonable request ("continue to make the product, just please don't use that particular name").

Next time, try to not hide being an idiot with bombastic text.

Re:may as well change the name of openssh

[Greg+W.]

rsh isn't a shell either. there was no "style of naming" since rsh was the only odd man out.

It doesn't matter whether it's a "shell" or not. In fact, it does follow the naming pattern of several other commands, collectively known as the "r commands" -- rlogin, rexec, rcp and rsh.

• rlogin - remote login - "kinda like running login, but remotely"
• rexec - remote exec - "kinda like running exec, but remotely"
• rcp - remote cp - "kinda like running cp, but remotely"
• rsh - remote sh - "kinda like running sh, but remotely"

So now we have ssh (secure remote sh) and scp (secure remote cp).

Re: secsh

[hndrcks]

Yes, it sounds like New Years Eve:

"Honey... (hic)... lets have secsh!"

...thump...zzzzzzzzzzzzzzz

More new names...

[Gerv]

SINS - SINS Is Not SSH :-)
SMERSH - Secure Multipoint Encryption Remote SHell (or something...)

Gerv

Re:More new names...

[haapi]

nah .. CryptoSHell -- csh!

No, wait. I think those are my initials.

I think that covers more than the logo

[Paul+Crowley]

Misdesign of the USPTO database means I can't follow your link; everyone will have to do their own search. Oh well, that they're idiots we knew.

However, it looks as if the one relevant live trademark, held by "SSH Communications Security", is I think meant to cover the name as well as the logo: thus the opening line "Word Mark: SSH" and the "Mark Drawing Code: (5) WORDS, LETTERS, AND/OR NUMBERS IN STYLIZED FORM".
--

Re:I think that covers more than the logo

[Howie]

Misdesign of the USPTO database means I can't follow your link; everyone will have to do their own search. Oh well, that they're idiots we knew.

I wonder if they have the appropriate license from OpenMarket to use storing-state-in-URL technology? That would be nicely ironic.

Re:I think that covers more than the logo

[rkasper]

It's a "drawing" trademark, which, as you quote, covers a claim for SSH "IN STYLIZED FORM." We're free to use SSH as a name as long as we don't use a similar stylized form.

i am afraid not...

[avdp]

FYI - I did the same search (not using your link - don't work. Says the session as expired if you click on them) and DID return 3 matches on the word ssh. one of wich is dead, one of which is live (and owned by ssh inc - or whatever it's called) and another one is in a unrelated business.

Re:i am afraid not...

[rkasper]

Sorry about the dead links.

The "live" trademark claim is specifically for an ssh logo. Logo claims are different from word claims. Having a registered mark on a logo prevents people from using a similar logo. It doesn't prevent people from using the same sequence of letters as the name of a product.

Re:No, he doesn't have to do so

[DavidTC]

ln -s /usr/bin/fresh /usr/bin/ssh
ln -s /usr/bin/freshd /usr/bin/sshd
ln -s /usr/bin/frecp /usr/bin/scp

Thank you, come again.

-David T. C.

Wrong! There's a difference between TM and patents

[yerricde]

In fact, this is exactly equivalent to the GIF trick

Not necessarily. There's a difference between trademarks and patents. Open*** can comply by simply changing its name to FreSH (free shell). (The same thing happened when The Tetris Company tried to sue Tetris cloners; the cloners simply changed the name of their products.) GIF writer developers have to completely abandon GIF, as LZW compression (a necessary and irreplaceable part of the GIF87 and GIF89 standard) is patented.

Like Tetris? Like drugs? Ever try combining them?

What they can gain:

[TheWhiteOtaku]

Isn't it obvious what they can gain? (Hint: it starts with "m" and ends with "oney")

Re:What they can gain:

[mayoff]

No, you idiot. Mahoney.

Re:What they can gain:

[Fervent]

Bullshit. The guy's just trying to protect the name. That has little, if anything, to do with money.

Re:What they can gain:

[Craig+Maloney]

You have nothing to loose, and everything to gain with Maloney. :)

Re:What they can gain:

[Jedi+Alec]

Aside from the fact that your product has a name, and when another product gets the same name, it get's really confusing. Now it could just be me, but the first thing that went through my head when reading the e-mail was: "Yeah, sounds reasonable". Now let's adress the other side, how much does OpenSSH have to lose from changing the name of the project, or at least specifically stating somewhere that OpenSSH=/=SSH?

Re:What they can gain:

[raju1kabir]

While it is an extreme example, I would shoot someone for entering my home and trying to steal my property. Wouldn't you work hard to protect your belongings?

Completely off-topic, but you would? You're saying that your VCR is more important than someone's life? These are truly bizarre times.

Re:What they can gain:

[Ringlord]

Is that illegal?

Re:Name suggestions:

[ajk]

gets rid of Secure the "copyright" infringement part

There is no copyright infringement in this issue. It's a trademark that is being infringed.

OpenSSH needs to take a lesson from Mesa & OpenGL

[UnknownSoldier]

The OpenSSH teams needs to take a lesson from Mesa. OpenGL is a trademark of SGI. Just change the name of OpenSSH, and you never have to worry about these stupid trademark infringements again.

*shrugs*

Secure Shell can not infringe!

[TheDullBlade]

Whether it's registered or not, it's clearly been promoted by the holder as a general term, and the "trademark violation" has been knowingly tolerated for a year or so without action. He doesn't have a leg to stand on.

But the one that kills me is "trademark pending" on Secure Shell.

How utterly pathetic.

Have I mentioned my pending trademarks on "Word Processor", "Web Browser", and "Operating System"? I'll be busy sending out letters like his for a while myself.
---

More SSH News

[ssimpson]

Just read on the cryptography@c2.net mailing list that the Fressh package has a security hole - when a /dev/urandom is not present the code falls back to an awful 'random number generator'.

See the message original message below:

Date: Wed, 14 Feb 2001 14:29:00 +0000
From: Charles M. Hannum
To: cryptography@c2.net
Subject: Bad PRNGs revisted in FreSSH

The newly announced FreSSH, when there is no /dev/urandom available,
uses a `fallback' to seed its PRNG that consists of:

[Fucking code snipped coz Slashdot filter no longer accepts C source code because it detects 'junk characters' - WTF!?!?!]

I don't think I need to tell people on this list why that's absolutely
horrible; I'm just pointing out that code is still released today with
crap like this. I would have thought we'd learned this lesson years
ago with the AFS, krb4, Netscape, et al vulnerabilities.

Re:Yeah, and he waited *how* long to raise a stink

[Art+Tatum]

And plus, he states that he has been asking for some time now.

Re:Hmmm...

[Sc00ter]

PuTTy.. It rocks. Free, GPL, SSH1 and SSH2. Great product
--

A SSH by any other name...

[kieran]

My one objection to this is the obvious: isn't it a little late to start complaining? He doesn't mention when he first got around to asking the developers about this, but OpenSSH has been around for a while.

That said, if the developers are willing I wouldn't have any great problem with a name change. Perhaps "ossh"? *shrug*

Re:A SSH by any other name...

[Art+Tatum]

My one objection to this is the obvious: isn't it a little late to start complaining?

Yeah. However, judging from what he said in his letter, I think the only reason he's doing this is the massive amount of support calls and emails he has started receiving from confused people. Of course, he'll be flamed up one side and down the other by many here on /. So it goes.

Re:A SSH by any other name...

[Rootman]

How about Gnu Optional Open Security Shell or GOOSH for short :)

Re:A SSH by any other name...

[Pig+Hogger]

How about OSS?

That would be a fitting tribute to the CIA's ancestor, the Office of Strategic Services... :) :) :)

--

Re:A SSH by any other name...

[wuice]

If you're smart enough to create an alias that points the name SSH to whatever OpenSSH decides to call itself, you're probably smart enough to know about the difference between SSH(tm) and OpenSSH anyway, and you're not the person this trademark and the resultant enforcement of such trademark was intended for. You know the difference, and therefore, SSH(tm) would have no reason to have a beef with you.

Re:A SSH by any other name...

[wuice]

Ewww.
I'm sure the OpenBSD people wouldn't want to have GNU in the name of any of their products, even as an acronym.

Re:A SSH by any other name...

[sethgecko]

but OpenSSH has been around for a while.

A little over a year. Don't know if that's what you mean by "a while." And ossh alreay describes a different free implementation of ssh. I like the earlier suggestion of "shush". Or maybe OpenShuSH.

Re:A SSH by any other name...

[elegant7x]

First of all, no one patented anything. If you don't know the diffrence between patents, trademarks and copyrights, please be quiet. My question is if the word is now used to label something that is implemented in public domain and is avaiable from a standards comittee such as IETF, how the hell can you still use it in a trademark?

From my understanding, The Protocol Specs *did* include a trademark note when talking about SSH, and the Protocol itself is called SECSH, not ssh.

Amber Yuan 2k A.D

Re:A SSH by any other name...

[shokk]

"we have offered certain licenses to use the SSH mark to refer to the protocol and to indicate that a product complies with the standard."

It seems to me that his company has allowed the use of the name and if I'm not mistaken, the OpenSSH group got their name from the protocol and not from the originating company. It was not explicitly stated that the name of the protocol couldn't be used in the name itself. If this is the case, then they should be allowed to keep their name as it stands.

-----

I think you have to have it in common use for many more years, probably for something like half the current life of the Internet (not web!!), before you can call it public domain.

Re:He *has* to do so

[kurioszyn]

You shoudn't be posting.
You are emotionally unstable.

Re:Idiots

[Ormod]

Your right, that got my attention too. I didn't look at it favourably either.. but when you come down to it Ylönen created SSH which n+1 people use every day, me included. If he owns the trademark and tries to get other people to respect that in a friendly manner I just can't see how people can still flame that he's greedy or lashing out because his stock price has gone down.

Re:He *has* to do so

[AshPattern]

Geez, people... It's doesn't have to be so complicated...

osh

When spoken, it's even phonetically shorter than ssh.

He *has* to do so

[sharkticon]

Don't blame him, he has no real choice in this matter. Trademarks have to be protected, no matter how little you care, or else they will become invalid and anyone can use them. If he doesn't go after OpenSSH, tomorrow it'll be Microsoft using the name.

Blame instead the entire trademark system which has perpetuated this kind of attitude. It's gone from a system meant to protect rights to one that encourages, even demands, companies to trample all over their rivals.

Re:He *has* to do so

[rew]

Trademarks have to be protected, no matter how little you care, or else they will become invalid and anyone can use them.

So... Grant them a licence.

Re:He *has* to do so

[TicTacTux]

Well, this is about the first time I see a copyright holder contacting his 'opponents' in a rather friendly manner. You may argue about his claim but at least formally he's showing manners and common sense.

That said I suggest that we at least *try* to find a way to solve this manner; unfortunately most postings here range from 'get lost, creep' to downright hostile, but I haven't seen many that are constructive.

So, how about 'Secure Telnet' or 'Secure Login' (as it is not exactly a shell but rather an encrypted connection to a shell)? Ah, yes, something with 'Open' in it (doesn't that contradict the 'secure' term? A secured system cannot exactly be described as 'open', right?). So, how about OSTAKAS (Open Secure Telnet Also Known As SSH). Uh, no, the acronym must be recursive, like ONS (O's Not SSH).

Now go use your imagination, this one time not for coding...

Re:He *has* to do so

[Suidae]

Hmm, Secure Login... Would that be SLO?

IMO, the trademark would have a better chance if it was something other than an obvious description of the product.

However, I don't think changing OpenSSH's name is a big deal at all. Most people could care less what its called, as long as its stable, free, and easy to find.

Re:He *has* to do so

[wuice]

Unlike the vast majority of slashdot posters, who are emotionally stable, well-adjusted, intelligent, etc.

Er..

Re:He *has* to do so

[kurioszyn]

You said that.

Re:He *has* to do so

[aanantha]

He should be friendly when contacting his "opponents". He owes it to the open source community that anyone even used ssh. If people knew he was going to turn it into a non-open source product, no one would have used ssh. Ssh became popular only because it was open. It could be universally supported because of that. The open source community helped him test his code and provided bug fixes. And now this is how he repays our support. Sure, he's got every legal right to do what he's doing. But it's still backstabbing in my book.

But in the end it will be his loss. People will just stop using his product, and use only OpenSSH. Though I suppose we won't be able to call it ssh anymore. So instead not only will people not use his product, they'll forget he had anything to do with it because they'll be using it under a different name. The end.

Re:He *has* to do so

[TicTacTux]

Okay, I stand corrected; this time it's 'trademark'. OTOH, someone who doesn't grasp the difference between bashing and pondering should be fined with no less than 100 EULAs to read aloud.

Re:The original SSH license

[tez_h]

Indeed, this seems to be an actual case of "the exception proves the rule" ie.

if exception
then not rule
else rule

The exception here is phrased as "if the derived work is incompatible with the protocol description in the RFC file". If this is the case, then derived work must be called by a name other then ssh or Secure Shell.

From this, a rule might be inferred, that is, if the derived work is compatible with the protocol description in the RFC file, then the derived work can indeed be called "ssh" or "Secure Shell".

Hmm. This etymological post is slightly off-topic.

-Tez

Re:Some Corrections

[TechLawyer]

Oh, come on! This is /., where every IP topic ends up bashing patents! Join the fun!

suggestion

[emir]

ERSH == encrypted remote shell

ESH == encrypted shell :)

Well, they (SSH) are pretty much screwed...

[kramer]

As always, IANAL --

Trademarks must be defended against infringments or you risk losing them. Further, they must be defended as quickly as possible against infringement. You're not allowed to let someone use it for a couple of years then suddenly decide to go after them when they become successful.

By looking at the whois record for openssh.com, it's obvious that Openssh has been using the name Openssh publicly since at least October of 1999. That's well over a year. I would hardly call this a timely filing.

Re:Well, they (SSH) are pretty much screwed...

[CaseStudy]

Well first off, he always has the option to license the use to OpenSSH (for $1 or whatever).

Er, no. A trademark isn't a patent, and though called IP isn't really a property right the way copyrights and patents are. Licensing doesn't negate the fact that it would dilute the mark.

Re:Well, they (SSH) are pretty much screwed...

[Tuzanor]

well the thing is OneBSD, and therefor openSSH are based in canada already :-)

Re:Well, they (SSH) are pretty much screwed...

[mlong]

Everyone is whining "but if he doesn't defend it, he'll lose it". Well first off, he always has the option to license the use to OpenSSH (for $1 or whatever). And secondly, OpenSSH isn't even a commercial venture...it just seems he is bitter because openssh hasn't had the same security holes as ssh

Re:Well, they (SSH) are pretty much screwed...

[Strider-]

Another thing to consider: Since the community finds this trademark to be distasteful, why doesn't everyone start violating it flagrently? He can't possibly go after everyone, and thus since he hasn't adequately defended his tradmark, will it not be declared invalid?

Re:Some Corrections

[twivel]

The trademark process takes a while - and he even claims that the trademark for Secure Shell is still pending. It could be that he just recently received his trademark registration and how has the legal grounds to enforce it. THat means he didn't 'wait a whole year' to enforce it - it just took that long to get the process completed.
--
Twivel

Re:Name suggestions:

[No-op]

most of your name suggestions would still be equally problematic, as his complaint revolved around the use of the SSH name in the product title.

I also don't think most people would really want an open implementation of SSH to be called "ASS".

Realistically, regardless of how all the opensource wonks on here act, he has a fully legitimate claim to the name and has been much more forthright with his request than many other companies would have been.

Besides, I'm sure someone could come up with a name that is cooler anyhow. who thought up the name for blowfish? where are they in this discussion?

and with regards to SSHv1, there are many devices that have SSHv1 implemented in hardware without support for SSHv2. I'll take a SSHv1 connection to a router over a telnet session any day, how about you?

Re: secsh

[Greg+W.]

So why not bite the bullet and call it Secure EXchange (sex)? ;-)

(Yes, I know, there's already a text editor called sex ("Simple Editor for X"). It's still a fun name.)

No problem, call it opensecsh...

[twivel]

Advertise it as opensecsh or Sec Shell. (instead of secure shell).
--
Twivel

Butthead Astronomer

[jon_adair]

He better be remember what Apple did when Carl "butthead astronomer" Sagan complained about them using his name.

Trademark on Aspirin�

[yerricde]

Tylenol-brand pain reliever" is OK; "Aspirin-brand pills" is not.

Except in some jurisdictions, Bayer still has a trademark on ASPIRIN® brand acetylsalicylic acid pain reliever. See also this Flash map of jurisdictions.

Like Tetris? Like drugs? Ever try combining them?

Open Source Community Beats All Expectations

[HopeOS]

In an incredible display of coordination and maturity, the decentralized Open Source community, honoring the contributions of Tatu Ylonen, opted to rename their secure shell implementation from "OpenSSH" to "Fresh" thereby respecting his (albeit dubious) trademark, and subsequently avoided incidentally cutting off his customer base using his own name. Despite the fact that the author of SSH failed to enforce his trademark in an appropriate timeframe, the organizers, developers, and users of OpenSSH forgave him the oversight and simply renamed the package, symbolically linked "ssh" to "fresh," and went on their merry way. Thus is the power of *nix. Thus is the power of Open Source. Thus is the power of Open Source development.

Maybe.

*banging head against wall*

[Ryvar]

I swear . . . sometimes people, no matter how much I may respect their past accomplishments, make me want to rip off my own head and beat it vigorously against the nearest wall in frustration.

The OpenSSH 'product'? I don't think of OpenSSH as a product, a product is something 'consumers' 'buy' or 'sell', not a freely distributed tool. I realize that not everyone is going to be a security guru right off the bat, but until you actually are able to distinguish SSH from OpenSSH, then I'm not sure why it matters as you clearly haven't passed the minimum intelligence test to use either. Is SSH1 broken? Yes, but (BUT!) . . . SSH2 isn't available for a lot of things that SSH1 IS available for - and SSH1 is a hell of a lot better than 'telnet '

--Ryvar

Re:*banging head against wall*

[Art+Tatum]

Id guess that SSH should be very glad they're getting buisness from people who confuse OpenSSH with the proprietary SSH product

But they aren't getting any business from it. Only support calls and emails from confused (and angry, perhaps) OpenSSH users.

Re:*banging head against wall*

[BJH]

Not to mention that OpenSSH now supports SSH2 protocols. If I had to make a guess, I'd say it's that point that has caused SSH Communications to let loose the dogs^H^H^H^Hlawyers.

Re:*banging head against wall*

[brassman]

I'm damned with the ability to see both sides of this. If you want to trademark a name, you have to leave a generic name for people to use to refer to it -- thus we have "Kleenex(R) brand tissues," or "BandAid(R) brand bandages." "SSH(R) brand ssh" doesn't pass that test.

But having followed Bugtraq over the last couple of weeks, I can also see this guy's frustration at OpenSSH keeping v1 of the protocol alive despite him saying over and over ~"It's deprecated, it's br0ken, MOVE TO v2 ALREADY!"~

Re:*banging head against wall*

[Znork]

True. And the basic problem is I cant get an order for 5000 licenses of SSH through the purchasing department without a 3 year project, but I _can_ push OpenSSH into our servers.

Which, of course, means that I will advocate OpenSSH rather than SSH, since one is implementable in assbackwards large corps and the other one isnt. And since I know that a load of other people have the same problem, Id guess that SSH should be very glad they're getting buisness from people who confuse OpenSSH with the proprietary SSH product, because SSH dropped off the roadmap as being useable at the same time they went proprietary and dropped a load of platforms.

I think he is all right

[dj.dule]

(for the record I use ONLY linux on all my computers, and support open source)
Well face it, not all things can be free. He registered SSH trade mark, made bussiness of it and what is the problem ? It is his property. Taking it is not fair, even if it is for free source. Imagine someone say "OK, Coca COla is good, let's take their formula and spread it around so everyone can make coke". Problem would be if he wants to patent crypto alghorytm for example. But with name it is ok

Be the tail that wags the dog...

[emil]

OpenSSH team - require a command-line argument to activate "commercial ssh compatibility mode." Place this argument in both the client and the server. Do not enable it by default.

OpenSSH has a much greater market penetration than commercial ssh, and it is our community that controls him, not the other way around. He will require a demonstration.

p.s. I suggest a new name of "esh" or "ensh" for Encrypted Network SHell...

Re:The TM system needs to have an overhaul

[nagora]

McDonalds (and Dixons, a UK electrical retailer) have at times tried to sue people with their names in UK courts and lost; you simply can't prevent someone from trading under their own name, unless they start using big yellow arches etc. even if they are in the same line of business.

In the case of the Dixon's guy, he opened an electrical goods shop opposite his local branch of Dixons. They sued him and lost and then he changed the name of the shop because it was "attracting the wrong sort of customer".

McDonalds is on even looser ground since no one called McDonald has been involved in running the company for decades.

TWW

Re:How can.....

[kieran]

One infringe on a copywrite if you don't profit from it?

You can make it more difficult to make the trademark/copyright owner to infringe on it, as in this case.

Re:No, he doesn't have to do so

[thoreau]

ummm, I wouldn't think that the commands would have to change, would they? Sun's NIS was originally called Yellow Pages (yp) and because of a trademark issue with (I believe) British Telecom, it had to change the name of the product, but none of the commands changed (ypcat, ypmatch, etc.). Are commands really trademarkable. I gotta put in my trademark on 'ls' today! :)

Just my 2 cents. I think that if they want OpenSSH to go as far as to change the command names, then OpenSSH should just ignore them and let them explain to a court why they waited until NOW to decide that they don't like 'ssh' (a protocol that HE chose to: first, open source; second, submit to IETF as an open standard.

Thoreau

Re:Hmmm...

[Delphis]

Indeed. I use TeraTerm with the SSH addon for a Windows SSH client, by which I administrate a number of Linux machines running - you guessed it - OpenSSH! (no, it wasn't a confused choice, just an informed one)

What other Windows SSH clients to people use? .. I've personally found TeraTerm + SSH to be very effective and easy to use.

--

Hey... give the guy a break

[Chmarr]

He's asking us politely to change the name, as the confusion is cutting into his bottom line of his business, the business he's trying to use to put food on the table and his kids through college (or whatever it is they have over in Finland).

Data Fellows helped us secure our networks for a couple of years (which is a long time in our industry), before openSSH came along. I think that deserves some accolades, and deserves him more than a little consideration of his request. And, it really was a request more than a demand.

So, I personally think it should be given consideration, regardless of how much of a pain it'll be. I think he deserves at least that much.

Re:Yeah, and he waited *how* long to raise a stink

[slonob]

The whois record suggests he waited a little over a year (November 4, 1999). That's not very long.

Re:Having been through something like this before

[SubtleNuance]

4. Tatu says he has registrations for "Secure Shell" pending.

If this passes through the US (USPTO?) I would be very disappointed. Registering 'Secure Shell' is about as logical as 'Fast Harddrive' or 'Soft Towel' or 'Comfortable Chair'. It is obviously simple description..

How long do you think until his registration is approved? :(

Maybe we should change RSH too!!

[rigor6969]

Oh come on dude. Want us to rename RSH as well? Perhaps people are confusing rsh and ssh.. give it up. Great program and all, but you should take the opportunity you get when someone comes to your site, with openssh problems, as a possible sales lead. Most companies would love the opportunity to get "strays" into their company

Broken Encryption is WORSE than Plaintext

[evil_one]

Encryption gives a sense of security. I know that if I was logged into a shell securely, (regardless of how broken it was) I would be much more likely to type in sensitive information than if I was using plaintext. If someone is listening to passing data with the intention of stealing valuable information, they will have the proper tools if they are serious about it.
---

Re:How can.....

[kieran]

One infringe on a copywrite if you don't profit from it?

You can make it more difficult to make the trademark/copyright owner to profit from it, as in this case.

(Ignore previous nonsensical message, 'twas a thinko.)

Where is this mark abandoned?

[HopeOS]

There's no guarantee that I can navigate the USPTO website, but where in this trademark record is it abandoned? I used TESS, the basic search, and entered SSH. Am I missing something here?

Word Mark SSH
Goods and Services IC 009. US 021 023 026 036 038. G & S: computer programs and software for preventing unauthorized access to computer networks and for providing secured connections to computer networks
IC 038. US 100 101 104. G & S: telecommunication services, namely, providing secured telecommunications connections to a global computer network
IC 042. US 100 101. G & S: maintenance and support services for computer programs and software
Mark Drawing Code (5) WORDS, LETTERS, AND/OR NUMBERS IN STYLIZED FORM
Serial Number 75150525
Filing Date August 15, 1996
Filed ITU FILED AS ITU
Published for Opposition December 16, 1997
Registration Number 2141991
Registration Date March 10, 1998
Owner (REGISTRANT) SSH Communications Security Oy JOINT STOCK COMPANY FINLAND Tekniikantie 12 02150 Espoo FINLAND
Attorney of Record MICHAEL B LASKY
Section 44 Indicator SECT44
Priority Date March 1, 1996
Type of Mark TRADEMARK. SERVICE MARK
Register PRINCIPAL
Live/Dead Indicator LIVE

Kha0S Linux

[Kha0S]

When a bunch of people came out with "Kha0S Linux", I got lots of contact from people on IRC and elsewhere... I just took it in stride, and made sure that everyone knew that I wasn't the writer of it.

Oh, except for a few people. I pretended I wrote it and told them that I had special anti-lamer code that would destroy their hard drive if they tried to install it.

Snicker.

Let try and decide

[jjr]

On a new name for OpenSSH. Something that will not confuse the average guy on what is what product.
1) Secure Login (SL)
2) Secure Telnet (ST)
3) Secure Remote Shell (SRSH)
Help me with more I am to tired to think right now

Re:Let try and decide

[Teethgrinder]

Help me with more I am to tired to think right now

The obvious...

NISH - Not Insecure SHell.

:)

Btw, I fail to see why he's bothered if people confuse him as being responsible for a product that doesnt suck (I'm not saying SSH suchks, I'm just saying I'm pretty much happy with OpenSSH^h^h^hNISH). I could think of worse publicity...
like going after dumb trade-marks. ;)

Re:Let try and decide

[Col.+Klink+(retired)]

Secure Host to Host (SHH).

Re:Let try and decide

[pjrc]

Secure Host to Host (SHH).

That's a damn good idea!

Re:Hmmm...

[BEHiker57W]

I tried to run commercial SSH because it was the first SSH I found. It didn't work well. With any network delays it would log me out and it ran kind of unstable. The settings were a bit touchy also and I seem to recall that it wasn't easy to install on RHL6.1.

Then I tried OpenSSH. It worked like a charm, I get the source and the right to change it, nobody is going to try to make me pay a license fee for support I don't need, and it's rock solid.

Maybe Commercial SSH should try selling commercial support for OpenSSH instead of their own broken implementation. Too bad that the top notch quality and simple setup of OpenSSH will no tempt many to buy support.

Since SSH is a necessity of existence like air and water, it should just install and run instantly like telnet does on most unicies. OpenSSH is a community effort that can make it a reality. Commercial SSH seems to have a different set of goals that don't include ease of use.

-Brian

Re:Hmmm... Problem with that

[drudd]

You're missing the point...

The problem is not that openSSH resembles the original SSH, it has to in order to do what it does. But when it looks like SSH, acts like SSH, and the name is similar besides, it definitely can cause confusion.

IIRC, debian installs openSSH (since it falls under it's definition of "free"), but the package itself is called ssh. A user may think they are getting the true "ssh," when they are actually getting openSSH. This is a definite example of trademark confusion.

What wouldn't be bad is if someone released a first person shooter like quake, calling it openSSH. No confusion could arise, the fps "openSSH" and the secure shell "SSH" would be completely different products.

Doug

Re:Hmmm...

[buffy]

> Whether or not they can isn't the point. What he
> is saying is that continuing to support SSH1 is
> a Bad Idea. Kinda like saying continuing to
> drive a Ford Explorer with Firestone tires is a
> Bad Idea.
>
> Can he stop them? No.
> Do they have every right to continue supporting
> it? Yes.
> Is it a good idea to continue supporting it? I
> don't think so.

I don't think he's saying that they don't have a right to continue supporting the SSH1 protocol, but rather, it goes to support his point that trademark usage confusion exists. If he's decided that it's a bad idea, and has discontinued it's support in the commercial/trademark protected version, and is using that as a differentiating factor, then confusion is created by a similar product continuing to do so.

YMMV,

Then that's different...

[mindstrm]

I mean, if they've ignored him all along, that's different.

Though I'd still maintain that it's news to most of us that 'ssh' is a registered trademark (tm), given the open protocol specs by the same name, and the plethora of tools that use the ssh name.

Re:Hmmm...

[leto]

I think everyone will agree that "ssh" is a protocol, not a trademark. If anything, it is based on the term "rsh", so would Berkely now be able to do what Tatu is suggesting the community does now, to change the name of a competing product?

I'm glad Tatu developed it, but ssh had problems from the start with commercial licences. Heck, I
actually TRIED to get get a comercial licence but the entire DataFellows thing was a huge disaster. I gave up on trying to buy it. Now that's not OpenSSH's mistake.

Next, here comes the US with their "open source crypto is allowed", and RedHat starts deploring it massively with their 7.0 distribution. It's a worldwide success, and now Tatu has a real problem. Most people know the difference between ssh and openssh, but if 1% doesn't, Tatu gets a lot of non-customers and that is annoying.

And as a sidenote, Tatu know claims that OpenSSH is causing problems for keeping sshv1 intact. While his reasoning might be very valid, the practise is that we all went through hell with the various v1-only and v2-only servers and clients. Tell an entire campus to buy new software from DataFellows because their new clients dont support v1, and all old clients won't support v2. OpenSSH was a blessing to get things to work for everyone.

Sorry, all this warfare is just the result of Tatu (rightfully!) trying to make a living the wrong way, by selling licences instead of using a more modern opensource model to sell support contracts and become the free world (non-US) leading crypto company.

Ofcourse, I wonder now what Alex de Joode will do
with openssh.org, he already had a fight with the openbsd people :)

Paul

Huh?

[ooze]

Sorry for requiring you to change your product name from OpenBread to something that doesn't confuse with my high quality Bread products trademark. Everybody is welcome to use the open available recipe for for their products, but just don't call them Bread. I had a lot of work making my company well known as a Bread Baker.

Did I sum it up correctly ?

The shell formerly known as secure shell

[gnalle]

TSFKASSH :)

Re:SSH1 vs SSH2

[roca]

> the attacks on ssh1 are of a difficulty roughly
> on par with stealing a TCP connection from a
> modern OS: the attack is possible, but extremely
> impractical.

This comment demands clarification.

"Blind spoofing" (when the attacker cannot sniff packets being sent between the target machines) against a modern operating system is indeed very difficult because it requires guessing of sequence numbers.

However, if the attacker can observe the traffic (e.g., they're sniffing the ethernet of one of the machines participating in the connection), then it is easy to hijack the connection.

may as well change the name of openssh

[yoghurt]

ssh is not a shell. no one puts in their
/etc/passwd shell field. it runs no scripts.
calling it a shell has always struck me as misleading. maybe this trademark issue will prompt a more accurate name.

Re:may as well change the name of openssh

[agentZ]

No, ssh isn't a shell. It follows the same style of namiung as the old rsh program, which stood for "remote sh". (Where /bin/sh was one of the earlier shells used.) The idea being that ssh offers a secure alternative to the old, crufty, original rsh. Secure shell is just easier to say than "secure sh," (and probably more accurate as very few people still use /bin/sh for their default shell).

Re:may as well change the name of openssh

[hattig]

Hmmm, we have FTP, HTTP, HTTPS, etc. Maybe OpenSSH should be named "Secure Tunnelling Protocol" or STP for short. Then in Mozilla, typing in STP://remote.host.com/ would bring up an integrated SSH program... :-)

Re:Name suggestion: FRESH

[The+Man]

No, I suggest "SSHsucks," with the subsequent registration of sshsucks.org.

VAX (computers) vs VAX (vacuum cleaners)

[iomud]

It dosent really matter to me all I know is that VAX is synonymous for sucking.

I seem to recall

[mindstrm]

that the suit wasn't over the term 'x86' but over the '386, 80386, 486, 80486' etc individually...

Intel clamied they were 'trademarks', and that by making compatable chips and calling them '486' etc... they were infringing.

The court ruled that you can't trademark a number, a part number even.

That's why the 80586 was called the Pentium, and all advertising shifted to saying 'Pentium' instead of '586', because the word Pentium *Could* be trademarked.

OpenSSH replacements offer...

[Noryungi]

OpenSHHHH... Sorry, we can't mention the name of the "other" product.

OpenSHL... Hey, what's a single letter between friends?

Open S S H... Oh, Come on, quit whining. You registered "SSH" and NOT "S S H", so there!

OpenWhat?... How do you pronounce "SSH" anyway?

Open-You-Know-What... Just add a ".org" and, presto! We are back in business...

WeAreSecureAndWeAreCanadian... Yep, it's getting longer and longer.

OpenSourceSecureShell... There, feeling better already? Shush, it's all going to go away.

Ho and by the way, I want to get sued too!! I am going to register:

openssh.co.uk
openssh.org.uk
openssh.fr
openssh.asso.fr
openssh.ch
openssh.it

(...etc...)

Anybody cares to bankroll me ?? =)

Bonus question: How on earth can you copyright a three letters acronym? I'll try copyrighting "IBM".

At least, it's going to make the fight more interesting and potentially more lucrative. Hmmmm. US$50,000,000 out-of-court settlement. Please note that this is just the "Acronym", not the logo, which is copyrighted by our big, blue friends in Armonk.

And remember people: OpenBSD needs your help! Order your 2.8 CD today and makes the world a better place for security and a worse place for script kiddies and copyright hoarders...

Re:OpenSSH replacements offer...

[CaseStudy]

It's the same thing as far as the courts are concerned. Likelihood of confusion and all that.

Re:OpenSSH replacements offer...

[X]

Bonus question: How on earth can you copyright a three letters acronym? I'll try copyrighting "IBM".

He didn't copyright SSH, he trademarked it. You can indeed do this, and IBM is indeed a registered trademark.

Actually, when you look at this case, it's a pretty clear example of why trademarks were created in the first place: to avoid customer confusion about branding. I'd say this guy is well within his rights.

Re:OpenSSH replacements offer...

[wuice]

...or when you don't read it at all..

Re:OpenSSH replacements offer...

[Noryungi]

I stand corrected! This is what happens when you read a news item too fast, I suppose.

(I still think that "Open S S H" is a good idea, though...)

=)

Re:OpenSSH replacements offer...

[CaseStudy]

Acronyms aren't descriptive. They might be generic if they're commonly used as words (which might be the case for SSH), but the collection of letters itself doesn't inherently describe the product without knowledge of what the letters stand for.

Hell, let's make it a party

[Ryvar]

"I developed SSH all by myself"

I could be wrong about the RSA connection here, but doesn't it seem wrong to run so contrary to their demonstrated attitude? I mean, SSH is founded on their pub/priv key encryption system, and when the time to jettison their patent into the public space came, what did they do? Politely did so early. I mean, if this is the example set by a big, evil corporation - what the hell is Tatu saying about himself with these actions? --Ryvar

Re:Hell, let's make it a party

[BJH]

I wouldn't say RSA abandoned their patent early to be "polite" - it was more a case of getting some good publicity, and cutting all those potential celebratory parties off at the ankles before they even got started...

Let's play the name game.

[Kibo]

I vote for shush.

Re:Let's play the name game.

[hattig]

Well, they have already decided to use OpenSecSH for the new name - look at the websites with that name.

There is more to security than encryption. Security at a basic level is authentication (you are who you say you are), validation (you sent what was received) and encryption (no one else could read what you sent).

Other names it could have are "OpenSRSH" for "Open Secure Remote Shell", or why not come up with a good name for once, like microsoft always manage to do? "Secure Terminal Client|Server" just to get one over M$, and it describes what it does very nicely.

Not a problem.

[CaseStudy]

So just change the name to "Sasha" (in the same manner as "Samba.") As a command, it's annoying to be two letters longer, but that's what alias is for.

Hmmm...

[BJH]

Just to point a few things out...

I would thus like to ask you to change the name OpenSSH to something else that doesn't infringe the SSH or Secure Shell trademarks, basically to something that is clearly different and doesn't cause confusion.

OK, I can go along with this. He has the trademark, the two applications are very similar, I can see where he's coming from.

The confusion is made even worse by the fact that OpenSSH is also a derivative of my original SSH Secure Shell product, and it still looks
very much like my product (without my approval for any of it, by the way). The old SSH1 protocol and implementation are known to have fundamental security problems, some of which have been described in recent CERT vulnerability notices and various conference papers.
OpenSSH is doing a disservice to the whole Internet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols.

Now this is a completely different kettle of fish.
1) If you didn't want people to hack on the code, why did you initially release it under a license that allowed that? It can't be retroactively retracted, y'know...
2) The OpenSSH team doesn't need your approval; you in effect gave them your approval when you licensed it as you did (see 1).
3) Yes, SSH1 has security problems. WHo developed it? You did. Also, IIRC, OpenSSH was just about the only implementation that wasn't vulnerable to several of the vulnerabilities that have been found so far.
4) OpenSSH supports SSH2 anyway, so I don't see how its existence is encouraging the use of SSH1. More than likely, people who had been put off by your version of SSH2's restrictive licensing terms moved to SSH2 only when OpenSSH provided it.

All in all, it seems a mix of a legitimate claim with some very clumsy revisionism and FUD.

Re:Hmmm...

[hawkear]

I use SecureCRT. It's not free (as in beer or speech), but I like it a lot. I haven't tried putty, but I think I will (this is the first I've heard of it).

Re:Hmmm...

[PigleT]

1) If you didn't want people to hack on the code, why did you initially release it under a license that allowed that? It can't be retroactively retracted, y'know...
2) The OpenSSH team doesn't need your approval; you in effect gave them your approval when you licensed it as you did (see 1). </i>

Here here! Exactly what I was thinking of saying, couldn't agree more.

Me, I don't see why there should be any confusion regarding `SSH' and `OpenSSH': I spell them differently, what more could you ask for?

As far as the commandname goes, it implements a secure shell - so `ssh' is a perfectly reasonable abbreviation, to me.

If you don't go round putting `(R)' after everything, you won't have a trademark problem. And while I'm passing by that, what was that I saw about "pending"? Get a trademark properly registered, *then* come moaning, or better still, do neither.

To me, Tatu's mail sounds like he's regretting the fact that openssh is moving ahead faster and with better publicity than the commercial one. Well, that's what you get for expecting to make money in the wrong arena, tough cheese.

Me, I've just installed a new RH6.2 box to be colocated in the next couple of days, and for remote access, I've put openssh on it. The non-free sshd quite simply doesn't get a look in, the license is too confusing.
~Tim
--
.|` Clouds cross the black moonlight,

Re:Hmmm...

[biglig2]

He may be (legitimately) worried that if OpenSSH is less secure than SSH (and I have no knowledge either way) , and there is confusion between the two, then he may be "tarred with the same brush".

But he doesn't express that well.

Re:Hmmm...

[wuice]

Actually, it uses the MIT license, which is like the BSD license, but who even keeps track anymore..

I vote for PuTTY, too. It rocks.

Re:Hmmm...

[ConsumedByTV]

I use SecureCRT
Putty is the worst software I have ever used (next to windows...)...

But SecureCRT, got money in the mail for their very good product...



Fight censors!

Who cares if someone named their project "Scoop"?

[William+J.+Clinton]

If someone wants to go by a nickname or alphanumeric representation of an english word then go for it but how in the world can a project named "Scoop" be mistaken for a person nick-named "Scoop"? It all seems rather childish to me.

Harlem, here I come!
Bill

Isn't that concidental.

[zoftie]

taken from: http://www.eskimo.com/~matth/hobby.html

From "Historically Brewed" magazine:
And now it's time for the "ARE SOME THINGS BETTER LEFT UNSAID?" Department
The following is a reprint of a letter which Bill Gates, co-founder of
Microsoft, wrote and had published in the Homebrew Computer Club
newsletter on February 3, 1976.
Ouch Bill, take it easy guy!

An Open Letter to Hobbyists

To me, the most critical thing in the hobby market right now is the lack
of good software courses, books and software itself. Without good software
and an owner who understands programming, a hobby computer is wasted. Will
quality software be written for the hobby market?

Almost a year ago, Paul Allen and myself, expecting the hobby market to
expand, hired Monte Davidoff and developed Altair BASIC. Though the
initial work took only two months, the three of us have spent most of the
last year documenting, improving and adding features to BASIC. Now we have
4K, 8K, EXTENDED, ROM and DISK BASIC. The value of the computer time we
have used exceeds $40,000.

The feedback we have gotten from the hundreds of people who say they are
using BASIC has all been positive. Two surprising things are apparent,
however. 1) most of these "users" never bought BASIC (less than 10% of
all Altair owners have bought BASIC), and 2) The amount of royalties we
have received from sales to hobbyists makes the time spent on Altair BASIC
worth less than $2 an hour.

Why is this? As the majority of hobbyists must be aware, most of you
steal your software. Hardware must be paid for, but software is something
to share. Who cares if the people who worked on it get paid?

Is this fair? One thing you don't do by stealing software is get back at
MITS for some problem you may have had. MITS doesn't make money selling
software. The royalty paid to us, the manual, the tape and the overhead
make it a break-even operation. One thing you do do is prevent good
software from being written. Who can afford to do professional work for
nothing? What hobbyist can put 3-man years into programming, finding all
bugs, documenting his product and distribute for free? The fact is, no one
besides us has invested a lot of money in hobby software. We have written
6800 BASIC, and are writing 8080 APL and 6800 APL, but there is very
little incentive to make this software available to hobbyists. Most
directly, the thing you do is theft.

What about the guys who re-sell Altair BASIC, aren't they making money on
hobby software? Yes, but those who have been reported to us may lose in
the end. They are the ones who give hobbyists a bad name, and should be
kicked out of any club meeting they show up at.

I would appreciate letters from any one who wants to pay up, or has a
suggestion or comment. Just write me at 1180 Alvarado SE, #114,
Albuquerque, New Mexico 87108. Nothing would please me more than being
able to hire ten programmers and deluge the hobby market with good
software.

Bill Gates
General Partner, Micro-Soft

Re:Name suggestions:

[shokk]

HSS - Host Secure Session

Since it's definitely more than just a shell now.

Re:Name suggestions:

[sharkey]

NAVASSHOSSH: Not As Vulnerable As SSH Open Secure SHell



--

So what are name alternatives

[Keepiru]

Talk about knee jerk reactions, they try to protect thier IP, lets put them out of business. SSH is a great product, but I can understand the confusion, what if I created a shell and called it OpenBASH, you don't think Bash would get requests for help on my shell?
So, the real question is, what name should OpenSSH use?
Trusted shell (tsh)
encrypted shell (esh)
Anyone else has others
Get involved

Bad luck

[nagora]

The mistake was in naming the company after a protocol/command. This is really like Henry Ford calling his company "Production Line Cars" and then getting annoyed by another company called "Fast Production Line Cars". Secure Shell is just a descriptive term and ssh is just an abbreviation of that term.

It's a shame if the inventor of such a useful thing is losing money but it is his own fault for picing a generic term for the company name. Or should the inventor of the term "Shell" sue Ylonen?

TWW

Re:Having been through something like this before

[deeny]

Actually, that's NOT a good example. Bayer's trademarks were seized by the US during WW1. See:

http://www.britannica.com/bcom/eb/article/0/0,5716 ,121640,00.html

_Deirdre

Doesn't matter.

[mindstrm]

If it was a garage operation they didn't know about, that would be different. How could they enforce it if they didn't know about it? You're right there.

That is not the case here. OpenSSH is highly visible, and they even admit they KNEW about it a long time ago. It doesn't matter how big or small they are; if they are infringing, you must do something about it.

Re:Having been through something like this before

[roca]

> Having not defended his trademark for four
> years, Tatu will have trouble getting others to
> drop the name "SSH" or combinations thereof.

Yep...

> HOWEVER, this protects only existing uses of the
> name "SSH", not other individuals or
> companies using the name for future products.

I believe this is not the case under US trademark law. Other people have cited the case of "aspirin": Bayer failed to protect the trademark and so now it is in the public domain. New products can be called "aspirin".

My objections to the suit

[mfterman]

Normally I'd be on the side of the person who owns the trademark except there are a few things about this that I do not like.

First off, getting SSH as the name of an IETF protocol, and then trademarking it. This is the act that really stinks. Its as bad as Apple's Firewire stunt, getting an IEEE protocol set up and trademarking the name associated with it. This reeks of trademark trapping, or trying to grant oneself a monopoly with regards to an IETF protocol, or at least an unfair advantage. Only his software can use the name of the protocol in the name of the software using the protocol. It would be like trademarking HTTP.

Second off, I am somewhat suspicious at the time lag involved between the founding of OpenSSH and the present. If you're going to do the trademark enforcement thing, do it at the very beginning and go with the lawyers and accept the PR meltdown that is going to result because you did a sleazy thing like trademark an IETF protocol in the first place.

In short, this is someone who is trying to have it both ways. Playing the IETF and open standards game while still having the trademark and the exclusive right to make software with the name of that protocol in it. He tried to engineer himself an unfair marketing advantage and some reasonable uses of the SSH protocol name are causing him business confusion. You will notice there is no talk of his changing his software name and setting up a new trademark. And while you can talk about his investment in the mindshare of the SSH name, he did it in a fashion that puts other people trying to use the SSH protocol at an unfair disadvantage.

Now, perhaps I am being unfair here, perhaps he did not intend to do things that way, at least not consciously. But the end result is the same. He took an open protocol name and trademarked it so that no one else could use the protocol name in software that implements the software protocol but him, giving him an unfair advantage. Now that people are trying to erode that unfair advantage, he is crying foul, and after other people have invested work in the OpenSSH brand name as well.

Oh yes, and tradmarking "Secure Shell" strikes me about on the level of trying to trademark "Windows". You might be able to do it but its a really sleazy thing to try. Whatever sympathy I have for him was completely destroyed when that fact came to surface. This is a person using trademarks in an abusive fashion and I'd like to see that reap the rewards it deserves.

On Politeness, Indifference, The State

[jacks0n]

And I know more of tactics than a novice in a nunnery!
It's funny that this actually is a moral issue, and not one about power. The sides are balanced. On one side, The State. the other, the forces of Indifference. Who are you going to sue? and what would you get, besides bad publicity? The author seems to realize this, and is asking nicely. So what is the right thing to do? It may be clear-cut to you, but just because it violates some laws, and causes enormous tech support bills doesn't make it right to change the name. The best reason I can come up with to change the name is: It is the polite thing to do. The man asked nicely, and the name doesn't matter particularly to me. As long as it works.

No Trademark in Canada?

[Chris+L.+Mason]

Isn't OpenSSH, along with OpenBSD, developed in Canada? Well, the above letter only metions trademarks in the US and Europe, so doesn't make this all moot?

Name suggestions:

[X]

• NSSH: Not Secure SHell.
• GNASSH: GNASH's Not A Secure SHell.
• ASS: A Secure Shell.
• SSH NT: SSH Not Trademarked.
• LDUSSH: Lawyer's Don't Use Secure SHells.
• RSSH: Really Secure SHell.
• (In case the previous one is not different enough) RRSSH: Really, Really Secure SHell.

Re:Name suggestions:

[bapink01]

how about

• opencowboyneal

Re:Name suggestions:

[Bingo+Foo]

Sorry, this one runs into problems too.

Bingo Foo

---

Re:Name suggestions:

[JoeShmoe]

No! Because then the goatse.cx guy would actually be considered on-topic. [shudder]

- JoeShmoe

Re:Having been through something like this before

[martin-k]

How long do you think until his registration is approved?

If the U.S. trademark process is similar to the German one (== just as bad), the registration will be examined by a USPTO officer, and if he doesn't find obvious reasons for declining, the trademark will be accepted and published. Then, there will be an opposition period for a couple of months in which it is rather easy to shoot down a trademark.

After that, the trademark is validly registered, and it becomes tough (== lawsuits) to have the trademark cancelled.

Please note that trademarks might not be registered in the U.S. alone. Other countries will have different procedures.

-Martin

SSH is a company???

[CyberLife]

I just asked around the office, and everyone here thought SSH was the name of the protocol. Nobody had any clue it was trademarked. We've been tossing it around as a generic term for years.

I also asked a couple of clients. They said the same thing. Sounds to me like this is another case of failing to protect a trademark and losing it to the public domain.

- Milo Hyson

All is $$$

[Frodo]

Seems like SSH team feels that OpenSSH is eating their profits, since SSH has no added value but is not free. So they are trying to hurt OpenSSH project in the hope that this will bring their profits back. I guess it won't.

The translation is...

[DuckWing]

"I/my company is loosing money because there is a free alternative to my product that most people are using now instead of my product. So now I'm gonig to whine and cry and enforce a trademark I've never enforced before to try to recoup some cost."

I think that about covers it, don't you?

SSH1 vs SSH2

[Leto2]

Tatu writes in his email:
"The old SSH1 protocol and implementation are known to have fundamental security problems, some of which have been described in recent CERT vulnerability notices and various conference papers. OpenSSH is doing a disservice to the whole Internet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols."

I've always used ssh1, I don't know why, I guess because the first time I started using it, a friend said to me: "Use ssh1, ssh2 sucks". So I did. What are the main differences between ssh1 and ssh2 and why is ssh1 fundamentally broken and ssh2 not?

Also, last time I looked, OpenSSH can use both protocol 1 and 2.

Re:SSH1 vs SSH2

[Weezul]

I do consider ssh2 to be broken crypto. The protocol specifies the base and modulus for its public-key-exchange algorithm. This means that anybody can sit down and "study" that base and modulus for weaknesses and attack spots. Heck, the NSA -- or Tatu -- could have pre-computed the information necessary to break the encryption on an ssh2 stream.

Why did he do this? Dose he want to try to kill competition by making a protocoll which no one can use without being insecure or is there some reason why he did not feal that this was a threat?

Re:SSH1 vs SSH2

[Dunedain]

I've always used ssh1, I don't know why, I guess because the first time I started using it, a friend said to me: "Use ssh1, ssh2 sucks". So I did. What are the main differences between ssh1 and ssh2 and why is ssh1 fundamentally broken and ssh2 not?

Put simply, Tatu considers ssh1 broken because he released it under a non-restrictive license and wishes he could take it back. While it is true that ssh2 encrypts more of the communications channel than ssh1, the attacks on ssh1 are of a difficulty roughly on par with stealing a TCP connection from a modern OS: the attack is possible, but extremely impractical.

I do consider ssh2 to be broken crypto. The protocol specifies the base and modulus for its public-key-exchange algorithm. This means that anybody can sit down and "study" that base and modulus for weaknesses and attack spots. Heck, the NSA -- or Tatu -- could have pre-computed the information necessary to break the encryption on an ssh2 stream.

The above is a quick sketch of the arguments for why ssh1 and ssh2 are broken, together with some highly cynical suggestions for why they might be built that way. Go do some real research before you pick crypto to trust with anything you care about.

Re:SSH1 vs SSH2

[Daffy+Duck]

I agree. I may be highly misinformed, but I also don't trust SSH2 over SSH1. Although there is the insertion attack for SSH1, isn't it true that all recent implementations detect it and shut the connection down?

And doesn't SSH2 rely on DSA public keys? I don't trust them either, for pretty much the same reason that PuTTY doesn't (see the non-wish-list) - namely, that if anything goes wrong with the random number generator, it's the private key that gets compromised, not just a single session.

Can anyone more knowledgeable confirm or deny this?

Openly Screwed Shell? (nt)

[Ryvar]

nt

--Ryvar

I second putty

[look]

Putty is a great program for those of us stuck on Windows at work. It's easy to download (it's only one exe file!) and really small. Just do a google search for "putty" and 30 seconds later, you're in business.

In general, it's also a great vt100 client, better than most I've used.

Name suggestion: shine

[TheTick]

Shine Is Note Essessaitch

Of course, for the sake of grammar, the daemon will need to be called "shone".

Original Licensing Restrictions?

[sterno]

What I'd like to know is, what were the original rules under which the source code and protocol of SSH were made publicly available? It seems to me that if there was some concern over use of the trademark SSH, restrictions about that should have been included in that license. If you look at different open source licenses, many of them make express stipulations about trademarked names that cannot be used by derivative products.

It seems to me that this is a too little too late scenario. OpenSSH has been around for a long time and he hasn't taken issue with it until now. Now, it could be argues that OpenSSH has had time to build it's own name associated with a certain quality of product, etc. If they were forced to change their name, it might cause confusion for people who wanted to find their product.

Has he made his complaints earlier, OpenSSH would have been named something else, and today we'd all be using an SSH replacement called something else. Sucks to have to go to court over such things, but I think the OpenSSH group has a strong case at this point.

---

Re:Original Licensing Restrictions?

[millert]

The ssh 1.2.16 code base, form which OpenSSH is ultimately derived, has the following license:

Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
All rights reserved
As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

Based on this, the OpenSSH folks believed that they were using the term "ssh" in good faith and in accordance with the license.

Sorry, James, trademarks must be defended

[Russ+Nelson]

Sorry, James, trademarks must be defended or they will be lost. And there is substantial value to USERS to know that a name has a meaning fixed by law. It is that value they wish to protect for their USERS. Or don't you care about users?
-russ

Re:Name suggestion: FRESH

[JoeShmoe]

Speaking of which, if you write a program that create a FRESH connection, be careful what you name it because Mentos already has a trademark on "FRESHmaker". =P

- JoeShmoe

How about OpenSECSH?

[kervin]

how about OpenSECSH and the command 'secsh'?

Re:Yes.. but..

[roca]

Well, just for the record, TTSSH didn't have any of these bugs either.

Re:Having been through something like this before

[roca]

OK, so Bayer's not a good example, but what I said is still true :-).

Re:Yes.. but..

[sethgecko]

just for the record, all SSH1 implementations except for OpenSSH 2.3.0 had the flaw. This includes the commercial SSH. But shame on me for responding to a troll.

RFC

[bperkins]

It seems to me that since the protocol is called ssh in the RFC:
http://www.free.lp.se/fish/rfc.txt, which seems to predate his application for a trademark, he doesn't have a a valid claim.

In this RFC, the name of the protocol is ssh. It would be a violation of the RFC to call it anything else, and it would lead to confusion.

OpenSSH is *exempt* (IANAL)

[localman]

Trademark law specifically exempts non-commercial usage. Although the examples given are "parody, satire and editorial commentary", it does state that non-commercial use is exempt from trademark law.

I don't think the drafters of trademark law ever thought someone would give something away over a long enough period of time to be a problem. Good to see that the outdatedness of these laws cuts both ways.

Trademark applies to *command*?

[Guy+Rixon]

I hope that the trademark business only affects the name under which OpenSSH is publicized, not the command-names for the actual programmes. Given that OpenSSH is a clone, it ought to be invokable with the same commands as the "real" SSH product.

If this is so, then I don't think it really matters much for the OpenSSH side; AFAIK OpenSSH isn't really marketed, so the cost of changing its name is negligible. But if the trademark covers the actual ssh command, then the trademark is doing real damage to the community.

Re:Trademark applies to *command*?

[magi]

I strongly doubt that this would be a question of shell commands.

Besides, I believe 'ssh' command is usually just a symbolic link to either ssh1 or ssh2 binary. Thus you can always name the software as "openssh" or whatever you like, "ksdhfjsdf", and just add the symbolic link.

lrwxrwxrwx 1 root root 4 Dec 31 03:07 /usr/local/bin/ssh -> ssh1*

Re:Scoop

[demon]

Scoop is Pat Lenz, the creator of freshmeat.net. Fool. ;)
_____

Regard this as an opportunity.

[Godwin+O'Hitler]

...an opportunity to get rid of that nondescript name and call it by a name that's more suggestive of what it does. I'm sure I'm not the only person to be saturated with initials to such an extent that sometimes I can't even remember what I'm talking about.

I know

[fatmantis]

the OpenSSH people should change their name to Fatmantis.

Re:Having been through something like this before

[CaseStudy]

He doesn't have to be the first to use the name, as long as nobody else is using it at the time in connection with similar products.

No, he doesn't have to do so

[_|()|\|]

Don't blame him, he has no real choice in this matter.

He chose to monopolize a number (a small number, in fact: 0x535348). He chose to use that against the OpenSSH project. Don't tell me has no choice.

The trademark system is designed to protect the consumer, not the trademark owner. OpenSSH is not defrauding anyone. It may be costing Tatu business, but that's tough on him.

Furthermore, it's not clear to me what he has actually trademarked. If you look at ssh.com, you'll see "SSH (R) Secure Shell tm." "(R)" means, I wish I had any rights to reserve. "Secure shell" is descriptive, and therefore not subject to trademark.

Re:No, he doesn't have to do so

[Art+Tatum]

I think the reason he waited so long was more out of good will than anything else. Judging from his statement that he had "recently" began receiving emails and support calls from many confused (and as far as I'm concerned, downright stupid) people who couldn't tell the difference. My guess is that he didn't mind the OpenSSH project until people started calling him to complain about some bug or other in OpenSSH.

Knowing the way IT managers are, they probably yelled all sorts of things like "lawsuit" and "I'll never use your product again!" as a result of some minor flaw in OpenSSH.

Re:No, he doesn't have to do so

[Jedi+Alec]

OpenSSH is not defrauding anyone.

OpenSSH is confusing their users sufficiently for them to waste valuable time, money and bandwidth in trying to contact SSH for support.

Re:No, he doesn't have to do so

[thorpej]

With regard to the suggested name "FreSH" as an alternative to the name "OpenSSH", I would like to point out that there is already another free SSH protocol implementation called "FreSSH". See http://www.fressh.org/.

Re:No, he doesn't have to do so

[shokk]

Simply using another name isn't going to kill anyone. "FreSH is a free, open source implementation of the SSH2 protocol." Bam. (The hardest part for most people would be learning to type "fresh" after their fingers are trained to type "ssh"... although on second thought, you know everyone's going to just make a symbolic link to "fresh"--or whatever it's called--from "ssh" anyway.)

And I don't see anything wrong with that since no one can tell me what I can and cannot name my symbolic link on my system. If I want to rename "ls" to "pepsi" that's my business. Oh, hold on, there's some lawyers at my door.

The original SSH license

This is the license that OpenSSH is based on:

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

Sure looks like 'permission' to me.

Re:The original SSH license

[maroberts]

Anyone Got a link to the license ?
No Goatse.cx please!!

Re:The original SSH license

[Politas]

You mustn't be reading the same bit of text.

It says the name must be changed IF it doesn't meet the RFC spec, which would seem to imply that the name does not need to be changed if it does.

Re:The original SSH license

[frogstar]

Both spellings are correct, according to Oxford (and also Webster). "License" according to Oxford can only be used as a verb, where "Licence" can be a noun or a verb.

Similarly with "practice" vs. "practise"

Another reason for this

[MobyDisk]

He hinted at another reason for all this:

"OpenSSH is doing a disservice to the whole inernet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols."

Also - Isn't the actual protocol, as recognized by the IETF, named "SSH" - if so, how can you trademark that?

Re:Another reason for this

[Skybert2]

Amazing... Some people don't read the stories or the other posts. THE PROTOCOL IS CALLED SECSH. NOT SHH.

Okay? Got it? SSH is an implementation of SecSH. OpenSSH is an implementation of SecSH. Clearly, OpenSSH is leaching off the brand and name that SSH has developed. Renaming it, as they are doing to OpenSecSH, solves all these problems, and the guy is happy with that.

Well, according to the IETF, it's called both. secsh in the headers, but SSH almost everywhere else. See http://www.ietf.org/html.charters/secsh-charter.ht ml Most of the documents on this page are from January 2001, and it's SSH this and SSH that.
T. Ylonen is one of the authors of these. Calling it the SSH protocol should be ok, when even the author does it?

Re:Another reason for this

[MicroBerto]

Yup... I suppose that I, too, would be pissed off if I created a program, and then its FREE competitor ended up being consistently better.

Mike Roberto
- GAIM: MicroBerto

How will this affect current systems?

[friscolr]

If OpenSSH is forced to change their both their name and the name of the executable they produce, and all future versions are shipped as 'sosh' (Secure Open SHell?) or something other than 'ssh', how will this affect production systems that depend on the use of ssh?

I have scripts & users that depend on ssh being ssh and scp being scp on many of my systems. If i rename 'sosh' (or whatever) back to 'ssh', will i be fined for trademark infringement? If i do change the executable name, then users will continue to confuse the products. If i don't, then every script that references ssh will have to be changed.

Additionally, how does this affect the FreSSH Project and other ssh implementations which include ssh in their names? Have they too be served notices?

-f

Re:How will this affect current systems?

[TV-SET]

On some systems symlinks maybe of some help :)

Protecting Copyrighted name? I don't think so...

[natet]

>Why shouldn't the guy protect his own, copyrighted, name? Seems like a perfectly reasonable request to me.

Except, that the copyright doesn't protect the use of the name IN another name. Let me give you an example. In my home state, there were a couple of water parks, Magic Waters, and Rageing Waters. Both had Trademarked names. Rageing Waters came first, but had no right to tell Magic Waters to change their name because the use of Waters might make it difficult for people to differentiate them. OpenSSH is A DIFFERENT NAME entirely than SSH IMHO. If SSH's clientelle can't tell the difference, then they are IDIOTS.

The part of this letter that really pissed me off was this:
The confusion is made even worse by the fact that OpenSSH is also a derivative of my original SSH Secure Shell product, and it still looks very much like my product (without my approval for any of it, by the way).

Correct me if I am wrong, but telnet used that Look and Feel LONG before SSH ever came into the picture. So getting this jokers "approval" was not an issue. Further, this was completely off the topic of the letter. It should never have been brought up. If his beef was to get the OpenSSH guys to change their L&F, then he should have SAID that.

I realize this guy is only trying to protect his own interests. But, there are hundreds of products out there that the names only differ by one word. Example: Windows, and the Open Windows projects. I don't see M$ flipping out over that one. Another example is the ACS and Open ACS tools. The problem here is that SSH is not a significantly BETTER product than OpenSSH. Instead of throwing a fit over the name, perhaps SSH should make an attempt to DIFFERENTIATE their product significantly from OpenSSH. Requesting that OpenSSH change their name seems like a rediculous request to me. It says what it is, an OPEN implementation of the SSH standard.

It is time for companies to stop stomping on the little guys and INNOVATE instead. Instead of jumping on the litigous bandwagon, make your product BETTER than the competition. When I decide to buy or use a software solution, who has the better lawyers shouldn't even be a factor in my decision. But it is fast becomming one.

Tomatoes, Tomatoes?

[noz]

Hemos says 'Enfringement', ComanderTaco says 'Infringement'. I'm afraid I'll have to agree with the latter in this case (Dictionary.com).

Re:Yes.. but..

[sethgecko]

attention mods: the parent post is +1 insightful. please mod this up.

attention karmawarrior: that was very well put.

ssh

[panic911]

I think this guy makes a lot of good points. SSH was created by these people and another organization has taken their work and is giving it out for free.

Yes.. but..

[mindstrm]

How long has it been going on? They knew about it for years... many have used the SSH mark. It's probably fair to say that it has become a common name (dilution) and no longer has a sole brand-name value.

Trademark is not like patent; you MUST enforce it or lose it. THey should have been asked to stop using it a LONG time ago, not just recently. SSH hasn't protected their mark, so they lose it.

Re:Yes.. but..

[MadAhab]

I'm not sure "secure telnet" is more descriptive (well, acutally, I am sure; it's not), but there is already a "secure telnet", so you're out of luck there.

I agree that it's an unusually polite letter, but there are some nasty and unjustified claims in there, too. Like the implication that because SSH1 is supported, OpenSSH is doing a disservice to the Internet. Funny, every windows/mac FREE ssh client I've ever seen has support for SSH1 only, and until OpenSSH, every free client I've ever seen supported SSH1 only. To me, that looks an awful lot like doing the community a great service, one that he declined to. Sure, maybe that is keeping money out of his pocket, but that's just tough luck for him.

Additionally, from the recent security bulletins I've seen, OpenSSH-2.3.0 was one of the few that was not affected, while nearly all the commercial clients were, including those from ssh.com. I'm not sure glossing over that fact while implying that the free/open project is shady or insecure can be defended as polite or reasonable. It's FUDdy, that's for sure.

And what about Datafellows (an Amercian company that's operated out of Finland for export law reasons)? I know they've been calling their client and server "ssh" since about 1996. If he hasn't sued them in all this time, then the trademark is probably invalid. It appears to me to be a generic term, and he's only complaining now because he's inconvenienced by a bunch of people confused about the plethora of recent ssh bugs uncovered, and he's lashing out at an unprotected target that is giving away what he wants to sell.

It's actually pretty hard to have sympathy for him. Sure, his business is being eroded by something others are giving away, but that's business. It's his fault for not picking a better business model, like maybe giving away a client and selling the server.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Re:Yes.. but..

[sethgecko]

is that what you say? Tatu Ylonen seems to have been nice enough not to challenge OpenSSH on the trademark dilution until now. He hints that it is because of the recent furor over SSH1 security holes that he is reluctantly doing this. By your reasoning, any company with a trademark should be fascistic about enforcing their rights as soon and as often as possible. There can be no leniency or they will loose their trademark. That's not exactly a situation I want to come about (not that I have the least say in it, of course).

By the way, it's not exactly years. OpenSSH was inroduced with OpenBSD 2.6. Released December 1, 1999. So roughly a year and 3 months.

Re:the motion of FRESH (my random opinions)

[Omnifarious]

This is how I initially felt about it, and still do to an extent. He actually is upset that OpenSSH exists, and not just because of the name. He lets that slip into his message a couple of times. I also think he chose this method of informing people more because of the PR meltdown he knew would insue if he used a lawyer.

Overall, I think changing OpenSSH's name would be a good idea. The argument about SSH being the name of a protocol is well taken, and perhaps the name of the protocol also needs to be changed. If his program were an Open Source program, OpenSSH would be considered a fork, and would require a namechange. Of course, in the Open Source world, the distinction between SSH and OpenSSH would be enough.

FRESH has my vote, though, perhaps Liberated Encrypted SHell (LESH) would be better. It's shorter and uses the word 'liberated' instead of 'free'. It does have (un?)fortune associations with letch and lush though. :-)

SSH - Product or Protocol ????

[nqp]

Are they only trying to protect their "brand" product SSH ?
Or is this a first step towards claiming the SSH protocol (a la M$) ?

Some Corrections

[mindstrm]

1) He didn't enforce his trademark for the last year and a bit, so as far as the community is concerned 'ssh' is now a common word, not a 'product'. He didn't defend it right away, so he will lose it. That's how Trademark law works. (as opposd to Patent law, where you can selectively enforce it wherever you want, and ignore others)

2) If someone managed to get the recipe for Coca-Cola, they could use it to make another product and market it. The only reason they don't is it's a SECRET, and nobody knows what it is. What they can't do is call it 'coke' or 'coca cola' because that's coke's registered trademark. If they called it 'OpenCocaCola' and it was rather popular and it was 2 years before Coke sued them... coke would probably lose it's trademark.

This has nothing to do with patent.

Re:Some Corrections

[pkphilip]

Are you complaining that SSH didn't jump down OpenSSH's throat the moment they saw the name SSH being used? SSH has shown commendable respect to the open source community in trying to resolve the patent infringement dispute amicably.. this shouldn't be confused for weakness.

The mail indicates that they have tried to get the trademark infringement corrected by contacting the main developers.. Apparently his efforts were in vain because many of the people concerned weren't listening.

Regarding the patent infringement stuff about Coca Cola, don't count on Coca Cola losing the trademark. More corporations have succeeded in keeping their trademarks even when their trademarks have been infringed over long periods of time.

Also, why does it always come to the question of what we can get away with? Even if we could get away with this patent infringement, I think the open source community should be courteous and comply with the demands for a change of name. Anyone who is doing anything in the security business should be expected to keep themselves updated enough to realize that OpenSSH has changed their name to Open+Whatever.

We lose nothing but a change in name. But for SSH, they stand the risk of having their shareholders confused,the suits in the industry confused etc. They stand the risk of losing a large part of his business.

Scoop

[GandalfGreyhame]

K5 guys naming their project 'Scoop' even tho another major Web site was created by a guy with the same name

Whahuh? So, just because it means something to you, its 'another major website'? I quite honestly don't have a clue what the fuck you're talking about. And from what you said, a _guy_ created a site, not a discussion engine far superior to Slash named Scoop.

-G, BOFH at www.tolkiengeeks.net

Linux is only free if your time is of no value

MEEEEEPT!!!!

[Paulo]

Godwin's Law alert!!!! Godwin's Law alert!!!!

He already lost it

$ grep smtp /etc/services
smtp 25/tcp mail
$ grep ssh /etc/services
ssh 22/tcp
ssh 22/udp
$ grep sendmail /etc/services

He obviously didn't protect the trademark rights if he let the name of his program be used as a generic term for the protocol. Compare that to sendmail

It doesn't matter, though. The new site is already registered
http://www.opensecsh.org

Another case of...

[ipsurge]

Just because we 'can', doesn't mean we 'should'. You're saying "He waited to long to do anything about it, so it's his loss" and "So what if it's causing his customer's business." What if you're right? What would it hurt to change the name in an effort to help the man out? He created the technology, and has gone through the efforts to protect it in a fair, polite manor. He hasn't sued anyone (and you don't know how long he's been e-mailing people trying to get them stop so just because you heard about it today doesn't mean he waited over a year to say something). He's clearly saying use the technology, I support that, just please change the name because you're confusing my customers, and you're clearly saying "screw you we'll do what we want because we can." Instead of complaining, how about thanking the man for being friendly and supportive of the OpenSSH project. I'm glad my real life community doesn't reflect the attitude I see daily in the "open source" community.

I don't think they understand....

[abdulwahid]

OpenSSH is doing a disservice to the whole Internet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols.

You must be serious...there may have been flaws in the SSH1 protocol but OpenSSH does implement SSH2 protocol also. So what is the problem, SSH1 is just there for backwards compatability.

In reality OpenSSH have done a great service to the community. They have made secure access freely available to the masses. For example, most of the Linux distributions now ship OpenSSH where as they didn't use to ship SSH because of the unfavourable liscense. Furthermore, many of the systems that used to run on the orignal SSH have now moved to using OpenSSH. Basically, I don't think they understand the great service OpenSSH is providing. A great service that they could have provided from the start if they weren't so interested in hoarding everything for themselves.

Re:Dilution

[millert]

Furthermore, there are other ssh implementations that have been using "ssh" in their name since at least 1997. The earliest one I am aware of is Ian Goldberg's "Top Gun SSH" for the palm pilot (upon which terraterm ssh was originally based).
Four years of not protecting a trademark is a long time. It also seems strange that none of the authors of programs with "ssh" in their name have been contacted. It certainly does not seem like Tatu has a strong case for the ssh trademark.

KNISH

[sulli]

KNISH's Not an Insecure SHell.

Doesn't use the SSH name at all, easy to remember, says it's secure ("Not a Secure Shell" != very confidence building), plus it has that fun GNU style. And you'll always know what to serve at release parties.

Re:Protecting Copyrighted name? I don't think so..

[natet]

Fine, trademark, fry me for the use of the wrong word. AFAIK, use of all or part of a trademarked name INSIDE of another name doesn't violate current trademark policy. SSH doensn't have a legal leg to stand on.

Re:You forgot RASH

[sulli]

Well, there's also:

Terrible, Rotten, Annoying SHell...

Secure Shell are two words in common usage.

[crovira]

While I agree that there might be some confusion, that's because BOTH are at fault for picking such a stupid name for a product.

Secure Shell is a description NOT a name. That's about as dumb as "Word Processor" Corporation or "Raspberry Ice Cream Cake" corporation.

Get your head out of your lawyer's ass adn pick a decent name for your company and your product. The Bozos who pick any Unix-ish perpetuated acronym and stick "Open" in front of it are as deserving of scorn as the original idiots who couldn't type the entire word in the first place.

Re:We should be good neighbors here.

[Zo0ok]

I really agree on this!

Downloading mp3s and using DeCSS MIGHT be wrong, but I guess many of you here do it anyway because YOU think it is the right thing to do (I really dont want to start a discussion here, just pointing out that there are different views). I also believe many people would continue to use DeCSS even if it turned out to be completely illegal.

I think the slashdot community loses some credability when it makes this issue an excersise in law. We slashdotters like common sense, nice companies and free software. This Finish entrepreneur has contributed to open source - ssh is an important and good tool. It is obvious that he is one of the "good guys", and he is not trying to force any of us to pay him for using ssh or whatever clone we prefer.

Let us change the name of OpenSSH, and hopefully SSH will license their future product in a more generous way than otherwise.

The only dangerous thing I can think about is if this snowballs; what other projects can be in danger?

A DISGRACE!

[mzungu]

I think the posts that seem to say "screw him" or "just too bad, he had his chance" are a complete disgrace to the open source movement.

Just change the name to something else like ThanksForInventingItnowFuckOFFSH, or maybe just FreSH.

I see no justification for the strident tones and bully stances adopted by you fellow slashdotters.

Let the guy make his money, change the freakin name, and save the passion for the real corporate bastards. You guys are crapping all over your own kind.

Lovely way to attract people to the open sores movement.

M

Fair Enough

[cylence]

IMHO, he states his position quite clearly, and has made this the most non-threatening Cease-and-Desist letter I have ever come across. His demands are simple: He has no problem with people implementing his protocols, or mimicking his design, in fact he encourages it. The only thing he has a problem with is the name, which I should think is readily fixable. Just name it Sasha or something.

Re:Secure Shell is a WEAK TRADEMARK

[boaworm]

It is very had to say noone else may use souch a short abbreviation like "SSH". Compare OpenSSH to OpenWindows. Can Microsoft sue for the use of "Windows" there ?

Hmm.

[mindstrm]

Anyone can apply for trademark and get it. Whether it is enforcable is another thing altogether.

Does not the original license on the ssh code allow for use 'for any purpose?'

IT also states that if the software functions differently from the protocol specified in the rfc's (called ssh1 and ssh2), it should not be called ssh.

That's like saying that as long as it behaves according to the protocols, it can be called ssh.

The protocols are commonly know to the entire internet community as 'ssh'... good luck enforcing that trademark.

Name suggestion: FRESH

[wowbagger]

Any name with "SSH" in it will be an infringing name. Therefor, any new name must not contain "SSH".

I suggest FRESH: Free Remote Encrypted SHell.

1. It covers the fact that it is Free Software.
2. It points out that the primary use is for remote access
3. It points out that the link is encrypted

I make this name available without restriction.

<Off-topic>
Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....
</Off-topic>

Re:Name suggestion: FRESH

[thorpej]

With regard to the suggested alternative name "FRESH" for "OpenSSH", I would like to point out that there is already another free SSH protocol implementation called "FreSSH". See http://www.fressh.org/.

Informal poll

[ahde]

I'm not trying to give ammunition to an opposition when this ends up in court, but I'd like to see how many slashdot readers associate the term "ssh" with the secure shell protocol or with the trademark name.

I, personally, wasn't even aware that there was a trademarked SSH brand company, and when I went to search for an ssh implementation to install, and found that Tatu Ylonen had registered a company with that name, I found it quite brazen to name his company after the protocol, as if someone had chosen to name their networking company TCP/IP (R).

I don't know the facts, and couldn't find them anywhere in this thread. Did Tatu Ylonen develop the ssh protocol? Did he coin the term "ssh" or "secure shell"?

If so, I feel he has the right to enforce his trademark, just as Linus Torvalds has the right to enforce the use of the term "Linux". And, although, I'd like it if he were as reasonable as Linus (i.e. with Red Hat, Debian, Slackware, etc.), it is his right to utilize trademark law for his own benefit.

That said, it is obvious that the letter posted to the openssh dev mailing list is belligerent and inflammatory; and that his intent is to "create" evidence to defend his trademark in court and to justify his actions (or intent). He is not only creating proof of defense of the trademark, but attempting to convince others (as well as himself) of the material value of "ssh" as a trademark that is not, at least in my mind, actually there, and to plant artificial statistics in the minds of "witnesses" that would otherwise be uncorraborated.

As evidence, I submit my suspicion that the figure of 180 employees is bullshit.

Sure, change it then

[jsse]

We opensource community is flexible, why not pick a better name when chance come?

How about 'SHIT'?

It can be 'SHell IT, or Shit HIT, whatever, it doesn't matter, I just found it work well with prefix 'OPEN'.

Even the name is registered trademark of something else, the registerer would be too busy dealing with overwhelming infringement cases. There were millions of such trademark misuses in Al's camp when Bush announced victory.

Even better, you can take the best of the situation when your boss consult you about system security, you can openly say:

"It needs shit."

"I don't get a shit of it."

"You really need shit."

"What shit do you get into?!"

"You want that shit?"

"Do you want shit with that"

"HOLY-I mean-OPENSHIT!!"

Re:Protecting Copyrighted name? I don't think so..

[elegant7x]

Except, that the copyright doesn't protect the use of the name IN another name. Let me give you an example. In my home state, there were a couple of water parks, Magic Waters, and Rageing Waters. Both had Trademarked names. Rageing Waters came first, but had no right to tell Magic Waters to change their name because the use of Waters might make it difficult for people to differentiate them. OpenSSH is A DIFFERENT NAME entirely than SSH IMHO. If SSH's clientelle can't tell the difference, then they are IDIOTS.

First of all, this has absolutly nothing to do with Copyrights. Secondly, "waters' is a regular word, ssh is not. I seriously doubt the other waterpark could have called itself "Magic Raging Watters" or whatever.

Amber Yuan 2k A.D

The TM system needs to have an overhaul

[mustrum_ridcully]

I can't help thinking that the whole trademark needs some sort of overhaul, or just an injection of common sense. For example, the way things are nowadays McDonalds will sue any place calling itself McDonalds ..., even if it's McDonalds Cafe (owned and run by the McDonald family for 6 generations). So I think any applications for trademarks based on a word or collections words used in the public domain should be disallowed. Examples I could give include Windows (not ok - think Windows Icons Mouse Pointer), Windows 95/NT... (fair enough - haven't been used together in the public domain), one-click (not ok as it's reasonable to say that the term is in the public domain). But I guess (like with software patents) common sense is a bit too much to ask for...

Re:Hmmm... Problem with that

[Xuther]

Look and feel as a legal argument is quite vague. Not to mention that he gave the original away, there is no reason it shouldn't resemble the original. That would be like id releasing the quake source code and then complaining about it after the fact when some other company like sierra puts out a similar game. (doom, unreal, quake, halflife, etc are all first person shooters, that's a pretty substantial look and feel, although it's not very enforceable)

Some comments

[magi]

It's not clear to me if the letter was just a kind request to the OpenSSH community, or if there's some threat behind it. I hope not, for the sake of SSH Communication's public image.

Although SSH is a trademarked product name, it is also the name of an open protocol. Even Tatu himself uses the name "SSH1" to refer to a protocol version instead of some obscure "IETF SECSH" name, which most people have never heard about.

OpenSSH is a project and software name that clearly indicates that it is not the original product, but an (open and free) implementation of the SSH protocols; at most a derivative product. It is not confusing in any way.

The *SSH suffix probably does have some "advertising value" for OpenSSH, as it also clearly indicates what the software is about, and people can more easily pay attention to it. This may create some competition pressure for SSH Communications. Thus we can understand Tatu's reaction, but it doesn't give him justification to bash the "competitors" unfairly.

I believe that Tatu's decision for opening the original SSH program license and the protocol was a good decision, as it gave the product great publicity and established a wide base of users. The company might not even exist anymore without that decision. OpenSSH still continues to do that service, at least to some degree.

Perhaps the decision has later become a disadvantage that now "causes financial damage" for the company, as it has grown bigger and well-known, and can support itself without the publicity from the free version. So what? What moral (or legal) justification does that change of strategy give for bashing those who still benefit from the old strategy?

I don't know if Tatu has complained to OpenSSH about its name before, but he definitely should have done so as soon as possible, when OpenSSH project was started in 1999. It's hard to believe that he wouldn't have heard about it then. Denying the use of the name later can't be interpreted as much else but unfair bashing. Over a year is a long time in "Internet time".

SSH software has been a great gift for the Internet community, and OpenSSH might not exist without it. We should all be very thankful to Tatu for creating SSH (to a reasonable degree!). If OpenSSH people find it easy to change their name, and want to respect Tatu's wishes, just change it.

Kayzer Ssh....

[maroberts]

"The greatest trick the Devil ever pulled was convincing the world he didn't exist"

with apologies to The Usual Suspects!

What?!

[Danse]

He's not being nice because he's a nice person, he's being nice because he doesn't have a legal leg to stand on.

Care to explain? From what I know of trademark law, he's got a pretty strong case there. He would almost certainly win if it went to court.

Dilution

[Myshkin]

Wouldn't having the trade mark used as the name fo an IETF standard dilute the mark? Doesn't the fact that the protocol has become so popular and that there are multiple implementations of it prove and that the ssh protocol is possibly refered to more than the ssh product establish dilution?

anybody home?

[Danse]

This has nothing whatsoever to do with patents. Your post is ridiculous.

Next slashdot poll

[Zo0ok]

OpenSSH should be called:
- OpenSSH
- SSH
- ASS
- ESH
- XXH
- FRESH
- OSTAKAS
- CowboyNeal

Try OpenIBM...

[MO!]

IBM has a Trademark on "IBM" - I can launch a company called Open Internet Business Marketers and use OIBM, or OpenIBM, or OInternetBM, or OIBusinessM, or OIBMarketers. The fact that I may even sell compettitive products, IBM can't complain because my acronym is NOT the same.

A Trademark for Secure SHell's acronym is not infringed upon by the acronym for OPEN Secure SHell.

To be completely honest, I think it's SSH Security that should change their name to something more unique, and re-release their product as {NEWCO}SSH to distinguish it from competitors. It was stupid to try and force uniqueness upon something that was common and obvious (ref: sh, bash, ksh, rsh, etc).

No - the flamer is right

[gruntvald]

Renaming it to assh and asshd, based on the arcfour (alleged RC4) debacle is an intelligent move. It could even become "OpenASSH". Good grief.

here goes:

[perrin5]

So, openSSH has the word SSH in it, OK, that might even be a trademark infringment, I'm not sure about it, but I'll bear with him for the time being.

The claim is product confusion. OK, interesting, but here's the problem, openSSH performs the same functions as SSH, right? The command line is inherently similar, right? There's no support problem, because if anyone calls SSH.com and says: My ssh isn't working, there's not really a confusion, it's the same protocol. (that's assuming that people would call them and say that) But in any case, The issue is mostly the fact that SSH is losing money. That really is a bad thing. The innovator of what is now a standard in the *nix community is going belly up.

Lets call a spade a spade. The underlying current here is: He's trying to change the way we do things, to make it more difficult to get free stuff that does the same thing as his expensive stuff. I agree, but there's no real harm in changing the name, as long as it goes on freshmeat, slashdot, and rootprompt. And then when SSH goes chapter 11, or whatnot, it won't be "the fault of the free software movement"

No small wonder...

[nezroy]

It's no small wonder that companies and individuals alike don't behave politely in circumstances like this. Mr. Ylonen tried to accomodate the wide use of the SSH name, hoped that it wouldn't interfere with his own business, and when it finally proved to confuse users of his own product, asked nicely that people help him resolve the situation. And for the most part, what do we do? Turn him into a villain. You all need a few more holes drilled in your heads to get out the idiot vapors. You bitch and whine about the corporate lawyers and their complete and utter lack of common sense and common courtesy, but yet refuse to be responsible and mature when someone comes along and behaves EXACTLY like we've all hoped people would regarding copyright and trademark issues. Up until now, we could always blame the lack of cooperation and openness on the mark holders and their stupid demands. This time, it's your fault. Shame on you...

If renaming has to be done, I propose...

[Masem]

SONS - SONS is Not SSH

(With apologies to GNU :)

Re:If renaming has to be done, I propose...

[mrfiddlehead]

Not to forget,

PINE - Pine is not elm

Which is fine with me because mutt rules anyway.

ssh is a generic term for a protocol

look at /etc/services. do you see "sendmail"? No, you don't. What do you see? You see the name of the protocol, "smtp". Now look at what /etc/services has for port 22. It says "ssh". It does not say "ssh(TM)" or "OpenSSH" because it is using a generic name for a protocol. He never stopped [insert unix vendor] from using the term "ssh" in /etc/services, so he doesn't have a valid claim anymore

Re:ssh is a generic term for a protocol

[hattig]

Yes, but /etc/services should say for port 22 "secsh", as that is the name of the protocol. SSH is a particular instance of that protocol.

I think that using the name in an arcane place like that file is not going to count against him.

And do you really know that he never contacted the unix vendors?

Enfringement = Infringement

[NoseyNick]

Blimey, can't even briefly proof-read the HEADLINES, let alone the articles?

We should be good neighbors here.

[Jeff+Mahoney]

Slashdot has become quite accustomed to throwing their arms up in anger, and accusing others of not being good neighbors - but when the time comes for an open source project to be the good neighbor, what happens? We hear shouts of "well, they should have protected their trademark better." Damned if you do, damned if you don't.

Most of the "infringment" stories that Slashdot has seen are of the inflammatory nature. Many of them are projects that have nothing to do with one another, but here we have a different case.

The OpenSSH group is being asked by the project from whom their original code derived, and which group came up with the protocol they're implementing, to change their name. This isn't some monster corporation looking to quash competition. This is a small company which is receiving legitimate confusion about their product due to the success of a free implementation.

And when they ask the free implementation to change their name - the open source community scoffs. IMO, the open source community isn't being a very good neighbor.

Really, what's lost with a name change? Do the executables need to be renamed, thus causing confusion for the user? NO A while ago, when Sun first came out with what is now known as NIS, it was called Yellow Pages (yp). I believe it was British Telecom who held the trademark for the "Yellow Pages" name, and Sun was forced to change the name of their product. Did it cause confusion for the user? Maybe some initially, while people got acclimated to the new name in documentation, etc -- but the utilities, today, over 10 years later, still bear their original names of yp*. An earlier post mentioned other free projects creating symbolic links to the more widely known executable names, such as vim and elvis..

But even further, why must a project's name match the name of their executable? Apache installs httpd, not apached. (Ignoring windows, here). Samba installs [ns]mbd, not sambad. OpenSSH itself, as it is NOW doesn't install "opensshd".

All in all, I think the Open Source community needs to be a good neighbor here. This is more than a case of name usage, this is a case of a coder developing one of the most widely used pieces of software on the 'net. For better or worse, he chose to take it and make money with it, changing his license in the process. Should this negate the fact that the earlier code was out there? That he put the effort in to coming up with the protocol as well? I certainly don't think so.

Really, it doesn't take much effort to change the name of newly released products, and I don't think they're asking to change the millions of installed copies. All that would really be required is a new chosen name, and the registration of an appropriate domain.

Who knows, by being good neighbors, SSH Communications might even foot the bill for it.

If not, email me. I will.

-Jeff

You've got the company wrong

[kte]

Tell an entire campus to buy new software from DataFellows because their new clients dont support v1, and all old clients won't support v2. OpenSSH was a blessing to get things to work for everyone.

You've got the company wrong. DataFellows is nowadays F-Secure, and F-Secure indeed sells SSH products. But Tatu's company is SSH Communications. I prefer SSH Communications' software.

Well, I was confused

[agentZ]

Actually, I find this all rather interesting. I'm no newbie, but I thought that SSH was just the name of the protocol (like FTP or HTTP), and that OpenSSH was just one of the implementations (like WuFTP or Apache Web Server). I can understand his point completely because there is some confusion. (Maybe he should name his project something other than the name of the protocol to avoid real confusion? RealSSH perhaps?)

Idiots

[Ormod]

I just don't get it. How can so many people who are most probably highly educated (-> intelligent? I don't think so) get so hostile when a _LEGITIMATE_ trademark owner or one who surely will own it soon if not yet tries in a friendly way to get people not to infringe on his trademark. The trademark which he must defend in order to retain it. Oh well, idiots generally like a flamefest which does nothing creative. Idiocy never ceases to amaze me.

What about a OpenSSH disclaimer?

[Myrv]

What if OpenSSH specifically placed a disclaimer in its code stating that OpenSSH was not part of SSH Communications Security? Have a little warning come up each time you run ssh stating it's exact origin. i.e.

• [me@localhost]$ ssh slashdot.com
  Using OpenSSH (see www.openssh.com for support)
  [me@slashdot.com]$

or something. This would help stop some of the confusion since the command for both is 'ssh'. If the OpenSHH version more clearly identified itself as such I don't think there would be a problem.

And finally the main problem I see with this is that SSH has become the defacto protocol name. Just like HTTP, FTP, etc. You don't see CuteFTP complaining that ncftp uses FTP in its name. I don't think SSHCS can either.

Re:You are right..

[mjbtn]

what would have worked better for him would have been to go after them right away (several years ago) and then "granted permission" AT THAT TIME to show action on protection of the mark. I think he is screwed.

Re:Yeah, and he waited *how* long to raise a stink

[MwtrV]

Looking for other money sources with this current action?

Oh, bullshit. With all due respect, what does Theo have to offer in the way of money? I don't know Theo's pocketbook, but I'd be willing to guess he's not the gates of UNIX, let alone BSD!

Re:the motion of FRESH (my random opinions)

[johnnie]

But, but, but... then Phil would sue you!

one (1) phil-up to the first respondant who gets this.

change the name of program AND the protocol

[Dr.+Awktagon]

The OpenSSH folks should change the name. "Secure Shell" isn't descriptive anyway and that has always annoyed me. It's not a shell!

They should change the name to something remotely similar like SHCP (secure host connection protocol) or SC3 (secure computer-to-computer connection) and then the IETF (or whoever it is) should change the name of the PROTOCOL to match. In other words, completely discontinue use of SSH, including command names, etc.

It's not good to have the protocol name be a trademark.

If the original SSH becomes the odd man out, so to speak, it will quickly be forgotten and the free replacement will prevail.

Feh

[mrfiddlehead]

So yeah, they force a name change from ssh to srsh or somefing (my feeling is that this is a natural move from rsh to ssh and that their claims are unenforceable but IANAL) and then just so our scripts don't work any longer we're forced to do,

cd /usr/local/bin
ln -s srsh ssh

Whatcha gonna do when dey come for you?

US Trade marks held by SSH COMMUNICATIONS SECURITY

[orlinius]

Serial Number Word Mark

1 75828436 MAKING THE INTERNET SECURE
2 75901280 SSH2
3 75900845 HYPERMODE
4 75901279 IPSEC EXPRESS
5 75900906 SECURE SHELL
6 75900905 IPSEC ON SILICON
7 75150525 SSH


These guys seem to be keen on regstering trade marks in the US. They even registered "secure shell". What the f...? I thought that it's impossible to register generic words as trade marks especially when they are used in the exact same context, e.g. imagine you are obliged to use the following in a manual: Application A is a secure shell ® application blah, blah...
And what the hell is "IPSEC ON SILICON"?

It's a pity - there are so many brilliant open source programmers from Finland....

Slanting the Coverage

[mwdib]

I find it interesting that the descriptive paragraph that introduces this letter describes it as "demanding" the name change. Interesting what a word can do. Viz:

- actually reading the letter doesn't give the impression that the author is "demanding" the name change. He states he is "asking" twice. Yet the comments from slashdot readers are talking about "litigation," "demands," etc.

- The discussion of this letter on Linux Today, where there is no editorial introduction, just the text of the letter, is far more reasoned and moderate.

- Gee, he contacted the developers and they did not address the issue. Did he immediately sue? Nope. Is this a cease and desist order? Nope. Is this a demand . . . I hardly think so and I doubt that it deserves the characterizations it is receiving in some of these posts.

I think this points out what journalists know and some have yet to learn: the description of the content is as - or even more significant - than the content itself.

You forgot RASH

[eclectro]

Really Annoying SHell

You are right..

[mindstrm]

in that he seems to have been 'lenient'. Unfortunately, in trademark law, you CAN'T be.

If you don't enforce your mark, you lose it. If you allow it to come into common use by others, and don't defend it at all, then you can't come back later when you think it's a threat and try to enforce it. It's not like Patents, that can be selectively enforced.

If he admits he originally left them alone, *even though they were in violation of his mark*, then he can't come back later and enforce it, period. It won't hold up in court.

I don't think this is a good idea.

[kaoshin]

FTP programs usually use the word ftp in the name. Yeah, some person could somehow, someway get confused between cuteftp and nftp, but calling it for what it is to identify it's primary purpose/protocol seems better than having wierd names that would make searching for alternative applications much more difficult. Making aliases for all the protocols is what I think will add confusion.

A new name for SSH

[SWroclawski]

I think it should be called Es Es Aich.

Open-EsEsAich

But that's just me...

- Serge Wroclawski

Plus it sounds cool

[GeekDork]

'nuff said.

Writers' Block.

I don't think they have much of a case.

[gfxguy]

I don't think they have much of a case, as "secure shell" is more of a description than a name. It's a shell, it's got security measures, what else can you call it?

It's not the OpenSSH developers fault people confuse OpenSSH with another (if original) variety of SSH.

I think back to the recent interview with the creator of the Korn shell. It's his name, for crying out loud, and I didn't see or hear about him complaining that people actually used the letters "ksh".

Or is this just another case of a company not meeting expectations, so let's try to befuddle competition with legal threats, and maybe while they're busy changing the name, and all the documentation, and all the code, and dealing with the FUD about their implementation, we can gain some marketshare?
----------

Ah ha!

[pmsyyz]

From the terms of Ylönen's 1995 copyright notice for ssh 1.2.12, on which OpenSSH is based: "As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."

Does the command have to be renamed?

[Adam+J.+Richter]

Whether or not OpenSSH is legally required to change their name given the prior permissions on earlier versions of SSH is a minor issue, since only the Linux/BSD distribution makers need to track the change and the updated software will continue to ship in all of the distributions.

What is of more concern to me is whether the shell command "ssh" will have to change, since that would actually make a lot shell scripts and other programs incompatble.

One unforseen advantage to the SecSH name...

[Kha0S]

Next time your boss has you deploying a machine, put on your best Sean Connery accent, "I think the scherver needsch juscht a little SecSH!"

OH Yeah, this makes PERFECT sense...

[Rune69]

What was OpenSSH thinking?

1. Using the word 'Open'(*C), which is CLEARLY a trademark of OpenBSD.....tsk tsk

2. 'SSH'(*R), three capital versions of the ROMAN alphabet, copyright circa 400 BC

3. And of course, we're ALL aware that 'shell'(*TM) is owned exclusively by the Turtle Wax corporation.
Oh, this just in: Berkely Software Distribution has announced thier petented ownership of the term 'socket'. I guess we'll all have to do client/server 'pluggie' programming now...

(NOTE: dripping sarcasm copyright Rune69, all rights reserved)

Is there a country where it's legal to kill the owners of ridiculously stupid patents? anyone?

Re:OH Yeah, this makes PERFECT sense...

[Dr.Dubious+DDQ]

2. 'SSH'(*R), three capital versions of the ROMAN alphabet, copyright circa 400 BC

Fortunately, this one isn't much of an issue. Even under American copyright law, the copyright on the Roman alphabet should be expiring within a few more years (especially since the original Romans don't have any lobbyists)... :-)

---
"They have strategic air commands, nuclear submarines, and John Wayne. We have this"

He can't have it both ways

[jesseraf]

He refers to ssh as a protocol, but in the same e-mail refers to ssh as a protected trademark. HTTP is a protocol, and companies/groups have come out with different protocols of HTTP on both the client and daemon ends, however, no one has ever claimed to own the http trademark or brand.

Either he needs to choose to name his company something else, lay off, or attempt the change the protocol's name (hah!).

Re:US Trade marks held by SSH COMMUNICATIONS SECUR

[macker]

Can you say: "Kleenex", "Trampoline", "Jello", "Escalator", "Nylon", "Thermos", "Band-Aid", (and the list goes on)?

When a term falls into common usage, and becomes part of the language, a Trade Mark can become unenforceable, not just from a practical standpoint, but legally as well.

Is it fair? Probably not. Does it happen? See list above.

Check your facts...

[Some+call+me...Tim]

OpenSSH has a much greater market penetration than commercial ssh

From the University of Alberta SSH Scan of SSH Daemons on the Internet at large:

Different SSH daemons:

0.3% Cisco-1.5

3.6% OpenSSH-1.5

13.7% OpenSSH-1.99

0.1% OpenSSH-2.0

1.8% Other-1.5

0.2% SSH-1.3

0.1% SSH-1.4

61.8% SSH-1.5

10.1% SSH-1.99

8.1% SSH-2.0

I count 80.3% of the daemons running versions of the "commercial" ssh, while 17.4% run OpenSSH. Just because you want it to be so doesn't make it so.

Incidentally, I vote to change the name. Either "Shush" or "Fresh" would be fine by me, though there already IS a FreSSH, so my vote is with Shush. No need to change the name to ANOTHER that is infringing or confusing.

Tim

How about...

[vizshun67]

OPEN_SSH?

Just kidding, but seriously--

Part of the problem is that as far as the lack of creativity goes, there's PLENTY to go around. It's a byproduct of the Unix functional-yet-minimalist mentality that gave us 'cat', 'mv' and 'ls'. As a result, Shell became sh, and Remote Shell-- rsh. It only follows that Secure Shell would become 'ssh'... it makes perfect sense in the true unixen tradition.

Dammit man! I like UNIX but I'm a programmer, not a marketteer.

Moreso than a product, ssh is more like a protocol for which there can obviously be many implementations... to that end, I would submit that the 'confusion' is possibly a good thing because the 'open' product advertises and lends credibility/support to the 'closed' one.

I think that if the author of ssh wants to preserve his company, he should offer to LICENSE 'ssh' in the same way that the modem manufacturer HAYES once licensed 'HAYES compatible' (of course with deference to the fact that openssh is a volunteer effort) so that his company can remain in the cat-bird seat at standards definition meetings. The alternative is that the openssh people rename their product to something different and then because they offer a free implementation, achieve acceptance, credibility, and an installed user base that forgets about its ties to the original product.

I do feel for his problem and appreciate that he was nice about expressing his concern, but I simply feel that there are better ways out of this situation. EXAMPLE:

In addition to ssh, sh, and rsh... most of you are aware that there is also 'ftp' and 'telnet'. Across platforms there have been many implementations including 'TCP/Connect' for the Macintosh. 'TCP/Connect' sounds more like a PRODUCT name. Many of us are also familiar with the Eudora e-mail client.

What I would propose to the author of ssh to get out of the confusion that plagues his company is that HE RENAME HIS PRODUCT to something only slightly more creative like:

SECURE Connect
or SECURELink
or CRYPTLink
or CRYPTConnect
or SECUREComm
or SAFELink
or SAFEConnect

or ANYTHING that sounds more like a commercial product and then BILL/Advertise that product as supporting whichever SSH level his company establishes.

My point is that being embraced by the computing community is a GOOD thing that can be put to GOOD (and even profitable) use. Once you have everyone dancing to your tune, you don't have to break the jukebox just to prove that you own it. As for the slash/phpslash thing, I think there are subtle differences between the confusions...

Can Ylonen withdraw permission he already gave?

[cworley]

OpenSSH started with Ylonen's source, the license said:

`This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland

COPYING POLICY AND OTHER LEGAL ISSUES

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".
...'

He only asks that derivations be marked as such, and use of the name "ssh" is only dependent on compatibility with the RFC.

Can he now withdraw the permission he once gave?

Was anyone else bothered...

[ncc74656]

...by the idea of taking an open-source project and forking it into a commercial product? That, as much as anything else, is a good reason to switch to OpenSSH. (I have one machine left that's still running SSH. It was set up a year ago as a mail server and doesn't see much in the way of logins. It's getting OpenSSH today.)

As for the possibility that OpenSSH will need a new name, do you suppose SSH would bitch about a name such as OASSH (OASSH Ain't SSH)? (Yes, it's somewhat lame, but at least it's recursive. :-) )

singling OpenSSH out?

[drolp]

I am not 100% certain on copyright laws (or if this has been said, there are too many posts to sort through)... but I believe there is something that states you cannot single one group out for copyright infringment. So if nothing comes of this "suggestion" and they chose some sort of lawsuit, I believe they then HAVE to pursue OSSH (etc) for infringing on the copyright as well. Basically (obviously) this is only come up because OpenSSH is become more and more accepted and popular.

out
jki

GNUdist.

[Donem]

sick.