SSH Claims Trademark Infringement by OpenSSH

Olmy's Jart writes: "Tatu Ylonen has just posted the following message to the Openssh developers mailing list, openssh-unix-dev@mindrot.org. He is claiming OpenSSH, http://www.openssh.com, is infringing on his trademark on the terms "SSH" and "Secure Shell" and demanding that the OpenSSH project change their name." Thanks to Olmy's Jart for attaching the message - I've included it in the text below. The e-mail provides the background and thinking behind the letter. This has not yet shown up on the OpenSSH mailing list archives, http://marc.theaimsgroup.com/?l=openssh-unix-dev&r=1&w=2, although some replies are already there.

==================================================

From: Tatu Ylonen
To: openssh-unix-dev@mindrot.org
Subject: SSH trademarks and the OpenSSH product name
Organization: SSH Communications Security, Finland
Sender: owner-openssh-unix-dev@mindrot.org

Friends,

Sorry to write this to a developer mailing list. I have already
approached some OpenSSH/OpenBSD core members on this, including Markus
Friedl, Theo de Raadt, and Niels Provos, but they have chosen not to
bring the issue up on the mailing list. I am not aware of any other
forum where I would reach the OpenSSH developers, so I will post this
here.

As you know, I have been using the SSH trademark as the brand name of
my SSH (Secure Shell) secure remote login product and related
technology ever since I released the first version in July 1995. I
have explicitly claimed them as trademarks at least from early 1996.

In December 1995, I started SSH Communications Security Corp to
support and further develop the SSH (Secure Shell) secure remote login
products and to develop other network security solutions (especially
in the IPSEC and PKI areas). SSH Communications Security Corp is now
publicly listed in the Helsinki Exchange, employs 180 people working
in various areas of cryptographic network security, and our products
are distributed directly and indirectly by hundreds of licensed
distributors and OEMs worldwide using the SSH brand name. There are
several million users of products that we have licensed under the
SSH brand.

To protect the SSH trademark I (or SSH Communications Security Corp.,
to be more accurate) registered the SSH mark in the United States and
European Union in 1996 (others pending). We also have a registration
pending on the Secure Shell mark.

The SSH mark is a significant asset of SSH Communications Security and
the company strives to protect its valuable rights in the SSH® name
and mark. SSH Communications Security has made a substantial
investment in time and money in its SSH mark, such that end users have
come to recognize that the mark represents SSH Communications Security
as the source of the high quality products offered under the mark.
This resulting goodwill is of vital importance to SSH Communications
Security Corp.
We have also been distributing free versions of SSH Secure Shell under
the SSH brand since 1995. The latest version, ssh-2.4.0, is free for
any use on the Linux, FreeBSD, NetBSD, and OpenBSD operating systems,
as well as for universities and charity organizations, and for
personal hobby/recreational use by individuals.

We have been including trademark markings in SSH distributions, on the
www.ssh.fi, www.ssh.com, and www.ssh.org web sites, IETF standards
documents, license/readme files and product packaging long before the
OpenSSH group was formed. Accordingly, we would like you to
understand the importance of the SSH mark to us, and, by necessity,
our need to protect the trademark against the unauthorized use by
others.

Many of you are (and the initiators of the OpenSSH group certainly
should have been) well aware of the existence of the trademark. Some
of the OpenBSD/OpenSSH developers/sponsors have also received a formal
legal notice about the infringement earlier.

I have started receiving a significant amount of e-mail where people
are confusing OpenSSH as either my product or my company's product, or
are confusing or misrepresenting the meaning of the SSH and Secure
Shell trademarks. I have also been informed of several recent press
articles and outright advertisements that are further confusing the
origin and meaning of the trademark.

The confusion is made even worse by the fact that OpenSSH is also a
derivative of my original SSH Secure Shell product, and it still looks
very much like my product (without my approval for any of it, by the
way). The old SSH1 protocol and implementation are known to have
fundamental security problems, some of which have been described in
recent CERT vulnerability notices and various conference papers.
OpenSSH is doing a disservice to the whole Internet security community
by lengthening the life cycle of the fundamentally broken SSH1
protocols.

The use of the SSH trademark by OpenSSH is in violation of my
company's intellectual property rights, and is causing me, my company,
our licensees, and our products considerable financial and other
damage.

I would thus like to ask you to change the name OpenSSH to something
else that doesn't infringe the SSH or Secure Shell trademarks,
basically to something that is clearly different and doesn't cause
confusion.

Also, please understand that I have nothing against independent
implementations of the SSH Secure Shell protocols. I started and
fully support the IETF SECSH working group in its standardization
efforts, and we have offered certain licenses to use the SSH mark to
refer to the protocol and to indicate that a product complies with the
standard. Anyone can implement the IETF SECSH working group standard
without requiring any special licenses from us. It is the use of the
"SSH" and "Secure Shell" trademarks in product names or in otherwise
confusing manner that we wish to prevent.

Please also try to look at this from my viewpoint. I developed SSH
(Secure Shell), started using the name for it, established a company
using the name, all of our products are marketed using the SSH brand,
and we have created a fairly widely known global brand using the name.
Unauthorized use of the SSH mark by the OpenSSH group is threathening
to destroy everything I have built on it during the last several
years. I want to be able to continue using the SSH and Secure Shell
names as identifying my own and my company's products and
technologies, which the unlawful use of the SSH name by OpenSSH is
making very hard.

Therefore, I am asking you to please choose another name for the
OpenSSH product and stop using the SSH mark in your product name and
in otherwise confusing manner.

Regards,

Tatu Ylonen

SSH Communications Security http://www.ssh.com/
SSH IPSEC Toolkit http://www.ipsec.com/
SSH(R) Secure Shell(TM) http://www.ssh.com/products/ssh


"

Update: 02/14 02:44 PM by CT : I just wanted to insert my 2 bits into this story. This is a problem close to my heart: I hate getting tech support for PHPSlash. I don't care that it exists, in fact, I'm happy that it does, it fills a need and a lot of people like it. But there is no doubt that this is confusing to people, I get the bug reports to prove it. (My other peeve examples are Linux Mandrake taking a certain Linux developer's name even though they knew better, and the K5 guys naming their project 'Scoop' even tho another major Web site was created by a guy with the same name). I have no problem with any of these projects: I think all 3 of them are great projects, but if they were just a little more original there would be no confusion. Now I'd personally never go so far as to call copyright infringement, I shouldn't have to. We're all nice people here. Maybe I'm just a bit idealistic on this one.

Maybe they BOTH should change their names...

[Dr.Dubious+DDQ]

It seems pretty obvious, at least among people posting here, that "ssh" is thought of as the name of a protocol first, a command second, and MAYBE a "brand name" after that.

For marketing reasons, maybe SSH, Inc might be better off changing THEIR name to something less generic.

On the "OpenSSH" side, perhaps instead of removing/changing the "ssh" part of the name, they could change the name to something like "OtherSSH" or "DifferentSSH" or something equally obviously "not the SSH, inc product".

While I've got to give the guy credit for apparently writing his own cease-and-desist letters before shoveling money on lawyers, the wording of the letter posted to Bugtraq (as reported by this Newsforge article) didn't give me a good impression. In the last paragraph he writes:

"I now ask you to also change the name ScanSSH to something else. Since you have already been notified of the trademark and have been asked to cease the infringement of the SSH trademark, I can see no other possible reason for your choice of this name than to willfully damage our trademarks and brand name."[emphasis added]

Maybe this is just standard issue legal blather, but to a non-lawyerly person like me it sounds like he's completely refusing to acknowledge the established use of SSH as a "generic" description for things involving the SSH protocol, and instead claiming everyone using it is obviously just out to "get" him.

My take, anyway...

---
"They have strategic air commands, nuclear submarines, and John Wayne. We have this"

Re:The original SSH license

[Matthew+Weigel]

For the curious, the license is available at http://www.openssh.com/LICENCE. Don't blame me, I didn't misspell LICENSE.

Sounds like X10

[ahknight]

This sounds a lot like X10:
1) There is an open standard by the name.
2) There are many, many makers of the product.
3) There is one company with the standard as the name.

I don't see X-10 (the company, note, has a dash) going after everyone that uses the term "X10" on their equipment. In fact, when you say "X10" many people think of the company, NOT the standard. But can you use "X10" to describe your product? Would "OpenX10" be legal? Yes.

SSH is a STANDARD. When I say SSH I mean the STANDARD, not the IMPLEMENTATION. He can trademark SSH all he wants, that just means that the company is SSH, it does NOT control what the binary can be called or anything derivitive. His TRADEmark is SSH. Fine. OpenSSH's TRADEmark is OpenSSH. Your point, sir?

IN FACT, OpenSSH is different enough to NOT be "confusingly similar" to "SSH Communications, Ltd." so although he's experiencing some confused people heading towards him for OpenSSH support, that's just standard human idiocy flack and should be taken with a grain of salt.

OpenSSH does not need to change its name. While I applaud the owner of SSH Com. for this approch rather than a full legal onslaught, I disagree with his position that OpenSSH is confusingly similar to his product.

What next? Does he want the IETF standard renamed? Is that too similar? I agree with the second poster: this industry is getting more depressing as the days go by, as greedy people (not this fellow, really) hunt down their "IP" and try and milk it. <sigh>
--

Re:Another reason for this

[hattig]

Score5???? For incorrect information as well!

Amazing... Some people don't read the stories or the other posts. THE PROTOCOL IS CALLED SECSH. NOT SHH.

Okay? Got it? SSH is an implementation of SecSH. OpenSSH is an implementation of SecSH. Clearly, OpenSSH is leaching off the brand and name that SSH has developed. Renaming it, as they are doing to OpenSecSH, solves all these problems, and the guy is happy with that.

Crikes, why should SSH Communications have to spend time and money dealing with support for OpenSSH just because the person is confused?

Imagine that the first car was a Ford Explorer. Along comes Toyota and calls their car Toyota Explorer. This is clearly not right. This is exactly the same.

The guy has been in contact with them before to try and get them to change the name. He has not got sufficiently annoyed so as to post it on a public developers list as they will not change the name. Next step will be a lawyer, and this would not do the open source cause any good at all. He is being reasonable, think about the people who are not being reasonable?!

I know the difference between ssh and openssh, so do you. But IT consultant X running 'ssh' on a Unix box doesn't know (or care) whether it is SSH or OpenSSH - but if something is funny, or goes wrong, the first port of call is SSH, not OpenSSH.

So, the steps to be taken:

1. Rename ssh in the /etc/services file to secsh - this applies to all operating systems
2. Rename OpenSSH to OpenSecSH. Already done, look at http://www.opensecsh.org/
3. Change references to ssh on all websites to secsh. Only mention ssh as an instance of the secsh protocol.
4. Etc....

Sorry if this is a little terse, and I doubt it will do my karma any good, but this is how I see the problem, and how I see the solution.

SHHH

[xant]

Shell Hopefully Having no Holes
--

How 'bout OSH ?

[Black+Parrot]

> The hardest part for most people would be learning to type "fresh" after their fingers are trained to type "ssh"

"osh" would be easy to type: Open Secure Hwatever.

Also note that it's not a "shell" in the ordinary sense anyway:

#!/usr/bin/ssh-agent /bin/sh

You could remove the SH part will little damage to the concept, IMO.

--

Re:So what _is_ it supposed to be called, then?

[jovlinger]

Good point. A brief web search turned up arguments both ways. You are clearly correct about the timing; it was a trademark before WWI, and they lost a lawsuit attempting to protect it in 1921.

It appears that it was more of a strange patent ruling than a trademark dispute; the patent the drug ran out in 1917, and with it -- the court ruled -- did the trademark. This ruling confuses me, but I guess we can excuse it because it is old.

Check it out yourself at

http://cyber.law.harvard.edu/metaschool/fisher/d om ain/tmcases/bayer.htm

or just a quote:

The most striking part of the label read, 'Bayer-- Tablets of Aspirin.' While this did not show any abandonment of the name, which there has never been, it did show how the plaintiff itself recognized the meaning which the word had acquired, because the phrase most properly means that these tablets were Bayer's make of the drug known as 'Aspirin.' It presupposes that the persons reached were using the word to denote a kind of product. Were it not so, why the addition of 'Bayer,' and especially why the significant word 'of'?

So I fess up. I was talking outta my ass again. You were right in questioning me.

Re:No.

[bwt]

Gee, "sh" certainly exists in the prior art. Perhaps he is thinking that "Openssh" is meant as Open-ssh, when it's obvious to us in the know that it is really Opens-sh, which sort of describes what it does in plain old english, which is surely not trademark infringement.

I also note that he added 1 letter to a public domain program name -- "s" to "sh", wheres we added five "opens" to the same public domain program name.

We're talking about a 3 letter trademark, two-thirds of which is derivitive. It really strikes me as phenominally bizarre to then claim that the addition of four more letters is not sufficient to avoid confusion. Out of 7 letters in "Openssh", four are new, two are prior art, and only one is really original. Basing a trademark infringement on reuse of one letter seems almost laughable. Worse, the letter is "s" - that's only a single crummy point in scrabble.

I also wonder about the fact that openssh actually does have a common code base with ssh. Does that not afford it some licence to have a somewhat similar name. If a lot of the code actually is a licenced derivitive version of ssh, doesn't that implicitly grant you the right to have 42.85% of your name in common?

Public base/modulus *NOT* broken.

[Eric+Green]

Diffie-Hellman requires that the base and modulus be publically shared between the two ends. So the base and modulus would not be secret in any event. A given base and modulus is supposed to generate a prime field. If it does, then the NSA can study it all they want and there will be no problem. If it doesn't, I want to know beforehand, not after the NSA discovers that a "probably prime" modulus and base that were dynamically generated at runtime generates repeating subfields (i.e., drastically reduces the shared key space) rather than a single prime field.

The kind of "probably prime" number generators that can operate in real time are pretty lousy, in my opinion, and I'd much rather trust a known good modulus and base pair.

-E

Re:Public base/modulus *NOT* broken.

[crucini]

I'll go out on a limb here:
The original poster was not saying that the base and modulus should be generated in real time. That would be pointless. Rather, I think he was saying they should be generated per-machine or per-site. That way the benefit of 'studying' these values is minimized. Also, magic numbers are always undesirable in a cryptographic protocol. Even if you can't see any way they could be cooked.
That's why Schneier used digits from PI for constants.

So name it after the IETF protocol

[Nailer]

* secsh - secure remote sh - "kinda like running sh, but remotely"
* seccp - secure remote cp - "kinda like running cp, but remotely"

etc...

Re:OpenSSH does not infringe!

[Big+Jojo]

It's not like there haven't been many Secure SHell (ssh) products on UNIX for ages and ages. I remember using them on BSD 4.1 distributions back in the 1980s.

If there's a trademark, it's yet another example of the USPTO causing trouble ... in this case, by taking a generic term and granting a monopoly on it to one (relatively) undeserving entity, rather than letting it continue to be a generic term. ("Personal Computer" comes to mind...)

Too bad trademark law doesn't seem to incorporate "prior art" ... though of course, the USPTO doesn't seem to act according to its responsibilities in that context.

Re:These idiots HAVE TO BE STOPPED

[Stephen]

Honestly, since the command name will probably be the same regardless of the name the project uses (lets see them try to patent command names..)

Trademark, not patent.

It's not at all clear to me that one can't trademark command names. Is there any legal precedent on this? If you want to find out, try releasing a program called "Excellent Game" with command name "Excel" and see what happens.

Depends if you count installed copies, or media...

[emil]

There are a lot of RH7 cds out there. OpenSSH is finding its way into many places where commercial ssh will never go.

Re:Some Corrections

[mindstrm]

You still have to make it know that it's a mark... you can still protect what you do without registering the mark. THis is trademark, not patent.

Re:Hmmm...

[StenD]

Until then, I don't really think that he can trademark SSH because just like RSH and the others it's a standard acronym.

More precisely, SSH and (more clearly) Secure Shell are descriptive terms, and, at least in the United States, that's grounds for refusal of the mark.

Re:*banging head against wall*

[Nailer]

not everyone is going to be a security guru right off the bat, but until you actually are able to distinguish SSH from OpenSSH, then I'm not sure why it matters as you clearly haven't passed the minimum intelligence test to use either.

Um, you don't get it. The point of the protocol is they're not supposed to be limited to security professonals, but to people without seignificant security experience and need to remotely access shells, graphical apps, perform secure copies, anbd secure FTP etc. I'd hate if anything `secure' was limited to security professionals. Wouldn't you? As you said, there's a whole heap of Telnet servers around and people who think its okay to use them (printer and router companies that don't use SSH give me the shits. They aren't security professionals. SSH discourages that behaviour.

No.. my argument is right.

[mindstrm]

What you are referring to is correct, it's called 'trade secret'. The recipe for KFC or Coke is a trade secret, and as long as it remains a secret, it can be protected quite extensively by the law. They could get the recipe back because it was possible to do so, as those who had it hadn't revealed it yet, in other words, it hadn't become public knowledge yet.

If the recipe for coke was wide public knowledge, because coke 'ignored' a threat to it for a week ro two, and everyone in the country and every newspaper had a copy in it, then they could no longer claim *ANY* trade secret protections on it. It's no longer a secret.

And no.. that has nothing to do with this case.

Re:Name suggestions:

[X]

Well, those suggestions were mostly a joke. However, I'd point out that "GNU" is not considered to infringe on UNIX, so I think GNASSH would be considered safe as well.

As for the ASS thing, I think you completely miss the cynical sense of humor that most people have. Admittedly, ASS is not a good brand name to establish yourself in the general populace, but it's probably a great name to establish yourself in the IT community.

Re:Hmmm... Problem with that

[drudd]

Interesting point, but here are two areas which I think negate it's imporance

1) the user links to rsh, not ssh. If ssh installed itself as rsh by default, then yes, that might be a problem (similar to if openSSH installed itself as openSSH, not ssh, so you were reminded every time you ran the program that it wasn't the official ssh).

2) I doubt Berkeley has a trademark on rsh... it's just a minor util after all, and not an entire product, as in the case of ssh. If they had (or could) trademark the name of every minor unix utility, it would be nearly impossible to create a unix clone.

Doug

Are you all insane?

[Anal+Surprise]

Jesus H-Bomb Fucking Christ, this man is a hero, and lamerz who are either too young or too inbred to figure it out are treating him like a devil.

Before ssh, there was nothing but telnet, an insecure nightmare. If the explosive growth of the Internet had occurred while administrators were still telnetting into their servers, we'd have many more owned servers, an exponental creep into darkness.

So we have this fantastic tool, thanks to the work of one man, Tatu Ylonen. Now he's gone and turned this work into a product, and a company. You may not respect that, but you should respect this: without his work, we'd all be owned.

So Tatu discovered fire, and he shared the fire, and then he asked people to bring him stuff to eat, in return for the fire. You may not like the last part, but you'd be eating raw whatever-the-fuck-it-is-you-just-caught in the dark without him.

Whether you agree with the letter or not, you can tell he understood the issues and the community. He's trying to break this as lightly as he can, but he does need to break it, if he hopes to keep ssh (a name he created) for his product.

As far as I'm concerned, this man was and continues to be a hero, so please just stop the ignorant criticism.

less=more = shell out = shout

[korpiq]

Encrypted Terminal [Session] : et, or ets
Encrypted Terminal Connection, or rather, "so on to the next [box]": etc

Or just "esh" for Encrypted SHell, because the security is never factual anyway.

This is fun :)

Just my 0,02 FIM

Do NOT use the term `Telnet'

[Nailer]

I'd be greatly concerned about any product called `secure Telnet'. Simple because I've been telling clients to uninstall Telnet and ban the protocols use within their networks for quite some time. I'm sure many other admins have too. `Secure Telnet' would make things confusing.
Furthermore, that isn't what SSH does - Telnet is generally used (in sites I work at) to test SMTP and HTTP servers. SSH is used as a secure method of running shells, and graphical apps (Telnet should be avoided for the first and makes the second a headache). Telnet lacks file transfer mechanisms.

Re:Name suggestions:

[SurfsUp]

Seriously, the best suggestions I've seen so far (on linuxtoday, by the way) are:

SHH - Shh! I'm talking to my computer

FRESH - Free Remote Encypted Shell

But coming up with a good name is the easy part, the hard part is determining if it's morally right for the author to attempt to enforce an IP claim on an IEC standard. IMHO, he should have enforced his claim *before* it was accepted as a standard, not after. Letting the standard be accepted without moving to enforce his claim should really be the same, legally, as putting the IP into the public domain.

By the way, are you reading this, Scott, please take note.
--

Not copyright

[Hard_Code]

AFAIK, this is not a copyright issue. It's a *trademark* issue. Spare the juvenile flames.

Re:Name suggestions:

[J+Story]

> HSS - Host Secure Session

There might be better names, but this one appeals to me: it's short; it's reminiscent of the 'less' is 'more' naming trick; and it combines a mild slap at ssh(tm) (for putting us through this) with a nod of recognition to its common origin. What's more, there is no way this can be confused with ssh(tm).

It merits a place on the shortlist.

Bollocks.

[mindstrm]

1) This isn't patent infringement; it's a trademark dispute. They are *very* different.

2) The original license on SSH, which OpenSSH is based on, states basically that the name 'ssh' should not be used if the derivative work is incompatable with the ssh protocols specified in the RFCs. This implies that it's OKAY to use the name ssh if you ARE compatable.

3) Under trademark law, you *MUST* defend your mark. This mark is already highly dilute; there are many software packages known to the plaintiff here that use the ssh name, and he's known about openssh for quite some time.

4) ssh is the name of a publicly available protocol as specified in the rfc's, and the name of the common unix command used to implement such a protocol, regardless of vendor. It's already diluted. THe common techie does *not* automatically associate 'ssh' with meaning 'the product from company X'. They mean the protocol.. just like ftp or anything else.

That's why he can't enforce it.

It's not about what we can get away with. If he wanted to protect the name he should have made it clear from the beginning, and that hasn't happened.

Re:He *has* to do so

[thogard]

I just got a message yestersday from him saying that SSH2 had a reasonable license. Not for my uses. I suspect this little stunt will kill SSH for good. He had a monopoly on a very useful technology but tried to milk it for more than it was worth and that created OpenSSH. Had he not been greedy, he would have had a decent license, SSH2 would be wide spread and there would be no OpenSSH and he would have cornered the market. Now he will be competeing and with OpenSSH and I don't think he's going to win. This is going to turn out like CERN's http vs Apache.

Re:He *has* to do so

[theonetruekeebler]

Trademarks have to be protected, no matter how little you care, or else they will become invalid and anyone can use them. If he doesn't go after OpenSSH, tomorrow it'll be Microsoft using the name.

So license "SSH" to OpenSSH already! Hell, license it for a dollar, under terms Microsoft or any other money-seeking interest will not accept, and be done with it! Trademarks are licensed all the time. GM had do pay Beretta Arms about a million dollars to call one of their cars the "Chevrolet Beretta."

--

Semi-OT: Confused support mail

[Inoshiro]

I don't know why rusty named Scoop Scoop, but I do know that Slashcode isn't alone in getting support emails for PHPSlash :p

Consider this email regardling PHPNuke:
"Subject: The best nuked site Ive never seen
To: Kuro5hin.org Help
Dear Sirs of Kuro5hin,

Im journalist and Im new to PHP nuke.
Ive been visiting many nuked sites and yours is the VERY best.

I wonder if you could send my your theme files, not to use or copy it in my
site, I dont have a site, just to learn to develope a good theme.

Thank you very much, and sorry about my english.

Best regards, .."
--

Let's compare the headlines:

[scrytch]

Linux Today: Tatu Ylonen requests OpenSSH to change its name
Slashdot: SSH Claims Trademark Infringement by OpenSSH

Linux Today: Quotes the letter.
Slashdot: Links to it, surrounds it with summary like "demanding that the OpenSSH project change their name". At least there wasn't any color commentary for spin value this time, could be because Taco didn't post it.

Look, it's SSH and it's more than three letters, it's basically the same damn product. The author (not his lawyers) is personally asking to change the name to something that causes less confusion with his product that came first. Yet people are ready to string him up for this, because the reporting of it practically has him banging his shoe and screaming and sending forth the lawyers.
--

Re:He *has* to do so

[scrytch]

ssh is not telnet. telnet is a specific protocol, with lots of protocol commands and options. ssh implements none of them. you can't call any ssh implementation telnet any more than you can call it ftp.
--

Re:The original SSH license

[tswinzig]

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

Sure looks like 'permission' to me.

Errr he gave permission to derive work from SSH, and permission to call your project something other than SSH and Secure Shell.

He did not give permission to infringe on the SSH trademark.

Or are we reading a different bit of text?

Lets vote

[MobyDisk]

We should put this on a Slashdot poll.

Should OpenSSH be renamed to a name that does not include the term SSH?

or maybe:

New name for OpenSSH:

• OpenXYZ
  
• OpenThis
  
• OpenThat
  
• Keep the name
  
• CowboyNeal
  

"ssh" as a name of executable

[Alex+Belits]

It is necessary to name executable "ssh" to make it compatible with scripts and other programs that intend to use the functionality of SSH protocol, so, trademarked or not, the reason to name executable "ssh" is not to create confusion but to provide actual functionality in a compatible manner. The name OpenSSH both reflects the functionality (open implementation of SSH protocol) and provides enough distinction to avoid confusion as much as possible.

The fact that OpenSSH is a superior product is pretty much irrelevant to the issue, however it explains why OpenSSH is more popular then the original SSH now -- certainly users chosen it because they expected that it will work better and because of more liberal license, not because they thought that they are installing the original SSH.

Ylonen enterprise is built on this "confusion"

[Morgaine]

I think you're missing a key aspect of the piece you quoted:

I would thus like to ask you to change the name OpenSSH to ... something that is clearly different and doesn't cause confusion. ... The confusion is made even worse by the fact that OpenSSH is also a derivative of my original SSH Secure Shell product, and it still looks very much like my product

Tatu is being very disingenuous here, because it was entirely on the back of his original ssh1 that SSH the protocol became famous, and so his commercial sales of ssh2 are primarily a consequence of the so-called "confusion" (actually a mental association) with ssh1 and hence OpenSSH by his own admission in the mind of the buyer. Nobody buys ssh2 in isolation; they buy it because it is an implementation of the SSH protocol, and very commonly the decision is also strongly influenced by community support for the protocol which arose through using ssh1 and/or OpenSSH.

In other words, it goes something like this. As a sysadmin at a commercial site, I hear from the open software and security communities that SSH the protocol is good. So, I look for an implementation, I try out either ssh1 or OpenSSH and I like it, then if I want support I buy the commercial version of ssh2 from Ylonen, otherwise I stick with ssh1 or with OpenSSH. These are all implementations of the SSH protocol, and the fact that there is a choice of implementations doesn't cause confusion --- it merely creates multiple associations, a "confusion" I "struggle" with every time that I want bread and have to decide whether to buy Sunblest or Hovis. Ssh1 and OpenSSH are no less an implementation of the SSH protocol than ssh2.

[In fact, the only source of confusion that there has ever been was caused by Tatu himself when he created a new product and made it partly incompatible with the tool that he himself had earlier called "ssh".]

OpenSSH through being similar to ssh1 continues to lay the groundwork on which Ylonen's commercial success is based, just like his old product did. Many people will buy ssh2 as a result of trying ssh1 or OpenSSH annd associating it with ssh2. It is utterly disingenuous that Ylonen should even think of preventing them from associating the SSH protocol with pre-ssh2 implementations when the whole existence of his enterprise is based on people's earlier associations between protocol and product.

Re:Is English your first language?

[lpontiac]

I think my second-last paragraph addresses your concern... OpenSSH was derived from the original SSH according to it's license, and uses the SSH protocol. What does he expect people to call it?

I've been slow to reply in this thread because I believe over top-level posts have said all I'd have to say anyway, but just to sum up, I think that using the term "SSH" in the name of a product that interoperates with computers using SSH is fair enough. I don't think it's confusingly similar at all (the Open is there for a reason). By allowing SSH to permeate the industry as a command name, and the name of a protocol (basically a noun - see this post), and leaving all of the products called *SSH* alone up to now, the trademark's already been diluted. Legal claims in the small print aside, I don't think he can fairly claim exclusive rights to *SSH*.

Re:Hmmm...

[ibbey]

I use SecureCRT at work, PuTTY at home. SecureCRT does have a few more features, but it costs $100. PuTTY is fast, stable (more so then SecureCRT) and as has already been pointed out, tiny. I recommend it to all my customers. Get it at http://www.chiark.greenend.org.uk/~sgtatham/putty/

TTI is the best!

[X]

Oooh! I really like this one. Clever, humorous, and on top of all that, quite convenient to use.

Patent vs Trademark

[frankie]

this is exactly equivalent to the GIF trick, because he's waited until the OpenSSH name is well established before acting.

Actually, there's one significant difference, and it's heavily in OpenSSH's favor. Unisys has a patent on LZW compression. Patents are legally binding at the discretion of the holder and may be prosecuted at will (or not) until they expire.

Tatu has a trademark on the name SSH. Trademarks only remain valid so long as they are agressively protected. 3Com has a really funny page about this topic. Since Tatu has implicitly allowed numerous outside groups to use the SSH name, he's probably lost his claim to it already.

Re:Another reason for this

[CodeMonky]

Except that OpenSSH supports both Protocols 1 and 2 and protocol 1 can be turned off and only older clients are still using version 1 by default. I think for a period of time you will need ssh1 around until those older version are phased out. I think he's just pissed he released it (v1) under an open license and then thought better of it and released a new product under a very different license and just wants people to move to the new non-free version.

Having been through something like this before ...

[martin-k]

Having fought through a cancellation of a registered trademark before, here are a couple of things one should consider:

1. Is there a likelihood of confusion between SSH and OpenSSH? I'd say "yes" because they are similar products and the trademark "SSH" is contained in the name "OpenSSH". So not much of a chance for defending OpenSSH on the grounds of "no likelihood of confusion".

2. Was Tatu the first to use the name "SSH" for a secure shell? If not, then there might be grounds for having his trademark cancelled on grounds of "application in bad faith". This is possibly in Germany, for example, for 10 years after the trademark has been applied for.

3. Having not defended his trademark for four years, Tatu will have trouble getting others to drop the name "SSH" or combinations thereof. HOWEVER, this protects only existing uses of the name "SSH", not other individuals or companies using the name for future products. Also, while he have not have a case against the OpenSSH people, he might thereby have a case against companies like Red Hat or Suse distributing OpenSSH as part of their distributions, and definitely against companies that will be bringing out new Linux distributions in the future. If you have trademark case, you can go after everybody in the food chain. This can get messy.

4. Tatu says he has registrations for "Secure Shell" pending. If someone feels that this name should be free, please contact a lawyer and have him send a nice letter to the respective trademark offices opposing the registration. NOW it is relatively easy to oppose the registration, LATER ON this will be much more difficult.

5. Do any of the OpenSSH developers have sufficient funds to fight this through? This could be getting mighty expensive soon.

This all said, I think the e-mail this guy sent has been very polite and not the typical lawyer-attack letter. Either he's just polite and interested in finding a solution, or he knows he's on shaky grounds.

I put this together just to show you what's possible. If Tatu is in his right to use his trademark, then work out a solution. If there are legitimate reasons for keeping the name "SSH" free, then go ahead and defend against it!

As always, IANAL, but I won a trademark lawsuit before.

-Martin

Take a look at these IETF documents...

[lpontiac]

SSH Connection Protocol (36516 bytes)
SSH Transport Layer Protocol (53476 bytes)
SSH Authentication Protocol (26537 bytes)
SSH Protocol Architecture (27345 bytes)

All of these documents are published on the IETF website. All of these documents cite Mr. Ylonen as an author. And all of these documents describe the SSH protocol. Not the "secsh" protocol - they consistantly refer to the discussed protocol as "SSH."

It's clear that "SSH" is the common name for the protocol that OpenSSH uses. Furthermore, by putting his name on a standards document that doesn't refer to the protocol by another name, surely he's endorsing this common use of "SSH"? And surely by publishing an open standard that in itself makes no claim to the name (I don't see the documents referring to the "SSH (R)" protocol), he should be relinquishing all exclusive rights to the name as a means of describing the protocol?

I don't see how OpenSSH could be construed to be deceptive in any way. It's derived from the original SSH in accordance with it's license, and interoperates with other computers using the SSH protocol. To turn around now and claim it's trademark violation which deceives the consumer, is analogous to Microsoft saying that "Word Viewer" is a trademark violation. Actually, it's closer to the Regents of the University of California accusing FreeBSD of trademark violation.

At best, it doesn't make sense. At worse, it's a deliberate and deceitful attempt to stab the people that are using the protocol (whose name he gave his blessing!) in the back.

Re:Take a look at these IETF documents...

[Shimbo]

I note that they all explicitly acknowledge the SSH trademark.

"SSH is a registered trademark...These trademarks may not be used as part of a product name or in otherwise confusing manner".

It's always bad news when the name of a product derives from its canonical implementation. It's not a BFD though - Samba is none the worse for a forced name change. At least with trademark infringment, nobody stops you hacking the code. If the name matters so much to them, I say let them have it.

Re:Take a look at these IETF documents...

[Omnifarious]

That is also 'intellectual property'. Patents and trademarks are handled by the same bit of buearacracy, the USPTO. Trademarks are the form of 'IP' that I have the least problem with though.

Re:Take a look at these IETF documents...

[portnoy]

SSH ==> Sasha

How about "SuSHi"?

"SuSHi: It's time to fish or cut bait..."

That has to be the nicest c & d I've read.

[Hollins]

This letter is the nicest cease and desist I've read. Probably because it wasn't written by lawyers who usually say something like "stop doing this right now and we'll probably sue you anyway. Deliver us your first born child or I'll generate 80 billable hours this week to bring the wrath of our perverted court system down upon your ass."

This letter contained every nicety but "Wishing you and yours well in the coming New Year(tm)".

Re:No, he doesn't have to do so

[(void*)]

You can't trademark a number. This is why Intel named the processor Pentium. They discovered in court that Cyrix can call their chip 386's, and 486's without problems.

OT: Liberated vs. Free

[FreeUser]

Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....

That is not such a good idea.

"Liberated" is slang in many areas for "procured by illicit means" (e.g. he "liberated" a pack of cigarretts from the local five and dime). To many "liberated software" has an unsavory implication of "warez."

The Free Speach/Free Beer discussion is IMHO a good one ... it forces people to think about what freedom and free really mean, and allows an easy and natural avenue for pointing it out to those less aware.

ObSSH: if the SSH trademark should be enforceable (which I doubt, given that "ssh" is the name of an IETF standard, the original license allowed derivative products to use the term "ssh" as long is such products adhered to the RFCs, and OpenSSH has been using it for over a year now) I think your suggestion (Fresh) would be an excellent choice.

Re:OT: Liberated vs. Free

[The+G]

Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....

That is not such a good idea.

"Liberated" is slang in many areas for "procured by illicit means" (e.g. he "liberated" a pack of cigarretts from the local five and dime). To many "liberated software" has an unsavory implication of "warez."

Perhaps "liberation software?"

That touches on the fact that it is both free and freeing -- it is software that liberates you (if only for a brief, blissful moment) from the world of EULAs, NDAs, and arcane legalism.
--G

Re:Name suggestions:

[Miss+Pereira]

Or perhaps

SNS - SNS's Not SSH

So what _is_ it supposed to be called, then?

[nakaduct]

[in addition to SSH, I] also have a registration pending on the Secure Shell mark. ... I want to be able to continue using the SSH and Secure Shell names as identifying my ... products and technologies,

Well then, Mr. Secure Shell, what should we call it? Trademark law essentially prohibits trademarking nouns (and, in fact, you can lose the trademark if it's commonly used as a noun). Thus you have Tylenol-brand pain reliever, Rollerblade-brand inline skates, and so on. If there's no common noun to describe your product other than its trade name, then you don't get to keep the trademark. A quick search will turn up lots of tidbits like this:

it is imperative that trademarks be used in advertising copy as adjectives, never as nouns or verbs

In the letter, he repeatedly uses both SSH and Secure Shell as nouns. He called it a "secure remote login product" a couple of times, but that's inadequately descriptive. "Tylenol-brand pain reliever" is OK; "Aspirin-brand pills" is not.

It seems to me this guy wants to erase, or at least obscure, the excellent free replacement that's made his product irrelevant.

Going forward, and in the interests of bringing closure to this pressing issue, I'd suggest Mr. Ylonen piss up a Rope(TM)-brand rope.

cheers,
mike

Re:So what _is_ it supposed to be called, then?

[jovlinger]

You know this, but others may not:

"aspirin" is one of the watershed cases in trademark law: Bayer failed to adequately protect its trademark on the name "aspirin", so the name stopped being their property and became public property.

That is why trademark holders HAVE to be pricks about people using their name; if you let people get away with using it long enough, you no longer have a right to it.

Re:So what _is_ it supposed to be called, then?

[Robotech_Master]

That's not the way I remember it. I'd always been told that America nationalized the Aspirin trademark during World War II, since it was held by a German company and this was a way to get back at them.
--

Re:So what _is_ it supposed to be called, then?

[nakaduct]

Trademark law essentially prohibits trademarking nouns

No, it does not.

My wording was unclear; your explanation is better. You can trademark an existing noun, but you can't use a trademark as a noun. "Macintosh" is a noun; an Apple Macintosh is a Macintosh-brand personal computer.

The implications of this principle are not always clear-cut since our language permits nounification of adjectives ("I'll take one chocolate, one sugar-glazed, and one jelly-filled" -- since "donut" is implied by context you don't need to say it outright).

I'm no expert in trademark law (or any other kind), but from what I've read, if you use a trademark and omit the noun, it must be implied by context and unambiguously distinct wrt the noun part of the product name. So "Test drive a Macintosh" is OK; "Try our Secure Shell!" is probably not (if "Secure Shell" is the trademark, what's its full name? "Secure Shell-brand secure shell"?)

cheers,
mike

I second the motion of FRESH

[miracle69]

Great name.

I'd also like to comment about the other postings in this thread. There seems to be about 90% of the 2+ posters talking about how he didn't defend his trademark initially, so screw him. OpenSSH should stay. May I ask these posters what the reaction would've been had he done so initially? Exactly. Same negative reaction.

There are also a few who have noted that this isn't a letter from lawyers. It is written by a person who understands and even has contributed to the very open source community he is appealing to. I suggest that these facts are taken into consideration.

My observations are these:

1) This guy isn't a lawyer.
2) This guy helped create openSSH.
3) This guy didn't care about the use of the name OpenSSH until his customers started getting confused.
4) Free projects change their name fairly regularly without losing a users.
5) He wrote a reasonable and non-lawyer request to a group asking not for them to cease and desist design and implementation of their program, but for a name change.

It seems like a reasonable thing to do to change the name.

Re:I second the motion of FRESH

[roca]

> 3) This guy didn't care about the use of the
> name OpenSSH until his customers started > getting confused.

This is EXACTLY why they've lost the trademark. You have to defend trademarks, you can't just sit on your hands until you're worried about losing business.

> May I ask these posters what the reaction
> would've been had he done so initially? Exactly.
> Same negative reaction.

Not at all. It's much easier to change the name of your project when only a few people have heard of it.

Re:I second the motion of FRESH

[roca]

I'm right and so are you. The purpose of trademarks is to prevent brand dilution. But you have to do that consistently or you lose the trademark. Waiting until the "dilution" reaches what you consider to be "unacceptable" levels is NOT consistency and does not constitute protection of the trademark. You have to go after everyone who uses your trademark illegitimately.

Re:I second the motion of FRESH

[Black+Parrot]

> It seems like a reasonable thing to do to change the name.

I agree. If you want to posture yourself as being of higher moral caliber than $DARKLORD, then you have to split hairs between what you can do and what you should do.

--

OpenSSH does not infringe!

[rkasper]

Check the USPTO trademark database. My search for "ssh" turned up a few hits. There's one match for a withdrawn trademark application on the word "SSH". Since the application was withdrawn, he has no claim.

There's a live claim on an SSH logo . This one is valid. It prevents others from using the logo. It doesn't prevent others from using the word "SSH".

There are a few other SSHs of no significance to this issue. His claim that OpenSSH infringes on his trademark is BS.

Re:OpenSSH does not infringe!

[GigsVT]

There is a big exception to trademark laws. If your trademark falls into common use as a generic term for something, it basically loses its protection.

One court decisions supporting this precedent was Xerox in the 70s. I'm not sure if it was THE precedent case or not, but I know it was one.

Also: CT: I'd personally never go so far as to call copyright infringement, I shouldn't have to.

It's kind of scary that the person who pretty much runs this little party, which so often addresses IP issues doesn't know the difference between a Trademark and a Copyright.
-

Re:OpenSSH does not infringe!

[Sloppy]

But all but one of those are completely unrelated -- some temperature control thingie, mail catalog, and an electronic organ, I think. None of those are likely to ever be confused with the ssh that we're talking about, so the trademarks don't really conflict.

IMHO, Tatu Ylonen's wishes in this matter should be respected. The only serious weaknesses in his trademark are

1. His product and the open protocol have the same name
2. The "submarine" action: apparently (I don't know this for 100% certain) he didn't start trying to do something about the infringement until after OpenSSH became well established.

If it weren't for these two issues, his claim would be quite solid.

But even with these holes in his argument, he's still pretty compelling, for two reasons:

1. It looks to me like he has acted in Good Faith (something you don't see in all these kinds of cases). Even the submarine action is pretty easily explainable: perhaps he didn't think the similarity between the names was going to be a problem. But then his customers started getting confused. And it's not like he's trying to inhibit interoperability -- he just wants a name changed. And furthermore: he's polite and not arrogant. And instead of hiring a lawyer to write his letter and use terms like "demand you cease and desist", he has explained his arguments himself, and uses terms like "I am asking you to please choose another name."
2. Changing the name of a free software project just isn't a big deal. It's not like OpenSSH is a commercial interest where a lot of marketing dollars and effort has been invested in shoving the word "OpenSSH" into the public's mind. Changing OpenSSH's name to something else, has negligable cost. Accomodating this guy's wishes will not be hardship, or mess up anyone's project or significantly restrict what they can do.

And for those reasons, I think the guy deserves some slack and consideration. Adios, OpenSSH.

One other thought: the name of the protocol should be changed too. Yes, it's his fault that the names conflict. So what? Let's just fix the problem.

---

Re:A SSH by any other name...

[s.a.m]

Well I think that his complaint can be a valid one. When most people in the *nix world are thinking about ssh, most of the people I've talked to think of OpenSSH. They, being the SSH Communications Security Corp., are losing business that they could have gotten from corporations if they were to use their, SSH Communications Security Corp., ssh program which implements the ssh2 protocol.

"I have started receiving a significant amount of e-mail where people are confusing OpenSSH as either my product or my company's product, or are confusing or misrepresenting the meaning of the SSH and Secure Shell trademarks. I have also been informed of several recent press articles and outright advertisements that are further confusing the origin and meaning of the trademark."

As you can see here he's loosing business to a group who have implemented the ssh2 protocol, with a much better nicer and less restrictive license than theirs.

As others have said, if you don't protect your trademark then you loose the ability to enforce it. He's published the protocol under the name of ssh. Now that word just also happens to be the word that they patented. My question is if the word is now used to label something that is implemented in public domain and is avaiable from a standards comittee such as IETF, how the hell can you still use it in a trademark?

"we have offered certain licenses to use the SSH mark to refer to the protocol and to indicate that a product complies with the standard."

It seems to me that his company has allowed the use of the name and if I'm not mistaken, the OpenSSH group got their name from the protocol and not from the originating company. It was not explicitly stated that the name of the protocol couldn't be used in the name itself. If this is the case, then they should be allowed to keep their name as it stands.

Re:*banging head against wall*

[Grab]

> The OpenSSH 'product'?

Excuse me, did OpenSSH spring fully-formed from a random configuration of bits? Of course not. Ppl worked on it, made it, distributed it. Therefore it's a product, as in "something produced". The fact that it's free is neither here nor there; nor is the fact that bcos you haven't paid for it, you don't consider it a "product". As an example, you haven't paid for songs downloaded from Napster, but these songs are still the product of the music industry.

And why is there a requirement to know how the thing works? All the newbie user needs to know is that SSH improves security. Are you claiming that you don't deserve a secure system until you're reached a certain level of experience?!

Grab.

Is the IETF to blame?

[stripes]

As far as I know the IETF doesn't like people publishing RFCs for technology that is patented, but they don't seem to have a similar policy for RFCs for protocalls that have a trademark infringing name, and no useful open use of the mark. Or do they and it was violated with SSH?

SMTP is the protocall, sendmail is the program and trademark. DNS is the protocall, bind is the program, and if there is a service mark it is bind, not DNS.

Why should SSH1/SSH2 be accepted as an open standard if nothing can be named that (or the very similar OpenSSH)?

I do think there are acceptable uses of a trademark on protocall names. If the trademark were used to make sure nothing was called "RADIUS" unless it implmented all the MUST parts of the RFC, none of the MUST NOT, and provided a argment on why SHOULD/SHOULD NOT wasn't followed, then I'm all for it. In that case the mark is actually protecting the word. For SSH the mark is being used after the fact to un-level the playing field.

Re:Is the IETF to blame?

[softsign]

This is just silly.

Tatu isn't saying that OpenSSH developers can't use the term SSH anywhere in their product or documentation. He's merely asking that they change the NAME of their implementation to something different so as to avoid confusion with his product.

So, what's the problem here? You know that sendmail is an SMTP daemon, you know that bind is a DNS server... will it be so mind-numbing to call an SSH client/server something OTHER than SSH? Oh god, the horror...

--

Isn't every computer digital?

[hughk]

Back in the days of yore, DEC had a lovely slogan Isn't every computer a Digital computer? Digital as a logo was rigidle protected but you could still talk about digital computers in general.

A secure shell (note the absence of capitals) is just that. It is a description and could be equated to Boeing trademarking "jet fighter". Ok, so OpenSSH has to change, but the commands shouldn't, neither should the description.

Re:Hmmm...

[Fjord]

1) If you didn't want people to hack on the code, why did you initially release it under a license that allowed that? It can't be retroactively retracted, y'know...

2) The OpenSSH team doesn't need your approval; you in effect gave them your approval when you licensed it as you did (see 1).

It's pretty clear from the whole text that this is not his gripe. He doesn't care that they are hacking the systema and he knows he gave them that right with the license. What he cares about is that it "is also a derivative of my original SSH Secure Shell product, and it still looks very much like my product". The paragraph you quited talks about how the cofusion is worse. This all related to the same thing. They are using the SSH trademark, and there are actualy damages in the confusion because customers continue to use the older code thinking it's an equivelent product.

In short, I doubt he would mind them continuing to use the old code base, as long as they change their name.

Check the original "free" SSH source release

[hatless]

I'd guess that SSH Corp. has a problem on its hands if the version of ssh that they released to the open-source community with no strings attached to form the basis of OpenSSH compiles to a binary called "ssh", and if the source tarball itself is called "ssh".

When Netscape and Sun released major products in open source form, they took some time to change the program's name. Netscape released "Mozilla" to the community, not "Netscape Communicator". Sun released "OpenOffice", not "StarOffice'. The trademark holders retained their "product" and opened up the source to an identical thing with a different name.

That the IETF RFCs authored by Mr. Ylonen specifiy protocols called "ssh" doesn't help his company's belated case.

At least he's trying to be civil about it.

Re:Hmmm...

[TheOutlawTorn]

Whether or not they can isn't the point. What he is saying is that continuing to support SSH1 is a Bad Idea. Kinda like saying continuing to drive a Ford Explorer with Firestone tires is a Bad Idea.

Can he stop them? No.
Do they have every right to continue supporting it? Yes.
Is it a good idea to continue supporting it? I don't think so.

Re:OpenSSH replacements offer...

[mattdm]

I'd say this guy is well within his rights

Except this term is descriptive -- ssh is an acronym for "secure shell", clearly derived from the traditional "remote shell". While it's possible to trademark descriptive terms, they tend to be much much weaker, and do *not* protect against other descriptive use of the term.

--

Re:Name suggestion: FRESH

[(void*)]

I don't know about you, but I am suddenly thinking about Mentos.

Get FRESH!

Kudos to Tatu..

[baptiste]

As opposed to some of these silly things like RAMBUS trying to sue everyone for profit, I think Tatu is right. And he handled it in a very professional and thoughtful manner. Customer confusion can be a major PIA.

He tried to be discreet, and he says he got no exposure, so he posted to all the developers.

I can relate sort of. A few years ago I developed a digital lock product using Dallas iButtons It was intended for residential customers to unlock their houses at the touch of a button. I searched the net extensively trying to see if my preferred name (DigiLock) was used elsewhere. I came up empty. I didn't trademark it myself because we were a small company and I just did want the trademark hassle.

Well, about a year later, I start getting emails and calls from people asking if I sold a DigiLock that would secure a gym locker or cabinet. At first I thought they were confused. Well, eventually, I got someone inquiring to tell me more and eventually found a company that sold locks you could mount on cabinet and locker doors that also used iButtons. They called it the DigiLock and TM was all over the website. Sure enough - a check of the trademark website (which wasn't nearly as useful when I first developed my product) turned up that that company had a trademark for that name and they got it like 6 months before our product was released.

Our products were too close and I honestly didn't want to deal with all the folks inquiring about a product I didn't sell. So I changed the name to something I knew wasn't trademarked. Simple enough and my customers accepted the change easily when we publicized it.

Bottom line is - he's dead on about the added aggrevation dealing with confused customers because of a name.

I vote for secsh.

--

Right!

[Simon+Tatham]

The protocol is called SSH. Now it's obvious that people will want to name their applications after the protocols they implement. So: either Tatu should have named his app and his protocol differently, and trademarked the app name only; or he shouldn't have trademarked the name. If he'd trademarked the app name only, OpenSSH would have named itself after the protocol and there'd have been no problem.

Releasing a supposedly "open" protocol and then trademarking the name is an evil business practice, because it means that only Tatu is allowed to name his implementation in the obvious way. It's the trademark analogy of the GIF trick: releasing a supposedly "open" file format and then patenting the only known algorithm that can generate it.

In fact, this is exactly equivalent to the GIF trick, because he's waited until the OpenSSH name is well established before acting. If he'd had a polite word right when OpenSSH was starting out, they'd probably have released it under a different name initially and nobody would have a problem now. But by waiting until they're established and then complaining, he's trying to force the change of a name people are used to - which will do harm to OpenSSH.

If Tatu were genuinely concerned about brand recognition, he would have (a) arranged that the protocol name could be used without restriction, instead of deliberately making it the same as his brand name; and (b) he would have notified OpenSSH at a more appropriate time. Given that he's done neither of these, it seems to me that he's using this trademark as a weapon, not a legitimate form of protection.

(Disclaimer: this is a moral position, not a legal one. The law will probably not recognise arguments like this. If so, the law needs fixing.)

Re:Right!

[DeadSea]

Names do not have to be functional. Sun gets pissed off when people use Java in the name of the product just because it was written in Java, and rightly so. It makes no sense to me that people name their products/websites things like WinSoAndSo, XWidget, EShop, or JavaInvaders.

Does Ebay have the word 'auctions' in its name? Does Yahoo use the word 'directory'? You can name your product something off the wall, and people will pick up on it.

Name your stuff creativly. It doesn't hurt and you won't be crowding in on somebody else's brand image. (Its called creating your own hype folks.)

Re:Right!

[Chris+Pimlott]

Does Ebay have the word 'auctions' in its name? Does Yahoo use the word 'directory'?

eBay's original name was AuctionWeb. eBay was the guy's ISP's name, which he bought out when his site became popular.

Re:Right!

[pjrc]

In fact, this is exactly equivalent to the GIF trick, because he's waited until the OpenSSH name is well established before acting.

Unisys obtained a patent, something very different from a trademark, and then demanded that all software using the LZW algorithm either pay outragous licensing fees or remove the code and not use the algorithm at all. They then contacted users of software containing LZW (major websites with GIF images) and demanded that the users pay licensing fees as well.

That's a lot different from claiming that his customers aren't savvy enough to tell OpenSSH apart from his product, and simple ask that the name be changed. He's not telling anyone that they can't use the algorithm (though he does advise against it, for what sounds like solid reasons) He's not demanding that anyone pay royalties, which are the things Unisys did with GIF. He's only asking for a name change.

Re:Right!

[Throw+Away+Account]

Actually, they started a linear search beginning with "YA" in their dictionary, because they wanted to name Yahoo in the "Yet Another" tradition.

So they started with two words of an acronym to give them their first two letters, looked for a word, then back-formed the rest of the acronym.

From ssh 1.2.12 COPYING

[Chris+Pimlott]

This the first paragraph from the COPYING file of ssh 1.2.12, the last "free" version of ssh which OpenSSH is based on.

This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland

COPYING POLICY AND OTHER LEGAL ISSUES

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

I find this interesting. By specifically saying when the terms "ssh" and "Secure Shell" can _not_ be used, it is in effect saying that use of these terms in a derivitive work is acceptable (in fact, what better way to show that OpenSSH is derived from SSH that including SSH in the name?).
Moreover, this version was released in November 1995, before either term was registered and before December 1995, when SSH Communicatins Corp. was founded.

I can see him politely asking OpenSSH to change the name, but I can't see that they would be required to do so.

Name game

[blakestah]

OpenSRL (SecureRemoteShell)

OpenCS (CryptoShell)

OpenSRC (SecureRemoteConnection)

OpenSRSH (SecureRemoteSHell)

Re:These idiots HAVE TO BE STOPPED

[divec]

The guy creates a product. The guy builds a business around his product. Other people use the product to create a different product of their own.

You missed out sentences 2 and 3: "He releases it under a Free license. That free license helps it to gain popularity." He's already given away his right to limit modification and redistribution (and by doing so, gained a vast amount of uptake for his product). He can't now take that back. It's like a bank offering zero-interest 5-year loans, then saying "hang on, this is damaging our business, you have to pay us interest after all".

Re:These idiots HAVE TO BE STOPPED

can we please stop confusing copyright and trademarks?
there is no such deed as 'copyrighting something'. copyright is an intrinsic right you get by the mere act of creating whatever you did, be it music, text, image, ...
copyright does not require the author to do anything special to have it. nor does he have to actively and generally protect it. he can sue whoever he wants whenever he wants, independently of the actions he took towards previous 'infringements'.

now trademarks on te contrary are an entierly different class of IP. a trademark is a sign or a word or a phrase that someone went out and got registered (like in this case).
contrary to thecopyright holder, a trademark holder is required to actively defend his mark. failure to do so may lead to the trademark being lost.

this isnt meant to specifically flame the parent post here, but im growing sick and tired of people making silly claims about what an IP holder should or shouldnt be doing if they dont even understand the very basic differences between the different types of IP.

Re:Another reason for this

[finkployd]

Well, that is akin to trademarking the name FTP and going after every FTP client for using your name. How many FTP clients do you know that don't have FTP in the name? Not many. Wouldn't you expect an SSH client to have SSH in the name?

SSH is a protocol, therefor it stands to reason that a product which sole purpose is using the protocol would want to use it in the name to indicate what it does.

Finkployd

Re:Well, they (SSH) are pretty much screwed...

[jrennie]

Do you honestly think the first course of action this guy would take would be to send an e-mail to a semi-public mailing list? Of course not, as he said, he has contacted those who initiated openssh. Apparently, they have refused to change the name, so he's doing what he can to avoid getting lawyers involved. SSH is *his* trademark and he has a right to protect that trademark.

He must actively defend his trademark and he must send out notices and take legal action "quickly," but the definition of "quickly" can depend heavily on the circumstances. If someone started a national advertising campaign for openssh, he would need to react within a few months or weeks in order to not lose his copyright due to inaction. However, for a case where an infringement is lesser known and less publicly known, I'm sure judges generally allow for a longer period of time before action must be taken. If Tatu sent out notices to the main openssh developers shortly after he learned of openssh, then I think it is very safe to assume that he would win any copyright battle in court.

Jason

Re:Some Corrections

[mindstrm]

I'm not sure what you're asking...

The term 'cola' is not trademarked... so the 'cola' part has nothing to do with it.

Trademark only protects your 'mark' in a given 'trade' (hence the name).

Re:*banging head against wall*

[Matt+Booth]

I confused the two initially. The problem was not that I can't read, but that I wasn't aware that there were 2 implementations. I thought that maybe ssh had decided to call itself OpenSSH or something. I didn't think much of it. And there lies the problem. Now I know there are 2 it is a different matter. This is clearly a problem and I think the OpenSSH project would not lose by a name change and would be doing a common courtesy to the original author who, after all, is just asking nicely.

To put it a different way.

[mindstrm]

You say "By your reasoning, any company with a trademark should be fascistic about enforcing their rights as soon and as often as possible. There can be no leniency or they will loose their trademark. That's not exactly a situation I want to come about (not that I have the least say in it, of course)."

Well.. that's *exactly* how trademark law DOES work. You enforce them, or you lose them. That's why you see so many stupid-sounding tradmark violation suits, because the lawyers are making sure they actively police their mark, because if they don't, they LOSE it, for good.

Re:Some Corrections

[Fervent]

He didn't enforce his trademark for the last year and a bit

Bullshit. So me and a bunch of hardware hackers build a new machine, calling it an "OpenApple". We sell them out of our garage for close to a year, until finally they become so popular that most of the computer industry picks up on it, including Apple itself. Apple now files a complaint.

How could the original SSH guys possibly know how big a breadth OpenSSH would get in a year? It's just a bunch of hackers, after all. Not a definable company.

Re:Name suggestion: FRESH

[Ed+Avis]

Why the 'shell' part? SSH isn't a shell.

Bash is a shell. Tcsh is a shell. SSH is a program which makes a connection to another machine, authenticates, and causes a shell (like bash or tcsh) to be run on the remote machine.

Re:Slanting the Coverage

[Col.+Klink+(retired)]

- actually reading the letter doesn't give the impression that the author is "demanding" the name change. He states he is "asking" twice. Yet the comments from slashdot readers are talking about "litigation," "demands," etc.

I guess you missed this part:

Some of the OpenBSD/OpenSSH developers/sponsors have also received a formal legal notice about the infringement earlier.

May I suggest...

[Greyfox]

Butthole Corporate Developers (BCD)

Re:Name suggestion: FRESH

[Amokscience]

This already exists. Check on Freshmeat

http://freshmeat.net/projects/fressh/

well, an extra s but whatever.

Re:Well, they (SSH) are pretty much screwed...

[Kwantus]

it just seems he is bitter because openssh hasn't had the same security holes as ssh

Uh, yeah, that's why he complained about the security problem in older forms of both products and how OpenSSH is prolonging their lives.

I'm sorry; I read his letter; he's not asking OpenSSH to stop development, quite the contrary; he's just asking that they change the name enough that his company isn't put to expense and ... what should I call it, faceloss? ... damage to reputation ... getting inquiries or support calls or misleading journalism because of the consequent confusion. He even asks very nicely. I have no grand philosophical problem with his request; if I had any standing with the OpenSSH project I'd say "let's change the name".

Re:Name suggestions:

[deaddog]

Wouldn't that make it "OpenASS"?
--

No.

[Russ+Nelson]

Did I sum it up correctly ?

No. "Bread" is a descriptive english word. You could no more get a trademark on "bread" as a baked wheat/yeast combination than you could for "Windows" as a trademark for a transparent section of a wall. You could get a trademark for "Bread" windows, or "Windows" bread, because neither of them is descriptive.

That's why we gave up on "Open Source" as a trademark. It's too descriptive.

"Secure Shell" is arguably descriptive, however SSH is not, and "SSH" is what is being claimed as a trademark.
-russ

Damage Control

[AirSupply]

Seems like the best thing he can do in that case is go into "Damage Control" mode. What's that? Give them permission to use the trademark. If he changes his tone to "look, I'll give you permission to use my trademark so long as you include a notice in your product that (a) states the trademark is mine, and (b) clearly explains that SSH and OpenSSH are unrelated products." This means that we don't have to go through the confusion of a name change, he gets to look like the good guy, and we can actually work on what he claims to be the problem: customer confusion. I'm sure the OpenSSH guys have no problem with emphasising the distinction between the two, even if it means giving the commercial SSH a bit of free advertising.

Not only does he get to look like the good guy this way, he might even salvage his trademark rights, assuming that they have a chance of being beaten in court as it stands. "Yes, they are using my trademark, but they have my explicit permission to do so."

A bit of cooperation is better than a tonne of coercion and legal sabre-rattling any day.

Re:Damage Control

[martin-k]

No, trademarks are goods on their own, and they might be sold, leased, licensed, sub-licensed - whatever the trademark owner wants to do with them. This does not dilute the trademark, only non-action on infringements does.

So, giving the OpenSSH people the right to use the trademark under a licensing agreement is a perfectly valid way to solve this. The problem will be however to work out a contract that all parties can agree upon.

-Martin

Re:No, he doesn't have to do so

[Watts+Martin]

If you look at ssh.com, you'll see "SSH (R) Secure Shell tm." "(R)" means, I wish I had any rights to reserve.

No, "R" means "registered." After a trademark has been in use for two or more years (with the "TM" mark), it can be registered with the patent and trademark office; until it's officially approved it's "trademark pending"--which indicates the process is underway.

Simply using another name isn't going to kill anyone. "FreSH is a free, open source implementation of the SSH2 protocol." Bam. (The hardest part for most people would be learning to type "fresh" after their fingers are trained to type "ssh"... although on second thought, you know everyone's going to just make a symbolic link to "fresh"--or whatever it's called--from "ssh" anyway.)

People in the open source movement are very good at standing on principle, or at least shouting on it, but there are times I think they should be a bit more willing to accept "be courteous" as a valid principle, too. "Technically we can do this, so screw you, corporate whore" may give you a warm fuzzy feeling, but it's an attitude which quashes useful communication.

This is great for OpenSSH

[ajs]

This is an ideal PR moment for OpenSSH.

Here's what you do:

1. Get everyone to know tht the SSH folks are being pains in the ass.
2. Hold a naming contest for OpenSSH.
3. Splash the resulting name around as "the new name of network security"

Get everyone to stop using the term "SSH", since we don't want to confuse anyone into using legacy software. Get them to use the real deal!

Re:Name suggestion: FRESH

[cyberdonny]

<Off-topic>
Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....
</Off-topic>

But then, gdb would have been called liberated software debugger. Oops!

On the bright side...

[howardjp]

At least this can get rid of the openssh.org vs. openssh.com complaint...

An incongruence on the argument

[Ektanoor]

In a market point of view while I wouldn't blame the author for restricting the use of SSH, I would clearly note that the term "Secure Shell" is less of being considered as a trademark. Sorry Mr. Ylonen but morally you are incorrect on the whole. You also once took the term "Shell" and "SH" from somewhere right? Let us note that these things are "Remote Shell" and "RSH", a UNIX system for remote use. So your restriction is, in a moral point of view quite incorrect.OpenSSH people is doing the same you did some years ago. And don't tell me these things are different. Look back at those times before you started building the Corp.

But let's forget this point and restrict to the money one. SSH Corp., (TM) as we see, is loosing money. So, we may understand they wish to avoid confusions with those who are, _potentially_, hitting their pockets. So it may be understandable that SSH wants to restrict its name. But there is a problem here. Also, in economical terms, SSH didn't do a bunch to secure its own name during all these years. So now "SSH" AND "Secure Shell" are terms of use. Much like "telnet", "ftp", "http". The only to blame here is Mr. Ylonen himself. Well we may give out SSH back to the owner if he wishes to. However the term "Secure Shell", a composition of two common words and being a technical derivate of "Remote Shell" conceptions is harder to give out. Meanwhile it is an established technical concept. Restricting such term for private use is a serious demonstration of being very unfriendly to a huge community of users and developers.

Mr. Ylonen is not only securing a trademark but also creating hassles in hows and whens of the use of a technical concept. By trademarking this concept he is forcing people to create other namings and conventions. This will break a continuity of the use of these namings and conventions on technical docs, manuals and products. Whishes he this or not, he is doing more damage then use. Frankly, this may be the real killer of the SSH mark as people may choose other namings and conventions to avoid such selfish consideration of his own value.

Re:An incongruence on the argument

[Fervent]

No, he is trying to prevent the use of a name which is identical to his product's. It is a very reasonable request ("continue to make the product, just please don't use that particular name").

Next time, try to not hide being an idiot with bombastic text.

Re:may as well change the name of openssh

[Greg+W.]

rsh isn't a shell either. there was no "style of naming" since rsh was the only odd man out.

It doesn't matter whether it's a "shell" or not. In fact, it does follow the naming pattern of several other commands, collectively known as the "r commands" -- rlogin, rexec, rcp and rsh.

• rlogin - remote login - "kinda like running login, but remotely"
• rexec - remote exec - "kinda like running exec, but remotely"
• rcp - remote cp - "kinda like running cp, but remotely"
• rsh - remote sh - "kinda like running sh, but remotely"

So now we have ssh (secure remote sh) and scp (secure remote cp).

I think that covers more than the logo

[Paul+Crowley]

Misdesign of the USPTO database means I can't follow your link; everyone will have to do their own search. Oh well, that they're idiots we knew.

However, it looks as if the one relevant live trademark, held by "SSH Communications Security", is I think meant to cover the name as well as the logo: thus the opening line "Word Mark: SSH" and the "Mark Drawing Code: (5) WORDS, LETTERS, AND/OR NUMBERS IN STYLIZED FORM".
--

Wrong! There's a difference between TM and patents

[yerricde]

In fact, this is exactly equivalent to the GIF trick

Not necessarily. There's a difference between trademarks and patents. Open*** can comply by simply changing its name to FreSH (free shell). (The same thing happened when The Tetris Company tried to sue Tetris cloners; the cloners simply changed the name of their products.) GIF writer developers have to completely abandon GIF, as LZW compression (a necessary and irreplaceable part of the GIF87 and GIF89 standard) is patented.

Like Tetris? Like drugs? Ever try combining them?

What they can gain:

[TheWhiteOtaku]

Isn't it obvious what they can gain? (Hint: it starts with "m" and ends with "oney")

Re:What they can gain:

[Fervent]

Bullshit. The guy's just trying to protect the name. That has little, if anything, to do with money.

OpenSSH needs to take a lesson from Mesa & OpenGL

[UnknownSoldier]

The OpenSSH teams needs to take a lesson from Mesa. OpenGL is a trademark of SGI. Just change the name of OpenSSH, and you never have to worry about these stupid trademark infringements again.

*shrugs*

Secure Shell can not infringe!

[TheDullBlade]

Whether it's registered or not, it's clearly been promoted by the holder as a general term, and the "trademark violation" has been knowingly tolerated for a year or so without action. He doesn't have a leg to stand on.

But the one that kills me is "trademark pending" on Secure Shell.

How utterly pathetic.

Have I mentioned my pending trademarks on "Word Processor", "Web Browser", and "Operating System"? I'll be busy sending out letters like his for a while myself.
---

More SSH News

[ssimpson]

Just read on the cryptography@c2.net mailing list that the Fressh package has a security hole - when a /dev/urandom is not present the code falls back to an awful 'random number generator'.

See the message original message below:

Date: Wed, 14 Feb 2001 14:29:00 +0000
From: Charles M. Hannum
To: cryptography@c2.net
Subject: Bad PRNGs revisted in FreSSH

The newly announced FreSSH, when there is no /dev/urandom available,
uses a `fallback' to seed its PRNG that consists of:

[Fucking code snipped coz Slashdot filter no longer accepts C source code because it detects 'junk characters' - WTF!?!?!]

I don't think I need to tell people on this list why that's absolutely
horrible; I'm just pointing out that code is still released today with
crap like this. I would have thought we'd learned this lesson years
ago with the AFS, krb4, Netscape, et al vulnerabilities.

A SSH by any other name...

[kieran]

My one objection to this is the obvious: isn't it a little late to start complaining? He doesn't mention when he first got around to asking the developers about this, but OpenSSH has been around for a while.

That said, if the developers are willing I wouldn't have any great problem with a name change. Perhaps "ossh"? *shrug*

Re:A SSH by any other name...

[Pig+Hogger]

How about OSS?

That would be a fitting tribute to the CIA's ancestor, the Office of Strategic Services... :) :) :)

--

Re:A SSH by any other name...

[sethgecko]

but OpenSSH has been around for a while.

A little over a year. Don't know if that's what you mean by "a while." And ossh alreay describes a different free implementation of ssh. I like the earlier suggestion of "shush". Or maybe OpenShuSH.

Re:A SSH by any other name...

[elegant7x]

First of all, no one patented anything. If you don't know the diffrence between patents, trademarks and copyrights, please be quiet. My question is if the word is now used to label something that is implemented in public domain and is avaiable from a standards comittee such as IETF, how the hell can you still use it in a trademark?

From my understanding, The Protocol Specs *did* include a trademark note when talking about SSH, and the Protocol itself is called SECSH, not ssh.

Amber Yuan 2k A.D

He *has* to do so

[sharkticon]

Don't blame him, he has no real choice in this matter. Trademarks have to be protected, no matter how little you care, or else they will become invalid and anyone can use them. If he doesn't go after OpenSSH, tomorrow it'll be Microsoft using the name.

Blame instead the entire trademark system which has perpetuated this kind of attitude. It's gone from a system meant to protect rights to one that encourages, even demands, companies to trample all over their rivals.

Re:He *has* to do so

[TicTacTux]

Well, this is about the first time I see a copyright holder contacting his 'opponents' in a rather friendly manner. You may argue about his claim but at least formally he's showing manners and common sense.

That said I suggest that we at least *try* to find a way to solve this manner; unfortunately most postings here range from 'get lost, creep' to downright hostile, but I haven't seen many that are constructive.

So, how about 'Secure Telnet' or 'Secure Login' (as it is not exactly a shell but rather an encrypted connection to a shell)? Ah, yes, something with 'Open' in it (doesn't that contradict the 'secure' term? A secured system cannot exactly be described as 'open', right?). So, how about OSTAKAS (Open Secure Telnet Also Known As SSH). Uh, no, the acronym must be recursive, like ONS (O's Not SSH).

Now go use your imagination, this one time not for coding...

Well, they (SSH) are pretty much screwed...

[kramer]

As always, IANAL --

Trademarks must be defended against infringments or you risk losing them. Further, they must be defended as quickly as possible against infringement. You're not allowed to let someone use it for a couple of years then suddenly decide to go after them when they become successful.

By looking at the whois record for openssh.com, it's obvious that Openssh has been using the name Openssh publicly since at least October of 1999. That's well over a year. I would hardly call this a timely filing.

Re:Well, they (SSH) are pretty much screwed...

[mlong]

Everyone is whining "but if he doesn't defend it, he'll lose it". Well first off, he always has the option to license the use to OpenSSH (for $1 or whatever). And secondly, OpenSSH isn't even a commercial venture...it just seems he is bitter because openssh hasn't had the same security holes as ssh

Re: secsh

[Greg+W.]

So why not bite the bullet and call it Secure EXchange (sex)? ;-)

(Yes, I know, there's already a text editor called sex ("Simple Editor for X"). It's still a fun name.)

Butthead Astronomer

[jon_adair]

He better be remember what Apple did when Carl "butthead astronomer" Sagan complained about them using his name.

Trademark on Aspirin�

[yerricde]

Tylenol-brand pain reliever" is OK; "Aspirin-brand pills" is not.

Except in some jurisdictions, Bayer still has a trademark on ASPIRIN® brand acetylsalicylic acid pain reliever. See also this Flash map of jurisdictions.

Like Tetris? Like drugs? Ever try combining them?

*banging head against wall*

[Ryvar]

I swear . . . sometimes people, no matter how much I may respect their past accomplishments, make me want to rip off my own head and beat it vigorously against the nearest wall in frustration.

The OpenSSH 'product'? I don't think of OpenSSH as a product, a product is something 'consumers' 'buy' or 'sell', not a freely distributed tool. I realize that not everyone is going to be a security guru right off the bat, but until you actually are able to distinguish SSH from OpenSSH, then I'm not sure why it matters as you clearly haven't passed the minimum intelligence test to use either. Is SSH1 broken? Yes, but (BUT!) . . . SSH2 isn't available for a lot of things that SSH1 IS available for - and SSH1 is a hell of a lot better than 'telnet '

--Ryvar

Re:*banging head against wall*

[Znork]

True. And the basic problem is I cant get an order for 5000 licenses of SSH through the purchasing department without a 3 year project, but I _can_ push OpenSSH into our servers.

Which, of course, means that I will advocate OpenSSH rather than SSH, since one is implementable in assbackwards large corps and the other one isnt. And since I know that a load of other people have the same problem, Id guess that SSH should be very glad they're getting buisness from people who confuse OpenSSH with the proprietary SSH product, because SSH dropped off the roadmap as being useable at the same time they went proprietary and dropped a load of platforms.

Be the tail that wags the dog...

[emil]

OpenSSH team - require a command-line argument to activate "commercial ssh compatibility mode." Place this argument in both the client and the server. Do not enable it by default.

OpenSSH has a much greater market penetration than commercial ssh, and it is our community that controls him, not the other way around. He will require a demonstration.

p.s. I suggest a new name of "esh" or "ensh" for Encrypted Network SHell...

Re:Having been through something like this before

[SubtleNuance]

4. Tatu says he has registrations for "Secure Shell" pending.

If this passes through the US (USPTO?) I would be very disappointed. Registering 'Secure Shell' is about as logical as 'Fast Harddrive' or 'Soft Towel' or 'Comfortable Chair'. It is obviously simple description..

How long do you think until his registration is approved? :(

Where is this mark abandoned?

[HopeOS]

There's no guarantee that I can navigate the USPTO website, but where in this trademark record is it abandoned? I used TESS, the basic search, and entered SSH. Am I missing something here?

Word Mark SSH
Goods and Services IC 009. US 021 023 026 036 038. G & S: computer programs and software for preventing unauthorized access to computer networks and for providing secured connections to computer networks
IC 038. US 100 101 104. G & S: telecommunication services, namely, providing secured telecommunications connections to a global computer network
IC 042. US 100 101. G & S: maintenance and support services for computer programs and software
Mark Drawing Code (5) WORDS, LETTERS, AND/OR NUMBERS IN STYLIZED FORM
Serial Number 75150525
Filing Date August 15, 1996
Filed ITU FILED AS ITU
Published for Opposition December 16, 1997
Registration Number 2141991
Registration Date March 10, 1998
Owner (REGISTRANT) SSH Communications Security Oy JOINT STOCK COMPANY FINLAND Tekniikantie 12 02150 Espoo FINLAND
Attorney of Record MICHAEL B LASKY
Section 44 Indicator SECT44
Priority Date March 1, 1996
Type of Mark TRADEMARK. SERVICE MARK
Register PRINCIPAL
Live/Dead Indicator LIVE

Kha0S Linux

[Kha0S]

When a bunch of people came out with "Kha0S Linux", I got lots of contact from people on IRC and elsewhere... I just took it in stride, and made sure that everyone knew that I wasn't the writer of it.

Oh, except for a few people. I pretended I wrote it and told them that I had special anti-lamer code that would destroy their hard drive if they tried to install it.

Snicker.

Let try and decide

[jjr]

On a new name for OpenSSH. Something that will not confuse the average guy on what is what product.
1) Secure Login (SL)
2) Secure Telnet (ST)
3) Secure Remote Shell (SRSH)
Help me with more I am to tired to think right now

Re:Let try and decide

[Col.+Klink+(retired)]

Secure Host to Host (SHH).

Re:Let try and decide

[pjrc]

Secure Host to Host (SHH).

That's a damn good idea!

Re:Hmmm... Problem with that

[drudd]

You're missing the point...

The problem is not that openSSH resembles the original SSH, it has to in order to do what it does. But when it looks like SSH, acts like SSH, and the name is similar besides, it definitely can cause confusion.

IIRC, debian installs openSSH (since it falls under it's definition of "free"), but the package itself is called ssh. A user may think they are getting the true "ssh," when they are actually getting openSSH. This is a definite example of trademark confusion.

What wouldn't be bad is if someone released a first person shooter like quake, calling it openSSH. No confusion could arise, the fps "openSSH" and the secure shell "SSH" would be completely different products.

Doug

Then that's different...

[mindstrm]

I mean, if they've ignored him all along, that's different.

Though I'd still maintain that it's news to most of us that 'ssh' is a registered trademark (tm), given the open protocol specs by the same name, and the plethora of tools that use the ssh name.

Huh?

[ooze]

Sorry for requiring you to change your product name from OpenBread to something that doesn't confuse with my high quality Bread products trademark. Everybody is welcome to use the open available recipe for for their products, but just don't call them Bread. I had a lot of work making my company well known as a Bread Baker.

Did I sum it up correctly ?

Re:SSH1 vs SSH2

[roca]

> the attacks on ssh1 are of a difficulty roughly
> on par with stealing a TCP connection from a
> modern OS: the attack is possible, but extremely
> impractical.

This comment demands clarification.

"Blind spoofing" (when the attacker cannot sniff packets being sent between the target machines) against a modern operating system is indeed very difficult because it requires guessing of sequence numbers.

However, if the attacker can observe the traffic (e.g., they're sniffing the ethernet of one of the machines participating in the connection), then it is easy to hijack the connection.

I seem to recall

[mindstrm]

that the suit wasn't over the term 'x86' but over the '386, 80386, 486, 80486' etc individually...

Intel clamied they were 'trademarks', and that by making compatable chips and calling them '486' etc... they were infringing.

The court ruled that you can't trademark a number, a part number even.

That's why the 80586 was called the Pentium, and all advertising shifted to saying 'Pentium' instead of '586', because the word Pentium *Could* be trademarked.

OpenSSH replacements offer...

[Noryungi]

OpenSHHHH... Sorry, we can't mention the name of the "other" product.

OpenSHL... Hey, what's a single letter between friends?

Open S S H... Oh, Come on, quit whining. You registered "SSH" and NOT "S S H", so there!

OpenWhat?... How do you pronounce "SSH" anyway?

Open-You-Know-What... Just add a ".org" and, presto! We are back in business...

WeAreSecureAndWeAreCanadian... Yep, it's getting longer and longer.

OpenSourceSecureShell... There, feeling better already? Shush, it's all going to go away.

Ho and by the way, I want to get sued too!! I am going to register:

openssh.co.uk
openssh.org.uk
openssh.fr
openssh.asso.fr
openssh.ch
openssh.it

(...etc...)

Anybody cares to bankroll me ?? =)

Bonus question: How on earth can you copyright a three letters acronym? I'll try copyrighting "IBM".

At least, it's going to make the fight more interesting and potentially more lucrative. Hmmmm. US$50,000,000 out-of-court settlement. Please note that this is just the "Acronym", not the logo, which is copyrighted by our big, blue friends in Armonk.

And remember people: OpenBSD needs your help! Order your 2.8 CD today and makes the world a better place for security and a worse place for script kiddies and copyright hoarders...

Re:OpenSSH replacements offer...

[X]

Bonus question: How on earth can you copyright a three letters acronym? I'll try copyrighting "IBM".

He didn't copyright SSH, he trademarked it. You can indeed do this, and IBM is indeed a registered trademark.

Actually, when you look at this case, it's a pretty clear example of why trademarks were created in the first place: to avoid customer confusion about branding. I'd say this guy is well within his rights.

Re:OpenSSH replacements offer...

[Noryungi]

I stand corrected! This is what happens when you read a news item too fast, I suppose.

(I still think that "Open S S H" is a good idea, though...)

=)

Hmmm...

[BJH]

Just to point a few things out...

I would thus like to ask you to change the name OpenSSH to something else that doesn't infringe the SSH or Secure Shell trademarks, basically to something that is clearly different and doesn't cause confusion.

OK, I can go along with this. He has the trademark, the two applications are very similar, I can see where he's coming from.

The confusion is made even worse by the fact that OpenSSH is also a derivative of my original SSH Secure Shell product, and it still looks
very much like my product (without my approval for any of it, by the way). The old SSH1 protocol and implementation are known to have fundamental security problems, some of which have been described in recent CERT vulnerability notices and various conference papers.
OpenSSH is doing a disservice to the whole Internet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols.

Now this is a completely different kettle of fish.
1) If you didn't want people to hack on the code, why did you initially release it under a license that allowed that? It can't be retroactively retracted, y'know...
2) The OpenSSH team doesn't need your approval; you in effect gave them your approval when you licensed it as you did (see 1).
3) Yes, SSH1 has security problems. WHo developed it? You did. Also, IIRC, OpenSSH was just about the only implementation that wasn't vulnerable to several of the vulnerabilities that have been found so far.
4) OpenSSH supports SSH2 anyway, so I don't see how its existence is encouraging the use of SSH1. More than likely, people who had been put off by your version of SSH2's restrictive licensing terms moved to SSH2 only when OpenSSH provided it.

All in all, it seems a mix of a legitimate claim with some very clumsy revisionism and FUD.

Re:Hmmm...

[PigleT]

1) If you didn't want people to hack on the code, why did you initially release it under a license that allowed that? It can't be retroactively retracted, y'know...
2) The OpenSSH team doesn't need your approval; you in effect gave them your approval when you licensed it as you did (see 1). </i>

Here here! Exactly what I was thinking of saying, couldn't agree more.

Me, I don't see why there should be any confusion regarding `SSH' and `OpenSSH': I spell them differently, what more could you ask for?

As far as the commandname goes, it implements a secure shell - so `ssh' is a perfectly reasonable abbreviation, to me.

If you don't go round putting `(R)' after everything, you won't have a trademark problem. And while I'm passing by that, what was that I saw about "pending"? Get a trademark properly registered, *then* come moaning, or better still, do neither.

To me, Tatu's mail sounds like he's regretting the fact that openssh is moving ahead faster and with better publicity than the commercial one. Well, that's what you get for expecting to make money in the wrong arena, tough cheese.

Me, I've just installed a new RH6.2 box to be colocated in the next couple of days, and for remote access, I've put openssh on it. The non-free sshd quite simply doesn't get a look in, the license is too confusing.
~Tim
--
.|` Clouds cross the black moonlight,

Re:Hmmm...

[biglig2]

He may be (legitimately) worried that if OpenSSH is less secure than SSH (and I have no knowledge either way) , and there is confusion between the two, then he may be "tarred with the same brush".

But he doesn't express that well.

Re:These idiots HAVE TO BE STOPPED

[Fervent]

SSH is different in that it's not really a word in the English language, whereas "Word" is. If MS tried to enforce a lawsuit regarding the name "Word" to any extent, they'd likely be laughed out of court.

Re:Name suggestions:

[shokk]

HSS - Host Secure Session

Since it's definitely more than just a shell now.

Re:Name suggestions:

[sharkey]

NAVASSHOSSH: Not As Vulnerable As SSH Open Secure SHell



--

Re:Having been through something like this before

[deeny]

Actually, that's NOT a good example. Bayer's trademarks were seized by the US during WW1. See:

http://www.britannica.com/bcom/eb/article/0/0,5716 ,121640,00.html

_Deirdre

Doesn't matter.

[mindstrm]

If it was a garage operation they didn't know about, that would be different. How could they enforce it if they didn't know about it? You're right there.

That is not the case here. OpenSSH is highly visible, and they even admit they KNEW about it a long time ago. It doesn't matter how big or small they are; if they are infringing, you must do something about it.

Re:Having been through something like this before

[roca]

> Having not defended his trademark for four
> years, Tatu will have trouble getting others to
> drop the name "SSH" or combinations thereof.

Yep...

> HOWEVER, this protects only existing uses of the
> name "SSH", not other individuals or
> companies using the name for future products.

I believe this is not the case under US trademark law. Other people have cited the case of "aspirin": Bayer failed to protect the trademark and so now it is in the public domain. New products can be called "aspirin".

My objections to the suit

[mfterman]

Normally I'd be on the side of the person who owns the trademark except there are a few things about this that I do not like.

First off, getting SSH as the name of an IETF protocol, and then trademarking it. This is the act that really stinks. Its as bad as Apple's Firewire stunt, getting an IEEE protocol set up and trademarking the name associated with it. This reeks of trademark trapping, or trying to grant oneself a monopoly with regards to an IETF protocol, or at least an unfair advantage. Only his software can use the name of the protocol in the name of the software using the protocol. It would be like trademarking HTTP.

Second off, I am somewhat suspicious at the time lag involved between the founding of OpenSSH and the present. If you're going to do the trademark enforcement thing, do it at the very beginning and go with the lawyers and accept the PR meltdown that is going to result because you did a sleazy thing like trademark an IETF protocol in the first place.

In short, this is someone who is trying to have it both ways. Playing the IETF and open standards game while still having the trademark and the exclusive right to make software with the name of that protocol in it. He tried to engineer himself an unfair marketing advantage and some reasonable uses of the SSH protocol name are causing him business confusion. You will notice there is no talk of his changing his software name and setting up a new trademark. And while you can talk about his investment in the mindshare of the SSH name, he did it in a fashion that puts other people trying to use the SSH protocol at an unfair disadvantage.

Now, perhaps I am being unfair here, perhaps he did not intend to do things that way, at least not consciously. But the end result is the same. He took an open protocol name and trademarked it so that no one else could use the protocol name in software that implements the software protocol but him, giving him an unfair advantage. Now that people are trying to erode that unfair advantage, he is crying foul, and after other people have invested work in the OpenSSH brand name as well.

Oh yes, and tradmarking "Secure Shell" strikes me about on the level of trying to trademark "Windows". You might be able to do it but its a really sleazy thing to try. Whatever sympathy I have for him was completely destroyed when that fact came to surface. This is a person using trademarks in an abusive fashion and I'd like to see that reap the rewards it deserves.

Name suggestions:

[X]

• NSSH: Not Secure SHell.
• GNASSH: GNASH's Not A Secure SHell.
• ASS: A Secure Shell.
• SSH NT: SSH Not Trademarked.
• LDUSSH: Lawyer's Don't Use Secure SHells.
• RSSH: Really Secure SHell.
• (In case the previous one is not different enough) RRSSH: Really, Really Secure SHell.

Re:Name suggestions:

[JoeShmoe]

No! Because then the goatse.cx guy would actually be considered on-topic. [shudder]

- JoeShmoe

SSH1 vs SSH2

[Leto2]

Tatu writes in his email:
"The old SSH1 protocol and implementation are known to have fundamental security problems, some of which have been described in recent CERT vulnerability notices and various conference papers. OpenSSH is doing a disservice to the whole Internet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols."

I've always used ssh1, I don't know why, I guess because the first time I started using it, a friend said to me: "Use ssh1, ssh2 sucks". So I did. What are the main differences between ssh1 and ssh2 and why is ssh1 fundamentally broken and ssh2 not?

Also, last time I looked, OpenSSH can use both protocol 1 and 2.

Re:SSH1 vs SSH2

[Weezul]

I do consider ssh2 to be broken crypto. The protocol specifies the base and modulus for its public-key-exchange algorithm. This means that anybody can sit down and "study" that base and modulus for weaknesses and attack spots. Heck, the NSA -- or Tatu -- could have pre-computed the information necessary to break the encryption on an ssh2 stream.

Why did he do this? Dose he want to try to kill competition by making a protocoll which no one can use without being insecure or is there some reason why he did not feal that this was a threat?

Re:SSH1 vs SSH2

[Dunedain]

I've always used ssh1, I don't know why, I guess because the first time I started using it, a friend said to me: "Use ssh1, ssh2 sucks". So I did. What are the main differences between ssh1 and ssh2 and why is ssh1 fundamentally broken and ssh2 not?

Put simply, Tatu considers ssh1 broken because he released it under a non-restrictive license and wishes he could take it back. While it is true that ssh2 encrypts more of the communications channel than ssh1, the attacks on ssh1 are of a difficulty roughly on par with stealing a TCP connection from a modern OS: the attack is possible, but extremely impractical.

I do consider ssh2 to be broken crypto. The protocol specifies the base and modulus for its public-key-exchange algorithm. This means that anybody can sit down and "study" that base and modulus for weaknesses and attack spots. Heck, the NSA -- or Tatu -- could have pre-computed the information necessary to break the encryption on an ssh2 stream.

The above is a quick sketch of the arguments for why ssh1 and ssh2 are broken, together with some highly cynical suggestions for why they might be built that way. Go do some real research before you pick crypto to trust with anything you care about.

Re:SSH1 vs SSH2

[Daffy+Duck]

I agree. I may be highly misinformed, but I also don't trust SSH2 over SSH1. Although there is the insertion attack for SSH1, isn't it true that all recent implementations detect it and shut the connection down?

And doesn't SSH2 rely on DSA public keys? I don't trust them either, for pretty much the same reason that PuTTY doesn't (see the non-wish-list) - namely, that if anything goes wrong with the random number generator, it's the private key that gets compromised, not just a single session.

Can anyone more knowledgeable confirm or deny this?

Original Licensing Restrictions?

[sterno]

What I'd like to know is, what were the original rules under which the source code and protocol of SSH were made publicly available? It seems to me that if there was some concern over use of the trademark SSH, restrictions about that should have been included in that license. If you look at different open source licenses, many of them make express stipulations about trademarked names that cannot be used by derivative products.

It seems to me that this is a too little too late scenario. OpenSSH has been around for a long time and he hasn't taken issue with it until now. Now, it could be argues that OpenSSH has had time to build it's own name associated with a certain quality of product, etc. If they were forced to change their name, it might cause confusion for people who wanted to find their product.

Has he made his complaints earlier, OpenSSH would have been named something else, and today we'd all be using an SSH replacement called something else. Sucks to have to go to court over such things, but I think the OpenSSH group has a strong case at this point.

---

Sorry, James, trademarks must be defended

[Russ+Nelson]

Sorry, James, trademarks must be defended or they will be lost. And there is substantial value to USERS to know that a name has a meaning fixed by law. It is that value they wish to protect for their USERS. Or don't you care about users?
-russ

Re:Name suggestion: FRESH

[JoeShmoe]

Speaking of which, if you write a program that create a FRESH connection, be careful what you name it because Mentos already has a trademark on "FRESHmaker". =P

- JoeShmoe

Re:Yes.. but..

[roca]

Well, just for the record, TTSSH didn't have any of these bugs either.

Re:Having been through something like this before

[roca]

OK, so Bayer's not a good example, but what I said is still true :-).

Re:Yes.. but..

[sethgecko]

just for the record, all SSH1 implementations except for OpenSSH 2.3.0 had the flaw. This includes the commercial SSH. But shame on me for responding to a troll.

RFC

[bperkins]

It seems to me that since the protocol is called ssh in the RFC:
http://www.free.lp.se/fish/rfc.txt, which seems to predate his application for a trademark, he doesn't have a a valid claim.

In this RFC, the name of the protocol is ssh. It would be a violation of the RFC to call it anything else, and it would lead to confusion.

OpenSSH is *exempt* (IANAL)

[localman]

Trademark law specifically exempts non-commercial usage. Although the examples given are "parody, satire and editorial commentary", it does state that non-commercial use is exempt from trademark law.

I don't think the drafters of trademark law ever thought someone would give something away over a long enough period of time to be a problem. Good to see that the outdatedness of these laws cuts both ways.

Trademark applies to *command*?

[Guy+Rixon]

I hope that the trademark business only affects the name under which OpenSSH is publicized, not the command-names for the actual programmes. Given that OpenSSH is a clone, it ought to be invokable with the same commands as the "real" SSH product.

If this is so, then I don't think it really matters much for the OpenSSH side; AFAIK OpenSSH isn't really marketed, so the cost of changing its name is negligible. But if the trademark covers the actual ssh command, then the trademark is doing real damage to the community.

Regard this as an opportunity.

[Godwin+O'Hitler]

...an opportunity to get rid of that nondescript name and call it by a name that's more suggestive of what it does. I'm sure I'm not the only person to be saturated with initials to such an extent that sometimes I can't even remember what I'm talking about.

The original SSH license

This is the license that OpenSSH is based on:

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

Sure looks like 'permission' to me.

Another reason for this

[MobyDisk]

He hinted at another reason for all this:

"OpenSSH is doing a disservice to the whole inernet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols."

Also - Isn't the actual protocol, as recognized by the IETF, named "SSH" - if so, how can you trademark that?

Protecting Copyrighted name? I don't think so...

[natet]

>Why shouldn't the guy protect his own, copyrighted, name? Seems like a perfectly reasonable request to me.

Except, that the copyright doesn't protect the use of the name IN another name. Let me give you an example. In my home state, there were a couple of water parks, Magic Waters, and Rageing Waters. Both had Trademarked names. Rageing Waters came first, but had no right to tell Magic Waters to change their name because the use of Waters might make it difficult for people to differentiate them. OpenSSH is A DIFFERENT NAME entirely than SSH IMHO. If SSH's clientelle can't tell the difference, then they are IDIOTS.

The part of this letter that really pissed me off was this:
The confusion is made even worse by the fact that OpenSSH is also a derivative of my original SSH Secure Shell product, and it still looks very much like my product (without my approval for any of it, by the way).

Correct me if I am wrong, but telnet used that Look and Feel LONG before SSH ever came into the picture. So getting this jokers "approval" was not an issue. Further, this was completely off the topic of the letter. It should never have been brought up. If his beef was to get the OpenSSH guys to change their L&F, then he should have SAID that.

I realize this guy is only trying to protect his own interests. But, there are hundreds of products out there that the names only differ by one word. Example: Windows, and the Open Windows projects. I don't see M$ flipping out over that one. Another example is the ACS and Open ACS tools. The problem here is that SSH is not a significantly BETTER product than OpenSSH. Instead of throwing a fit over the name, perhaps SSH should make an attempt to DIFFERENTIATE their product significantly from OpenSSH. Requesting that OpenSSH change their name seems like a rediculous request to me. It says what it is, an OPEN implementation of the SSH standard.

It is time for companies to stop stomping on the little guys and INNOVATE instead. Instead of jumping on the litigous bandwagon, make your product BETTER than the competition. When I decide to buy or use a software solution, who has the better lawyers shouldn't even be a factor in my decision. But it is fast becomming one.

Re:These idiots HAVE TO BE STOPPED

[sql*kitten]

If MS tried to enforce a lawsuit regarding the name "Word" to any extent, they'd likely be laughed out of court.

On the contrary. If you released an equivalent product under the same name, they'd probably have quite a good case. If, on the other hand, you wanted to sell a chocolate bar named "Word", there would be nothing Microsoft could say.

I cite the long running VAX (computers) vs VAX (vacuum cleaners) trademark clash. What seems to happen is that as soon as a new lawyer joins either organization, they notice the "infringement" and send a form letter. The opposite organization sends a form letter back, and that side's senior lawyers thwap the junior upside the head, then both organizations just go back to quietly ignoring each other :0)

Re:Yes.. but..

[sethgecko]

attention mods: the parent post is +1 insightful. please mod this up.

attention karmawarrior: that was very well put.

Yes.. but..

[mindstrm]

How long has it been going on? They knew about it for years... many have used the SSH mark. It's probably fair to say that it has become a common name (dilution) and no longer has a sole brand-name value.

Trademark is not like patent; you MUST enforce it or lose it. THey should have been asked to stop using it a LONG time ago, not just recently. SSH hasn't protected their mark, so they lose it.

Re:Yes.. but..

[sethgecko]

is that what you say? Tatu Ylonen seems to have been nice enough not to challenge OpenSSH on the trademark dilution until now. He hints that it is because of the recent furor over SSH1 security holes that he is reluctantly doing this. By your reasoning, any company with a trademark should be fascistic about enforcing their rights as soon and as often as possible. There can be no leniency or they will loose their trademark. That's not exactly a situation I want to come about (not that I have the least say in it, of course).

By the way, it's not exactly years. OpenSSH was inroduced with OpenBSD 2.6. Released December 1, 1999. So roughly a year and 3 months.

Re:the motion of FRESH (my random opinions)

[Omnifarious]

This is how I initially felt about it, and still do to an extent. He actually is upset that OpenSSH exists, and not just because of the name. He lets that slip into his message a couple of times. I also think he chose this method of informing people more because of the PR meltdown he knew would insue if he used a lawyer.

Overall, I think changing OpenSSH's name would be a good idea. The argument about SSH being the name of a protocol is well taken, and perhaps the name of the protocol also needs to be changed. If his program were an Open Source program, OpenSSH would be considered a fork, and would require a namechange. Of course, in the Open Source world, the distinction between SSH and OpenSSH would be enough.

FRESH has my vote, though, perhaps Liberated Encrypted SHell (LESH) would be better. It's shorter and uses the word 'liberated' instead of 'free'. It does have (un?)fortune associations with letch and lush though. :-)

Re:Or how about "Fresher"?

[lizrd]

Actaully calling it Escher would probably be fine too. The way to keep your users happy is of course to just type in

ln -s escher ssh

and noone will really be the wiser. This is pretty similar to the GNU version of vi which is actually called elvis.
_____________

Re:These idiots HAVE TO BE STOPPED

[cah1]

How about pulling your finger out for a moment and thinking about the situation for a moment. Just one moment, then you can fly off the handle again in a completely unnecessary and humourless way.

The guy creates a product. The guy builds a business around his product. Other people use the product to create a different product of their own.

I don't think he's being unreasonable in the slightest, it seems to me he's actively trying to avoid being too heavy handed.

... and whether or not the CLI would see a change is unclear.

Some Corrections

[mindstrm]

1) He didn't enforce his trademark for the last year and a bit, so as far as the community is concerned 'ssh' is now a common word, not a 'product'. He didn't defend it right away, so he will lose it. That's how Trademark law works. (as opposd to Patent law, where you can selectively enforce it wherever you want, and ignore others)

2) If someone managed to get the recipe for Coca-Cola, they could use it to make another product and market it. The only reason they don't is it's a SECRET, and nobody knows what it is. What they can't do is call it 'coke' or 'coca cola' because that's coke's registered trademark. If they called it 'OpenCocaCola' and it was rather popular and it was 2 years before Coke sued them... coke would probably lose it's trademark.

This has nothing to do with patent.

MEEEEEPT!!!!

[Paulo]

Godwin's Law alert!!!! Godwin's Law alert!!!!

I don't think they understand....

[abdulwahid]

OpenSSH is doing a disservice to the whole Internet security community by lengthing the life cycle of the fundamentally broken SSH1 protocols.

You must be serious...there may have been flaws in the SSH1 protocol but OpenSSH does implement SSH2 protocol also. So what is the problem, SSH1 is just there for backwards compatability.

In reality OpenSSH have done a great service to the community. They have made secure access freely available to the masses. For example, most of the Linux distributions now ship OpenSSH where as they didn't use to ship SSH because of the unfavourable liscense. Furthermore, many of the systems that used to run on the orignal SSH have now moved to using OpenSSH. Basically, I don't think they understand the great service OpenSSH is providing. A great service that they could have provided from the start if they weren't so interested in hoarding everything for themselves.

KNISH

[sulli]

KNISH's Not an Insecure SHell.

Doesn't use the SSH name at all, easy to remember, says it's secure ("Not a Secure Shell" != very confidence building), plus it has that fun GNU style. And you'll always know what to serve at release parties.

Secure Shell are two words in common usage.

[crovira]

While I agree that there might be some confusion, that's because BOTH are at fault for picking such a stupid name for a product.

Secure Shell is a description NOT a name. That's about as dumb as "Word Processor" Corporation or "Raspberry Ice Cream Cake" corporation.

Get your head out of your lawyer's ass adn pick a decent name for your company and your product. The Bozos who pick any Unix-ish perpetuated acronym and stick "Open" in front of it are as deserving of scorn as the original idiots who couldn't type the entire word in the first place.

Hmm.

[mindstrm]

Anyone can apply for trademark and get it. Whether it is enforcable is another thing altogether.

Does not the original license on the ssh code allow for use 'for any purpose?'

IT also states that if the software functions differently from the protocol specified in the rfc's (called ssh1 and ssh2), it should not be called ssh.

That's like saying that as long as it behaves according to the protocols, it can be called ssh.

The protocols are commonly know to the entire internet community as 'ssh'... good luck enforcing that trademark.

Name suggestion: FRESH

[wowbagger]

Any name with "SSH" in it will be an infringing name. Therefor, any new name must not contain "SSH".

I suggest FRESH: Free Remote Encrypted SHell.

1. It covers the fact that it is Free Software.
2. It points out that the primary use is for remote access
3. It points out that the link is encrypted

I make this name available without restriction.

<Off-topic>
Of course, I feel that RMS ought to use the term "liberated software" to avoid the whole "free beer/free speech" issue, but that's another story....
</Off-topic>

Re:Protecting Copyrighted name? I don't think so..

[elegant7x]

Except, that the copyright doesn't protect the use of the name IN another name. Let me give you an example. In my home state, there were a couple of water parks, Magic Waters, and Rageing Waters. Both had Trademarked names. Rageing Waters came first, but had no right to tell Magic Waters to change their name because the use of Waters might make it difficult for people to differentiate them. OpenSSH is A DIFFERENT NAME entirely than SSH IMHO. If SSH's clientelle can't tell the difference, then they are IDIOTS.

First of all, this has absolutly nothing to do with Copyrights. Secondly, "waters' is a regular word, ssh is not. I seriously doubt the other waterpark could have called itself "Magic Raging Watters" or whatever.

Amber Yuan 2k A.D

Some comments

[magi]

It's not clear to me if the letter was just a kind request to the OpenSSH community, or if there's some threat behind it. I hope not, for the sake of SSH Communication's public image.

Although SSH is a trademarked product name, it is also the name of an open protocol. Even Tatu himself uses the name "SSH1" to refer to a protocol version instead of some obscure "IETF SECSH" name, which most people have never heard about.

OpenSSH is a project and software name that clearly indicates that it is not the original product, but an (open and free) implementation of the SSH protocols; at most a derivative product. It is not confusing in any way.

The *SSH suffix probably does have some "advertising value" for OpenSSH, as it also clearly indicates what the software is about, and people can more easily pay attention to it. This may create some competition pressure for SSH Communications. Thus we can understand Tatu's reaction, but it doesn't give him justification to bash the "competitors" unfairly.

I believe that Tatu's decision for opening the original SSH program license and the protocol was a good decision, as it gave the product great publicity and established a wide base of users. The company might not even exist anymore without that decision. OpenSSH still continues to do that service, at least to some degree.

Perhaps the decision has later become a disadvantage that now "causes financial damage" for the company, as it has grown bigger and well-known, and can support itself without the publicity from the free version. So what? What moral (or legal) justification does that change of strategy give for bashing those who still benefit from the old strategy?

I don't know if Tatu has complained to OpenSSH about its name before, but he definitely should have done so as soon as possible, when OpenSSH project was started in 1999. It's hard to believe that he wouldn't have heard about it then. Denying the use of the name later can't be interpreted as much else but unfair bashing. Over a year is a long time in "Internet time".

SSH software has been a great gift for the Internet community, and OpenSSH might not exist without it. We should all be very thankful to Tatu for creating SSH (to a reasonable degree!). If OpenSSH people find it easy to change their name, and want to respect Tatu's wishes, just change it.

What?!

[Danse]

He's not being nice because he's a nice person, he's being nice because he doesn't have a legal leg to stand on.

Care to explain? From what I know of trademark law, he's got a pretty strong case there. He would almost certainly win if it went to court.

anybody home?

[Danse]

This has nothing whatsoever to do with patents. Your post is ridiculous.

No small wonder...

[nezroy]

It's no small wonder that companies and individuals alike don't behave politely in circumstances like this. Mr. Ylonen tried to accomodate the wide use of the SSH name, hoped that it wouldn't interfere with his own business, and when it finally proved to confuse users of his own product, asked nicely that people help him resolve the situation. And for the most part, what do we do? Turn him into a villain. You all need a few more holes drilled in your heads to get out the idiot vapors. You bitch and whine about the corporate lawyers and their complete and utter lack of common sense and common courtesy, but yet refuse to be responsible and mature when someone comes along and behaves EXACTLY like we've all hoped people would regarding copyright and trademark issues. Up until now, we could always blame the lack of cooperation and openness on the mark holders and their stupid demands. This time, it's your fault. Shame on you...

Re:Yeah, but.....

[tuupola]

NAME
ssh - (somewhat) secure CFS shell

SYNOPSIS
ssh directory

I dont actually remember when SSH first came out but the above lines are from CFS (Cryptographic File System) package which includes the ssh program. Sources have the following copyright line: Copyright (c) 1992, 1993, 1994 by AT&T.

If renaming has to be done, I propose...

[Masem]

SONS - SONS is Not SSH

(With apologies to GNU :)

Re:Let's play the name game.

[hattig]

Well, they have already decided to use OpenSecSH for the new name - look at the websites with that name.

There is more to security than encryption. Security at a basic level is authentication (you are who you say you are), validation (you sent what was received) and encryption (no one else could read what you sent).

Other names it could have are "OpenSRSH" for "Open Secure Remote Shell", or why not come up with a good name for once, like microsoft always manage to do? "Secure Terminal Client|Server" just to get one over M$, and it describes what it does very nicely.

We should be good neighbors here.

[Jeff+Mahoney]

Slashdot has become quite accustomed to throwing their arms up in anger, and accusing others of not being good neighbors - but when the time comes for an open source project to be the good neighbor, what happens? We hear shouts of "well, they should have protected their trademark better." Damned if you do, damned if you don't.

Most of the "infringment" stories that Slashdot has seen are of the inflammatory nature. Many of them are projects that have nothing to do with one another, but here we have a different case.

The OpenSSH group is being asked by the project from whom their original code derived, and which group came up with the protocol they're implementing, to change their name. This isn't some monster corporation looking to quash competition. This is a small company which is receiving legitimate confusion about their product due to the success of a free implementation.

And when they ask the free implementation to change their name - the open source community scoffs. IMO, the open source community isn't being a very good neighbor.

Really, what's lost with a name change? Do the executables need to be renamed, thus causing confusion for the user? NO A while ago, when Sun first came out with what is now known as NIS, it was called Yellow Pages (yp). I believe it was British Telecom who held the trademark for the "Yellow Pages" name, and Sun was forced to change the name of their product. Did it cause confusion for the user? Maybe some initially, while people got acclimated to the new name in documentation, etc -- but the utilities, today, over 10 years later, still bear their original names of yp*. An earlier post mentioned other free projects creating symbolic links to the more widely known executable names, such as vim and elvis..

But even further, why must a project's name match the name of their executable? Apache installs httpd, not apached. (Ignoring windows, here). Samba installs [ns]mbd, not sambad. OpenSSH itself, as it is NOW doesn't install "opensshd".

All in all, I think the Open Source community needs to be a good neighbor here. This is more than a case of name usage, this is a case of a coder developing one of the most widely used pieces of software on the 'net. For better or worse, he chose to take it and make money with it, changing his license in the process. Should this negate the fact that the earlier code was out there? That he put the effort in to coming up with the protocol as well? I certainly don't think so.

Really, it doesn't take much effort to change the name of newly released products, and I don't think they're asking to change the millions of installed copies. All that would really be required is a new chosen name, and the registration of an appropriate domain.

Who knows, by being good neighbors, SSH Communications might even foot the bill for it.

If not, email me. I will.

-Jeff

Re:These idiots HAVE TO BE STOPPED

[plague3106]

My only problem with this is that he obviously took a standard unix naming convention and is trying to claim trademark.

sh = shell
bash = Borne Again shell
ksh = Korn Shell
rsh = Remove Shell (hmm...no that couldn't have inspired it..)
ssh = secure shell.

sh is simply unix shorthand for sh, and the few letters before it designate what kind of shell (borne, korn, remove, secure).

What about a OpenSSH disclaimer?

[Myrv]

What if OpenSSH specifically placed a disclaimer in its code stating that OpenSSH was not part of SSH Communications Security? Have a little warning come up each time you run ssh stating it's exact origin. i.e.

• [me@localhost]$ ssh slashdot.com
  Using OpenSSH (see www.openssh.com for support)
  [me@slashdot.com]$

or something. This would help stop some of the confusion since the command for both is 'ssh'. If the OpenSHH version more clearly identified itself as such I don't think there would be a problem.

And finally the main problem I see with this is that SSH has become the defacto protocol name. Just like HTTP, FTP, etc. You don't see CuteFTP complaining that ncftp uses FTP in its name. I don't think SSHCS can either.

Re:the motion of FRESH (my random opinions)

[johnnie]

But, but, but... then Phil would sue you!

one (1) phil-up to the first respondant who gets this.

change the name of program AND the protocol

[Dr.+Awktagon]

The OpenSSH folks should change the name. "Secure Shell" isn't descriptive anyway and that has always annoyed me. It's not a shell!

They should change the name to something remotely similar like SHCP (secure host connection protocol) or SC3 (secure computer-to-computer connection) and then the IETF (or whoever it is) should change the name of the PROTOCOL to match. In other words, completely discontinue use of SSH, including command names, etc.

It's not good to have the protocol name be a trademark.

If the original SSH becomes the odd man out, so to speak, it will quickly be forgotten and the free replacement will prevail.

Slanting the Coverage

[mwdib]

I find it interesting that the descriptive paragraph that introduces this letter describes it as "demanding" the name change. Interesting what a word can do. Viz:

- actually reading the letter doesn't give the impression that the author is "demanding" the name change. He states he is "asking" twice. Yet the comments from slashdot readers are talking about "litigation," "demands," etc.

- The discussion of this letter on Linux Today, where there is no editorial introduction, just the text of the letter, is far more reasoned and moderate.

- Gee, he contacted the developers and they did not address the issue. Did he immediately sue? Nope. Is this a cease and desist order? Nope. Is this a demand . . . I hardly think so and I doubt that it deserves the characterizations it is receiving in some of these posts.

I think this points out what journalists know and some have yet to learn: the description of the content is as - or even more significant - than the content itself.

You are right..

[mindstrm]

in that he seems to have been 'lenient'. Unfortunately, in trademark law, you CAN'T be.

If you don't enforce your mark, you lose it. If you allow it to come into common use by others, and don't defend it at all, then you can't come back later when you think it's a threat and try to enforce it. It's not like Patents, that can be selectively enforced.

If he admits he originally left them alone, *even though they were in violation of his mark*, then he can't come back later and enforce it, period. It won't hold up in court.

I don't think they have much of a case.

[gfxguy]

I don't think they have much of a case, as "secure shell" is more of a description than a name. It's a shell, it's got security measures, what else can you call it?

It's not the OpenSSH developers fault people confuse OpenSSH with another (if original) variety of SSH.

I think back to the recent interview with the creator of the Korn shell. It's his name, for crying out loud, and I didn't see or hear about him complaining that people actually used the letters "ksh".

Or is this just another case of a company not meeting expectations, so let's try to befuddle competition with legal threats, and maybe while they're busy changing the name, and all the documentation, and all the code, and dealing with the FUD about their implementation, we can gain some marketshare?
----------

Re:OH Yeah, this makes PERFECT sense...

[Dr.Dubious+DDQ]

2. 'SSH'(*R), three capital versions of the ROMAN alphabet, copyright circa 400 BC

Fortunately, this one isn't much of an issue. Even under American copyright law, the copyright on the Roman alphabet should be expiring within a few more years (especially since the original Romans don't have any lobbyists)... :-)

---
"They have strategic air commands, nuclear submarines, and John Wayne. We have this"