The ssh vs. OpenSSH Trademark Battle, Next Round

If you are following the flap over the use of the letters Ess, Ess and Aitch in product names -- SSH Communications Security Corporation has asked the OpenSSH project to stop using those letters in the name of their software -- a story on NewsForge adds more details. If you didn't catch it then, here's yesterday's NewsForge article as well. Good thing nobody is enforcing a trademark on "telnet," eh?

My favorite tidbit from the article is this: "[OpenBSD and OpenSSH Developer Theo] de Raadt cites U.S. trademark law that requires owners of trademarks to notify violators immediately ... de Raadt argues that Ylönen would have to be living under a rock not to be aware of OpenSSH before now. OpenSSH, released in December 1999 and in use before that, was used by more than 17% of all SSH users earlier this month, according to a study published on the University of Alberta Web site." Besides that, the story does a great job of listing other people whose products including "SSH" in their names have been left blissfully alone, making it seem that OpenSSH is getting what can only be called special treatment.

Of interest: here is a link to a page at openssh.com showing the legal papers received and scanned by members of the OpenSSH project, including the trademark application in question, showing an entirely lowercased "ssh" as the applied-for mark.

You think this is funny?

[Anoriymous+Coward]

Intel already has a trademark on the letter I. Seriously. I'm sure many of the other 25 are already taken, too.

Re:You think this is funny?

[plover]

Well, C is for cookie.
That's good enough for me!

John

How about unfair corporate use?

[magi]

IANAL, but... It may be that SSHCS's behaviour isn't only about bashing free software competition, but also about preventing possible corporate hijacking of the product and company name. Imagine what might happen if they didn't try to enforce the trademark. Some company in USA or elsewhere might register itself as "SSH Communications Services", and start advertising and selling their own security product called "SSH". That product could be different, strictly closed and incompatible with SSH standards. If there's some international law that prevents exactly same company name, just choose "SSH Communications International" or just "SSH inc."

I'm not sure if such hijacking is legally possible, or worthwhile, but it would really be unfair and damaging to SSHCS, or any company, which is why we have the trademark laws. This may be one reason why they may have to enforce it.

The reaction of SSH Communications Services may thus be quite understandable and acceptable. But that doesn't of course negate the fact that Tatu and SSHCS made a legally fatal mistake in giving the protocol, the free version of the product, the commercial version, and the company the same name.

Re:How about unfair corporate use?

[demon]

Well, Tatu also made the mistake of waiting a very long time to finally attempt to enforce his trademark (US trademarks are based on a concept of self-enforcement - you want it? It's your job to police its use, then). He also is making the mistak of selective enforcement. Other projects are using the 'ssh' term as part of their name, and aren't being bothered - you can't just enforce a trademark against someone you happen to not like, you must enforce it universally.

Also, lest we forget, the ssh 1.2.12 LICENCE file gives permission to use the term 'ssh' as part of the name of a derivative of his code, as long as it maintains compatibility.

As others have said, Tatu can go piss up a rope. He's put himself in a tight quandary, and now he wants to change the rules. He can't do that.
_____

bad company

[Dukhat]

I think the trademark dispute of SSH in the OpenSSH name is rediculous.

Just to show how much more understanding and reasonable all the other big corporations are, I'm going to introduce the products:

OpenKleenex
OpenJello
OpenSPAM

Re:A name...

[psykelus]

i'm voting fer :

0p3N55h3Z 4-3v3R!

Re:What about trademarking other things like this?

[nrftwicked]

When a trademark is diluted, you legally loose your trademark (Kleenex and Xerox are the textbook examples). Don't stab him in the back for supporting open source by taking away his brand name, which was a major marketing investment.

I think its too late for that... the trademark has already been sufficiently diluted - I started using OpenSSH about 4 months ago, and I had never even heard of the company until this article.

Re:I like Theo, but that was the wrong thing to do

[alexhmit01]

I don't see anything in there giving authorization of the Trademark...

If you're not compatible, you can't use the name.

That doesn't mean you can use the registered mark. When that was done, there was no registered mark. The Mark is owned by a corporation (founded by this gentlemen, not that it's terribly relevant), and can't be appropriated without authorization.

For example, if I write some code, call my program Microsoft, and say in my license that you may use the name Microsoft in referring to my code, you aren't authorized to use it.

That is hardly a license to a Trademark issued two years after that was written.

The author of the original software asked you not to use the name ssh or Secure Shell if they are incompatible. That is a contractual agreement as part of a license.

The company is using the Trademark SSH to refer to their company and software. When you used that license, you contracted to not name is SSH if it is not compatible. That has NO bearing on the trademark.

Re:What about trademarking other things like this?

[PatientZero]

Kleenex and Xerox are the textbook examples.

Ah, but Kleenex(tm) is the mark and tissue is the descriptive word. I can not trademark Tissue brand tissues and start making everyone else change their names. Likewise, doesn't secure shell describe the tool, rather than name it?

Now that I look at their product page, I see that SSH Communications Security sells a product named SSH (r) Secure Shell(tm) that implements "the SSH protocol, the de-facto standard for encrypted terminal connections on the Internet." It's an encrypted terminal connection. Encryption is used to make things secure, and you typically use a terminal connection for a shell.

Is secure shell a reasonable synonym for encrypted terminal connection? It's certainly easier to say, and securing the terminal is the real goal -- encrypting it is merely the means.

Anyway, naming the company after the unix command seemed dubious. Apparently NetManage bought FTP Software. Was FTP Software going after the other FTP client and server software vendors? WS FTP, CureFTP, WarFTP ...

Ciao PatientZero

Re:Compromise

[gbgbgbg]

compromise... fuck that... lets call up Vince McMahon of the motherfucking WWF and XFL... we'll get Ylonen in one corner, and de Raalt in the other, and let the two of 'em bitch-slap each other on pay-per-view. All the proceedes can go to the US Patent and Trademark Office, since their lack of funding is quite apparent. If we charge admission to the arena, that money should go to all the fucking "starving" lawyers who have nothing better to do than bring trivial lawsuits to court.

Re:secshell

[eightball]

does it matter?

If they lose in court it will be because of this delay.

Considering some of the more rabid trademark enforcers and the /. response... I'd have to say it would roll with the punches, along with a lot of name calling. BUT, they wouldn't ignore it as it seems Tatu has been ignoring OpenSSH.

Re:Et Tu Slashdot

[Throw+Away+Account]

Ylönen gave permission to use "ssh" to describe derivatives of his program that conformed to the RFC in the license that accompanied version from which OpenSSH is derived. Now, years later, he's decided he wants to retract it.

If his permission to use "ssh" is revocable, arguably so are any other parts of his license -- including the permission to use the code in derivative works. Rolling over on the name could be used in court as evidence that the OpenSSH crew agreed that the license is revocable -- in which case he can next eliminate the whole OpenSSH project, whatever its name. Ooops...

"Typed Drawing" vs "Word Mark"

[AlphaOne]

I'm not a lawyer, but it appears that SSH Communications Security applied for two different marks, one a "Word Mark" and one a "Typed Drawing". The word mark registration does not include a picture and is abandoned. The typed drawing, however, includes a picture and is live.

I may be reading into this too much, but it seems to me that a word mark is the word "ssh" and a typed drawing is the specific presentation of "ssh" in the stylized way illustrated in the picture. Much like the words "Coka Cola" and the stylized cursive "Coka Cola" are separate registered marks.

Since OpenSSH is not using the stylized "ssh" anywhere, there can be no confusion between the marks.

If we really wanted to be picky, Fairchild Industries owns the word mark "ssh" for some sort of injection molding temperature control.
--

Re:Not only is this dumb...

[gbgbgbg]

Not to mention that in Florida there is nothing to prevent a bunch of dumbasses from voting, becoming governor, becoming the state attorney general, whatever.

Re:Compromise

A man who worked hard to get widespread usage of a protocol by making it freely available is now trying to stuff the shit back in the horse. Sorry it doesn't work that way.

Well, at least, it shouldn't work that way. Fraunhofer is doing the exact same thing with mp3. The problem is that there needs to be a distinct line drawn between specifications and products. You shouldn't be able to trademark a specification (such as the SSH protocol).

Re:Are these words also banned?

[gbgbgbg]

you have got to be the funniest, most clever motherfucker that there has ever been.

please die.
soon.
really
I'm not kidding.

No shit, I already said this YESTERDAY ;-)

[UnknownSoldier]

OpenSSH needs to take a lesson from Mesa & OpenGL

lets not have a double standard

[deft]

I've had a rely to my post saying that it was dirty of SSH to wait as long as it did to enforce its trademark (my post says theres no expiration on the right to prosecute, there shouldnt be, and openSSH should have known better.)

To say SSH is dirty for waiting is like saying that the recent DirectTV tactic of letting everyone clone their chips over and over without a word, and then destroying them all in one genious swoop, was dirty.

Sorry, they knew it was wrong, they got the benefit of instant recognition at the beginning by using SSH's name, and now they have to deal with it. If they were a bunch of idiots, I'd be sad, but they got their early recognition on the back of the name brand, and now it doesn't matter if they are great...the real name holders want them off their backs.

I say it's their right.

Re:lets not have a double standard

[mheckaman]

As one of those people who was burned by DTV in that little ambush, I have to agree that it was a fairly brilliant attack that most of us, as much as we hate to admit it, respected. OTOH, what we're doing is *NOT* in violation of *ANY* Canadian law, so I'd question their ability to legally damage our equipment, but who has the money to argue that?

Matt

Re:lets not have a double standard

[Chris+Burke]

(my post says theres no expiration on the right to prosecute, there shouldnt be, and openSSH should have known better.)

There is, there should be, and they did based on what was true at the time.

There is an expiration on the time to prosecute, and their very well should be. Statute of limitations exist for many things. Generally the idea is you have to decide _now_ if something pisses you off enough to sue, not wait until 10 years down the road when your company isn't doing so hot and needs some extra loot. If someone has a trademark, they have to defend it. Waiting until someone else has established their own name and then trying to take them down is not only dirty, it flies in the face of the law.

When OpenSSH started, they believed they were ok to use that name. So they only thing they could have "known better" was to know that once their product started to steal market share from ssh, SSH would turn on them.

And lastly, how exactly would this be SSH getting their name back? Have they been unable to use it in the interim? No. Is OpenSSH the same as SSH? No. Can you attack anyone whose name contains part of yours? Maybe if WIPO is presiding, but not in US law. I can name my application "Something Explorer" without being sued by MS.

Yes, OpenSSH used the ssh name, but only in the sense that the name OpenSSH accurately describes what it is and does. I can see the name and say "ah! an open implementation of ssh. much preferable to that closed source garbage." So the gains made by OpenSSH were as much because of conscious decisions as name similarity. It's not like releasing a soft drink in a red can named Coca-Cola, where people think your product is the same. It's more like releasing a product called "Generic Cola" in a red can -- people can quickly figure out that it is supposed to be like Coke, but is cheaper. If Coke really does taste better than Generic Cola, then people will still buy Coke. If not, then that's Coke's problem, not an invitation for their lawyers to try to shut down Generic Inc.

Side note: if SSH really wanted to have a distinct name to build a brand around, they shouldn't have just used the "single-letter abbreviations for what my shell is, followed by sh" naming convention. If I were to decide, that right there would lead me to rule that their trademark was unenforceable.

Re:lets not have a double standard

[StenD]

To say SSH is dirty for waiting is like saying that the recent DirectTV tactic of letting everyone clone their chips over and over without a word, and then destroying them all in one genious swoop, was dirty.

DirecTV didn't. If you actually read any of the articles about the DirecTV situation, they note that this has been an ongoing battle between DirecTV and the hackers. SSH laid an ambush for the OpenSSH project, and US trademark law, at least, doesn't allow for that.

Re:lets not have a double standard

[darkonc]

No. The fact that you didn't see it coming doesn't necessarily mean that it's unfair. Those are two separate issures. DirectTV has been waging a running gunbattle with the users of 'unauthorized' cards for a long time. Ther mass card-fry was simply a successful ambush.

As much sympathy as I may have for the people hacking the cards, I have to applaud the mass card burn as a brilliant stroke in an ongoing battle. I think that I would have (grudgingly) applauded it even if I was one of the people who got burnt by the move.
--

Sounds like a mugging.

[mortonda]

Listen to the last sentence - "It would be shame if this issue escalated to something that damages everyone." That sounds like a mugger holding a knife to your throat saying, "Do what I say and no gets hurt."

Too late... much too late.

Question

[fluxrad]

Have they sued the makers of all *nix OSes yet for putting infringing statements in places like:

/etc/services


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

Re:Et Tu Slashdot

[eightball]

What a coincidence. I was thinking almost the same thing:
SSH Corp will earn my disdain if they don't make an offer to these freely offered products (maybe a license w/ a small one time fee (paid by supporters)), along with an agreement to put disclaimers on site, in docs, etc..

Also, the command line is another world. This has nothing to do with trademarks. If everybody's implementation had to use a different name, it would be confusing as hell. (gnuls kinda takes the beauty out of unix) Sym-link shim-link, it is the same thing. So what if the administrator makes the link, and the administrator does not implement it with a wrapper script that shouts at users when they use ssh that:
YOU ARE NOT USING SSH CORP BRAND SSH PRODUCTS, SO GET USED TO IT!!!!
In these cases the basis for your suggestion goes out the window, the same 'confusion' exists.

What bristles me most about this is that 'ssh' is a common name now. Almost nobody says 'So with this service, I get SecSH with it, right?' (not 'secure shell' because that is Tatu's next baby).
So, when ever someone will talk of 'sshing' I will think of how SSH Corp allowed the name to become common, then struck their most able opponent.

A company I am associated with uses F-Secure SSH. F-Secure pays their taxes, but otherwise their product acts in the same ways as OpenSSH. It works and it uses the standard naming convention for the binaries (using symlinks for ssh, but as I mentioned above, it doesn't matter whether you are executing a binary or following a symlink to a binary, it is the same effect). By your standards F-Secure is diluting the ssh mark. The only way to tell F-Secure and OpenSSH (and SSH Corp if they still matter (just kidding, jeez)) is to telnet to the port or with the '-V' flag. Then it is clear what you are using.

Re:Et Tu Slashdot

[rgmoore]

Maybe because Ylönen is actually in the same boat as Bezos, et. al. He submitted ssh as an open standard, which was upstanding of him. Then he turned around and tried to trademark the name of the open standard. Now he's decided that OpenSSH is taking too much of his business, and he's trying to shut them down by preventing them from using the name of the protocol in their program name.

Quite frankly, OpenSSH is not confusingly similar to ssh, or even SSH. Trying to sue them for trademark infringement (while simultaneously letting anyone else using ssh or SSH in their name slide by) is just slimy business practice. Why doesn't Ylönen just do what's right and try to compete on the basis of quality of software, not by using questionable legal tactics to try to run them out of business?

Re:I like Theo, but that was the wrong thing to do

[nobody/incognito]

> Tatu is trying to be nice.

i don't think it's very nice to let the stench of profits make you reverse course after several years of cooperation with the open source community, and then sic your lawyers on the very open source developers cooperating with you.

> Theo is being an asshole

i don't think an asshole would have responded privately to tatu's legal threats saying, basically, "let's work this out privately because going public will make you look like an asshole." which is what theo said.

theo comes out of this looking like a hero, which is basically what he is.

nobody

Not only is this dumb...

[tomcrooze]

But this is total BS. These trademark wars have been getting rather out of hand.

Case-in-hand. Here in Tampa, Florida, there's a company called "Duron Paints." Now, if Duron was a registered trademark before AMD even conceived of the chip by the same name, Duron Paints can sue AMD, and cause AMD to rename their Duron line. In reality, neither company knows the other exists, so what's the problem?

Both organizations probably wouldn't get mixed up very easily, and neither side is even in the same catagory.

The fact that these 2 companies are baking on 3 letters is ridiculous. What if I've made a certain generic... minidisc caleld "AMD" for American MiniDisc Corporation before AMD the chip company was even incorporated? Can I sue AMD and make them change their company name?

Like children fighting over toy blocks...

Re:Not only is this dumb...

[BloodyWanker]

And lets not forget that wonderful fortified wine sold as Cisco, hell I drank that stuff long before I heard of any Cisco on Tasman Drive in San Jose. Although the Cisco wine tends to throw your brain in a routing loop, wonder if that would qualify as competition?

Re:Not only is this dumb...

[the+eric+conspiracy]

"Duron Paints." Now, if Duron was a registered trademark before AMD even conceived of the chip by the same name, Duron Paints can sue AMD, and cause AMD to rename their Duron line.

Nah. Trademark law provides for unrelated products to be sold under the same trademark without infringement.


MOVE 'ZIG'.

Re:Not only is this dumb...

[Enigma2175]

Duron Paints cannot sue AMD because they are in seperate markets. Trademark law allows for the same name if the product is different. Nobody is going to confuse paint for processors. In Russia they take this to a further extreme, and you end up with things like McDonalds shirts and Microsoft Beer.


Enigma

Re:Not only is this dumb...

[demon]

Umm. That'd be Sysco Foods. Not even the same spelling.
_____

Re:Not only is this dumb...

[IIH]

Nah. Trademark law provides for unrelated products to be sold under the same trademark without infringement.

No, this is not always true, see the case of Visa condoms being denied, even though it's nothing to do with credit cards.
--

Re:Not only is this dumb...

[Enigma2175]

Thought I would provide a link for this. BTW, I was mistaken, it's not Microsoft Beer, it's Windows 99 beer :)


Enigma

Re:Not only is this dumb...

[bradipo]

Here in the States (and maybe elsewhere) there is a food company called Cisco. Haven't ever heard of any compliants bye the technology company...

Throwing out the baby with the bath water...

[vizshun67]

This episode reminds me of the early conflict between ARC (from seaware?) and ZIP (Katz&Co./PKware).

It was the classic battle of What's in a name?

Once upon a time in a galaxy far, far, away when BBSes were the primary means in which the computer community communicated its data and ideas, there was a compression standard known by its .3 extension ARC... Simply put: it was the DOS .tgz of its time and everyone that frequented BBSes used it.

As a result, a company called Seaware sold a lot of copies of their compression/decompression utility also called ARC...

Well along came an inventive programmer named Phil Katz who developed a compression/decompression utilty that was compatible with ARC. Its primary feature was that it yielded slightly faster decompression times than the original Seaware product. (I believe that he originally called it PKARC.)

Needless to say, Seaware sued him over the use of the letters A-R-C (I guess 3 IS a magic number) making a lot of the same kind of claims that SSH Inc. is making. They went around and around about it until FINALLY Katz changed his utility to PKZIP and the entensions produced by his utility to .ZIP.

The problem was that in the process of protecting a quick buck, Seaware Inc. offended their user base. 'Sysops' RAN away from their commercial offerings to support Katz. Besides that, PKARC was already faster than ARC. As it all turned out, once freed from ARC, Katz went on to improve his product offer better compression and nifty features like self extraction. Now only a few even REMEMBER Seaware let alone ARC.

HERE'S THE POINT:

By maintaining the term 'ssh' as the name of a protocol as opposed to a product, SSH Inc. can probably better maintain the synergy between the two efforts. The alternative is that the OpenSSH product changes its name, goes off in a different direction and becomes its own standard much like PKWare's PKZIP did to Seaware's ARC or even GNU's gzip did to the proprietary compression format used for 'compress' and its.Z files.

Yeah, SSH Inc. could use its LAWYERS to press their point, but the fact remains that in a nontrivial way, the term OpenSSH is an ADVERTISEMENT for SSH Inc. People looking for free/low-cost solutions will find them anyway. By maintaining the positive association between the efforts, it gives SSH Inc. the room and credibility to offer the kinds of services and support that an open source project CAN'T offer to its user base.

One day, software companies may learn that LAWYERS are NOT the way to get your point across to the computing community. If anything, they probably CREATE the MOTIVATION to IGNITE its CREATIVITY. There are better ways to handle this situation and I feel that SSH addressing its own LACK OF CREATIVITY in naming their products wouldn't be a bad thing to consider.

SECURELink
CRYPTLink
SECUREConnect

There are all sorts of possibilities that do not require them to throw the baby out with the bath water.

What if it were Linux

[Keepiru]

I wonder, how would we all feel if it were Linus sending out a C&D for someone misusing the term Linux. Would we still be on the side of trademarks are bad? There is no doubt a lot of confusion here, it's not that hard to rename it.

Encrypted shell (esh)
trusted Shell (tsh)
secure telnet (stn) which btw, is more accurate, as it's not really a shell.


Get involved

Re:What if it were Linux

[Saint+Nobody]

he's done that. there was a story on slashdot a while ago about it, but it would be a horrendous pain in the ass about it. basically, linus has no problem with use of the lunix trademark as long as it's done in good faith. but when somebody registered a bunch of linux-related domain names so he could sell them, linus threatened action, and the guy backed down.

note: that's how i remember it. i could be on crack.

Re:What if it were Linux

[StenD]

I wonder, how would we all feel if it were Linus sending out a C&D for someone misusing the term Linux.

You are aware of why Linus holds a registered trademark on the term Linux (as applied to computer operating systems), right?

Would we still be on the side of trademarks are bad?

Who is on the side of "trademarks are bad"? We're on the side of "selective enforcement of trademarks are bad, and most likely invalid".

There is no doubt a lot of confusion here, it's not that hard to rename it

No, it isn't, and had Ylönen requested that the OpenSSH project change its name near the beginning, and been requiring that other SSH impementations that he knew of change their names, I at least wouldn't be objecting to this. By singling out OpenSSH for this treatment, springing this upon them (apparently) more than a year after OpenSSH was started (with much controversy over the domain names, if you will recall - this wasn't a stealth project), and assisting with the development of other SSH implementations without requiring that their names be changed, he created this situation.

Re:What if it were Linux

[tordia]

I'm partial to SheeSH...

...as in enough already!

Re:What if it were Linux

[pi_rules]

You mean.. what would Linus do if somebody were so outrageous to name their products something like:
Slackware Linux
Redhat Linux
Debian GNU/Linux
... yadda yadda. It _is_ Linux just like OpenSSH _is_ SSH. OpenSSH is giving credit to the SSH protocol just like Linux distributions are giving credit to the Linux kernel. If the original creators of SSH want their implementation to stand out above the crowd then they simply need a more distinctive name:
OfficialSSH
NotTotallyFreeSSH
UseTheLettersEssEssAcheAndWeComplain
... pick your flavor :)

I admit, SSH has a reason to protect their trademark, but to use an overused analogy it's like Ford tradmarking "automobile" here.

Shoot, lets take the most "evil of evil" in the Slahdot realm: Microsoft.
Is anybody slamming then because they named their database "SQL Server"? Doesn't somebody out their own "SQL"?. Nobody has that I know of. IIS? "Internet Information Server"? IIS isn't the real "Internet" so how do they get away with it?

If your customers are so darned stupid they don't know the difference then it boils down to one of two things:
1) They're idiots.. you don't want to support them anyway (harsh, but hey, I'm a coder)
2) You don't provide any value over the competition anyway so get your poop in a group.

Justin Buist

Re:What if it were Linux

[CU-Ballistic]

Your sig links to a site called openadvocacy.net. How would you feel if the owners of advocacy.net brought a trademark suit against you for your use of their name in your domain name? I'm sure you would cry foul, and post to slashdot about how big business is killing the smaller guys. It's very easy to say that it is 'easy' to change the name of OpenSSH, but is it justified? I am not going to speculate on whether or not it is indeed the right thing to do, I just thought I would offer my two bits.
-

FTP and FTQ too!

[SimHacker]

FTP Software never sued anybody over the File Transfer Program they named themselves after. Probably because the use of the initials FTP goes way back before the history of computers, popularized by graphiti artists as an abbreviation for "Fuck The Police", often used alongside FTQ for "Fuck The Queen". -Don

Re:FTP and FTQ too!

[SimHacker]

Good heavens! My head is throbbing in sympathy.

-Don

Re:FTP and FTQ too!

[SimHacker]

Doh! FTP originally stood for Fuck The Pope, not Fuck The Police. (I got it confused with an NWA song...) Fucking the Pope is a much better idea than Fucking the Police, since he needs it a lot more, and doesn't fuck back as hard.

-Don

Re:Read Yesterday's Article...

[Amokscience]

You might be infringing on someone elses *EXISTING* project.

http://slashdot.org/comments.pl?sid=01/02/14/112 02 47&cid=167

and

http://freshmeat.net/projects/fressh/

Re:Et Tu Slashdot

[CyberKnet]

Actually, read the license again. It simply does not deny them permission. It doesnt specifically grant any rights other than to use the code.

---

Re:Et Tu Slashdot

[interiot]

It's only legal weasling if a law is being used contrary to its original intent.

But this part of the law was created for exactly this case... when a trademark owner allows others to invest a large amount of time and/or money into an infringing mark without their knowledge of infringement, and then tries to pull the rug out from everyone at exactly the worst time.
--

SeSH?

[Stephen+Samuel]

Perhaps we could move to OpenSeSH? In a lot of ways, it's almost more descriptive, since the protocol, and the application allow Secure Sessions, more than simple secure shells (eg: scp and SSH-based X-sessions). The name would also point to the use of the SSH protocol (which is not trademarked -- only the application).

The concept of trademarking an application name so close to a standard protocl name is, at best, silly. On the other hand, I don't think that it's worth starting a big fight over. There are far better things to put our energy/ time/ money into.
--

Re:SeSH?

[Black+Parrot]

How 'bout SHEESH. It describes the way a lot of people feel about this, and it shouldn't be too hard to reverse engineer a name to fit the acronym.

--

Re:Et Tu Slashdot

[f5426]

> gnuls kinda takes the beauty out of unix

I sorta disagree. gcc was not named cc. gnutar was not named tar. They don't have to name their program ssh. RMS would say that they should do things as differently as possible, and provide a --traditional for inter-operability (Btw, I would love hearing what Theo would say if RMS tried to tell himn what to do :-) ).

Sure gnuls would be ridiculous, so my example isn't worth much. Even apache is named httpd, so...

> By your standards F-Secure is diluting the ssh mark

Frankly, I don't know. I was just saying that *I* often confused ssh and openssh, and that *I* would have zero problem using asfkaos (A Shell Formelly Known As OpenSHH) as it would help me to stay away from ssh(tm) products.

OTOH, maybe you are right, and ssh corp should be told to f*ck themselves...

Cheers,

--fred

It's a suite of products, people!

[NevDull]

Wake the fuck up if you're on here bitching that SSH isn't a shell.

"ssh" is a secure replacement for rsh, "slogin" is a secure replacement for rlogin, and "scp" for rcp.

rsh was for remote shell, ssh is for secure shell.

That's why, so if you think you're cool and are allowed to speak just because you popped a RedHat CD into your Packard Bell, please reformat, reload windows, and don't come back.

Thank you.

-Nev

He's being "nice", but...

[darial]

..but the reality is that he's selectivly enforcing his invalid trademark (check the trademark db if you don't believe me). And he's doing this enforcement against the product that's **gasp** putting him out of business. If he really wanted to protect the (tm), he would need to go after:

O SSH
TTSSH
NiftySSH
MacSSH
Java-SSH
TGssh
sshCE
An OpenVSM project called just SSH
SSH-OS2
...

and, well, you get the point. He's just going after OpenSSH because they're beating him in the market. And not only does he have no legal leg to stand on, but he's being a real slime by only going after the successfull one. Theo would be right to tell hime where to stick his lawyers.

Re:Et Tu Slashdot

Even IBM's trademarks aren't on the three letters IBM, but on specific color combinations and fonts for their famous corporate logo. False, wrong, bzzzt.

Did you (a) make this up, (b) just guess that this is correct, or (c) lie?

You go ahead and try to sell computer products using the initials IBM. Pick your own colors and fonts. Stand back and wait for the (successful) lawsuits.

Re:Et Tu Slashdot

[Art+Tatum]

Of course, he also has a trademark on it. The question is: when did he acquire the trademark?

Re:Is this a troll?

[Stu+Charlton]

A Copyright license effectively will have little to do with a trademark. IANAL. Chances are they're in the right to enforce it.

Whether they waited too long is what I'm interested in hearing from the courts.

In theory....

[Daltorak]

Dear Gerald R. Ford,:

We represent Ford Motor Company in intellectual property matters. We are writing to you regarding your unauthorized use of our client's "Ford(tm)" trademark.

As you know, Ford Motor Company produces and sells low-quality automobiles and trucks, and provides related services in the U.S.A. and internationally. Ford Motor Company is the owner of the mark (Ford) in the U.S. and other countries, and also owns domain names such as "ford.com", "ford.ca", "ford.co.uk", and "ford.de". Enclosed is a copy of U.S patent number 75799920 for your convenience and information.

We have become aware that you are using the mark "Ford" in connection with personal identification, family members, business associations and matters pertaining to your presidency of the United States of America. We also note that you have made use of the mark "Ford" when making personal acquaintences, making speeches, and when subscribing to magazines.

In view of Ford Motor Company's widespread use of its (Ford) mark in many countries around the world, any unauthorized use of the (Ford) mark causes Ford Motor Company great concern. In particular, such use may falsely suggest that political science students and professors, newspaper editorialists, and historians may use the Ford trademark in a manner which could dilute, tarnish and degrade the image associated with our client's (Ford) mark.

We request that you cease all use of (Ford), including "Gerald R. Ford", "President Ford", and "Mr. Ford", and/or any name, mark or logo which is confusingly or deceptively similar. In particular, we request that you stop using (Ford) in any form, as part of your name, your family's name, and/or in any verbal or written communication with other people, and take all steps necessary to have your name removed from any texts and material containing the name "Gerald R. Ford".

Please confirm in writing by February 9, 2001, that you, on behalf of yourself, your family, and history in general, will agree to this request.

Your cooperation is anticipated and appreciated.

Sincerely,

Re:Skipping to the meat of the letter:

[Trepalium]

This part, however, goes too far:

This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

This is prior restraint and flies in the face of the first amendment. SSH Communications Security owns the trademark on "SSH" in the realm of client-server protocols, that does not give it the right to bully openssh about their domain name.

WIPO would probably disagree. Based on their track record for deciding in favor of trademark and other rich people's favor when deciding on domain name disputes, I'd say that the OpenSSH group would probably lose all their domain names. I don't believe that OpenSSH could really win against SSH, because their case is valid, no matter how little those involved like it. The fact that the company, protocol and program all share the same name really doesn't help, and is really poor form. Short of hoping for everyone to agree to rename the protocol, I see little or no resolution to this.

I've Got Bad News

[masq]

Bill Gates just called me about something he found on my HD called X-Windows. If anybody can contribute, I think I might owe him $100 million.

And the Apple guys didn't like what was in my lunch today.

It's Pizza and OS/2 from now on.

Re:Et Tu Slashdot

[BJH]

You're confusing SSH (the implementation) with SSH (the standard).

Last license I buy from SSH Inc.

[malice95]

I really hate it when a company picks on a simple
opensource project with a very good stance on why it did and should continue to use the name OpenSSH. I was planning on rolling out SSH this summer to over 800 desktops/servers. I guess I will be DEFINATLY going with OpenSSH in light of these developments.

Re:Et Tu Slashdot

[StenD]

Maybe because Ylönen is actually in the same boat as Bezos, et. al. He submitted ssh as an open standard, which was upstanding of him. Then he turned around and tried to trademark the name of the open standard. Now he's decided that OpenSSH is taking too much of his business, and he's trying to shut them down by preventing them from using the name of the protocol in their program name.

More similarly, he's in the same boat as Sun, but without the forthrightness. At least Sun established a trademark, and actively enforced it, before they submitted it to multiple standards bodies as an 'open' standard. Even then, the standards bodies balked at allowing a major company like Sun to hold a trademark on, and control of, a standard which they issued. I'm not sure why Ylönen thinks that the IETF is going to swallow his company sandbagging them like this.

Re:Et Tu Slashdot

In other words

that kid left his candy on the table and didn't pay attention to it. there is nothing illegal about taking the kid's candy, since it was clearly abandoned. ummm. let's enjoy the candy.

nothing in his license forfeited or otherwise abandoned the SSH name. I have reviewed my copy of his license (1.2.27). I see no forfeiture. if you believe that he did, please post relevant info.

SecT

[wroot]

SecT = Secure Telnet
(I saw other people suggest Secure Telnet, just didn't see SecT yet) It's a word, it's easy to remember and it doesn't contain "Open", which kind of contradicts "secure".

Also,
SeCT = Secure ConnecT

Wroot

Re:SecT

[hammock]

What about SaSHa, following the SaMBa naming system.
They couldn't call Samba "SMB Server" because someone else had that name, so the dictionary said "samba" or "salmonberry".

A name...

[djrogers]

I think they should follow samba's example, and make a word out of it.... My vote is for SaSHay.

Re:A name...

[BobNET]

My vote is for SaSHay.

What about SlaSHdot?

Re:A name...

[adric]

And they could codename it "Butthead Cryptographer"! (-:
--

Re:A name...

[Inti]

I vote for SeaSHell
---
Claim your namespace.

Re:A name...

[NoseyNick]

antidiSestabliSHmentarianism?
miSSHapen?

Re:A name...

[sharkey]

How about: So Shit Happens

--

Re:A name...

[GrenDel+Fuego]

But there's already C-shell, which sounds identical

Re:A name...

[gnudutch]

I like OpenShuSH.

Would OpenSsssSH be acceptable too?

I like Theo, but that was the wrong thing to do...

[alexhmit01]

The statement that the mark wasn't enforced was the WRONG tack to take.

Good job. We have now taken the position to the outside world of being total assholes.

The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.

Now, this is totally absurd.

He didn't bully, DON'T use that against him. The arguement that he didn't bring it up until confusion happened may be legally correct, but now sets the horrible precedent that Open Source groups will be as shady as possible, and if you give them an inch, they'll take a mile.

Notice something, the original license (if anything tells people not to be nice and release their source code, this is the example, that was hardly a license, more of a nice gesture) allowed you to call your application ssh.

That's irrelevant.

OpenSSH could be renamed, OpenSecSH, which would be an open implementation of the SecSH protocol, which is the name of the working group. The FILE could still be called ssh/sshd.

SAMBA couldn't call itself SMB, confusion reasons, but the applications use SMB (like, smbd).

However, you can be polite, compile as osecsh and osecshd and include a symlink (automatically, but prompted) for ssh and sshd, so if you have both implementations, you can decide which one you want.

However, if the Open Source community insists on fighting on the Trademark grounds, we're in the wrong.

You can dispute the merits of Software Patents.
You can dispute the merits of long copyright terms.
You can dispute the merits of copyrights in general.

You can't dispute the merits of Trademarks.

Trademarks are the only thing that prevents confusion in the marketplace. If people are confused and think that OpenSSH is from SSH, then there is a legitamate issue.

Also, I don't think you're going to win on the enforcement. One year or so is reasonable, given that OpenSSH has minimal press coverage, etc. I think that it would be EASY for SSH to show that they found out about it, saw a problem, and then asked them to fix it.

Theo, you're going to lose, and you're being a bastard. He hasn't demanded that you stop making a version of SSH, just that you not use his product name.

Theo, I'm an OpenBSD user. I love OpenBSD. I love OpenSSH. You're in the wrong here... VERY WRONG.

Alex

Et Tu Slashdot

When it comes to Microsoft, Jeff Bezos, et al, Slashdot cries out in unison, "why don't you do what's right, not just what's legally allowed."

Now it's open sources' turn. The right thing to do is honor the wishes of the guy who created SSH, the guy who made SSH available to you (albeit with a license you didn't like), and the guy who still tries to make a living from his hard work.

Give up the conflicting name. Not because you have to. Because it's the right thing to do.

Re:Et Tu Slashdot

[Inti]

No way. The author released the code years ago under a license that pretty clearly allowed use of the name. You can't take something like that back. Once something is released to the world under a certain set of conditions, you can't take it back, no matter how much you might like to.

He gave the name away, and now he regrets having done so. Well, too bad. OpenSSH used the name with the entirely justifiable understanding that this was allowed. They took nothing that had not been offered. They built a brand of their own, which the original author now wants to destroy since it is becoming competitive.

That's dirty pool.

Claim your namespace.

Re:Et Tu Slashdot

[Matthew+Weigel]

It's hard to sort out what "the right thing to do" is, when the other parties aren't doing it. The right thing for SSHCS to do, for instance, is to consistently enforce or not enforce this trademark.

Fighting the use of trademarks to selectively target competition is a right thing to do. Fighting the involvement of trademarks in what should be standard software on every platform is a right thing to do. Right things to do are based upon merit, and not the familiarity of the names involved.

Being grateful to Tatu Ylonen for the work he's done that has benefitted the community, is also a right thing to do; I've already personally thanked him, and I plan on doing the other right things I listed above, as well.

Re:Et Tu Slashdot

[DevEiant]

The Project History and Credits section of the OpenSSH website would seem to refute your assertion:

OpenSSH is a derivative of the original free ssh 1.2.12 release from Tatu Ylönen. This version was the last one which was free enough for reuse by our project. Parts of OpenSSH still bear Tatu's license which was contained in that release. This version, and earlier ones, used mathematical functions from the libgmp library. That library was also included with these early ssh versions. The libgmp library is made available under the (LGPL) Lesser GNU Public Licence, although versions of that era were under the regular (GPL) GNU Public Licence.

Rapidly after the 1.2.12 release, newer versions bore successively more restrictive licenses, even though libgmp was still included and neccesary for using the software. Earlier restrictive licenses forbade people from making a Windows or DOS version. Later licenses restricted the use of ssh in a commercial environment, instead requiring companies to buy an expensive version from Datafellows.

The original license contained the following text:

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

While I can't personally vouch for the veracity of the OpenSSH history, it and the original license not only seem to directly contradict your assertion that "you couldn't use it for commercial purposes", but also seems to imply that if a derived version of the original is compatible with the protocol description, then he has no problem with someone referring to it as "ssh" or "Secure Shell".

Also, The SSH transport and user authentication protocols have been submitted to the IETF by Ylönen himself, which I believe qualifies as "submit[ting] as an open standard". As a matter of fact, it's currently the main focus of the Secure Shell (secsh) IETF working group.

All in all, this parallels the "one click" scenario pretty closely, with the difference being that SSH was far more novel and complex an idea than "one click" shopping. If Mr Ylönen had released it as a commercial product, or even just released it under a more restrictive license, there would be no debate. As it stands, though, it reeks of dodgy business practices brought on by stockholder pressure and OpenSSH's success.

Re:Et Tu Slashdot

[sql*kitten]

Give up the conflicting name. Not because you have to. Because it's the right thing to do.

Agreed. The SSH chap sounds like a decent, pleasant fellow. Given that by far the hardest thing he's asked the OpenSSH people to do is choose a new name, and that he's contributed significantly to their own success, it would show a lack of common courtesy should they refuse to comply.

I honestly can't see why /. is making such a fuss about this, it smacks of mob hysteria and, as you say, double standards.

Re:Et Tu Slashdot

[msobkow]

It was a generalization regarding the fact that the three letter sequence is not a registered trademark -- the logos are. Yes, IBM will pursue anybody trying to knock off their products, usually successfully.

They don't win because of the law, but because nobody is stupid enough to try to pick a fight with a company whose research budget dwarfs most corporate incomes, that has more lawyers on staff than Microsoft, and that has more backing from the community than any other large corporation.

From that perspective, you're right: they have an implicit "trademark" on the letters. But it's because of clout, not because the law would be on their side. (Ignoring the impact big business has on Congress and legal issues due to the number of voters they employ.)

Re:Et Tu Slashdot

[jamesoden]

It is not the right thing to do, nor is it the reasonable thing to do, nor is it even an open source thing at all. The term ssh is used throught out the industry, and in public standards documents as the word denoting a particular protocol that allows encrypted interactive text based sessions to a remote server. The term ssh is so much a common word that it should not ever have been trademarked, and certainly by now its trademark has validity whatsoever. The word has sinked so far into the public domain that most of my collegues and myself use the word as verb to describe the use of the ssh protocol to connect to a remote machine. Have you recently said something like: I need to ssh over to that machine. Stop it your breaking his trade mark!!! That being said, what else would you call an application that does the SSH protocol? On another front, if you look at the last instance of Tatu's opened source source code, the license expressly makes provisions for the use of the word ssh in a product. Essentially, you could talk the talk (call your self *[sS][sS][hH]*) if you walked the walk (actually conformed to the ssh protocol as defined in various RFC's). Lastly, this has nothing to do with Open Source versus Closed Source. This is a specious legal argument being used against one organization by another organization in order to gain some cheap advantage.

Re:Et Tu Slashdot

[aaabbbccc]

Huh?

Ylannonen has sent several private emails to the OpenSSH core developers for the past year - emails that have been ignored it seems. It's only now, after no satisfactory response that Ylannonen has put a message on the mailing list. How is this "pulling the rug out from everyone at the exactly the worst time".

Frankly, I think the guy had enough of de Raadt's stalling.

Re:Et Tu Slashdot

[ranessin]

And the proof of those private e-mail's is where?

Ranessin

Re:Et Tu Slashdot

[Steeltoe]

You can't compare IP equally with a physical thing. The two concepts are very different. IP is something that can be freely shared without decrease in value. In fact an increase in value occurs to the participants involved. While a physical object is something you either have to split up to share, or have all for yourself.

The people who think they should be allowed to control what people do with information bein

You complained about someone calling you a troll later in the discussion, but I was left with the same impression. However, maybe you just replied without thinking too much about the matter - a reaction. That's pretty common on here, so I guess you're okay ;-)

- Steeltoe

Re:Et Tu Slashdot

[ConsumedByTV]

Results 1 - 10 of about 112,000,000. Search took 0.08 seconds.


time to update your .sig... :)


Fight censors!

Re:Et Tu Slashdot

[belroth]

"Any derived versions of this software must be clearly marked as such"

This would seem to require some sort of name such as SonOfSSH, to me it certainly seems to give a really good defence to accusations of infringment.
----

Re:Et Tu Slashdot

[Inti]

From the license of 1.2.12, upon which OpenSSH is based (according to the Newsforge article):

"As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."

This would pretty clearly seem to imply that as long as OpenSSH was creating a protocol-complaint product that they were welcome to use the name ssh. Otherwise it would have said something like "SSH is the trademark of SSHC, INC, and may not be used without our permission, period".

Unless I am missing something here, it would seem as if Ylonen pretty clearly authorized other compatible and derived products to use the name 'SSH'. And once that permission was granted, it can never - at least not if we want to 'do the right thing' - be taken back.

Claim your namespace.

Re:Et Tu Slashdot

[spuk]

The right thing to do is *not to give up*. The law is being (ab)used against many of the beliefs of the free software community (decss/copy protection/extending copyrights/etc.).

Now that the OpenSSH crew are clearly on their own right, they must use the law for its real purpose.

Re:Et Tu Slashdot

[obtuse]

I'd prefer that OpenSSH keep their name. It might be nice to respect the author's (childish & greedy) wishes 'cause he wants his (freely given & freely accepted,) name back, but OpenSSH has in my opinion created more of the value associated with the name at this point, than the author has. It would be nice for OpenSSH to reap the benefits of their good work, and not have to change their name & pretend to be someone else.

OpenSSH accepted a the gift of the code & name, & ran with it, and deserve to use a name to whose popularity OpenSSH have contributed so much. If their implementation had been called SHiT, then you can bet that SSH would be aggressively making the point that they were the real SHiT.

Where would SSH's precious name be without OpenSSH? It wouldn't be worth protecting. Oh, wait. Maybe it's not worth protecting anyway, since they're not bugging anyone but OpenSSH.

...Generalizations are unreliable...

Re:Et Tu Slashdot

[f5426]

I profoundly disagree. OpenSSH will be tainted for the rest of its life if it doesn't change its name.

I have been confused between openssh and ssh numerous time. Both commmands are named 'ssh', and I think it is an error.

Anyway, the request seems pretty stupid, as OpenSSH is doing a lot of good to ssh corp. If OpenSSH renamed the command to something less related to ssh, like pinss (pins is not secure shell) or yass (yet another secure shell), then ssh corp will loose a lot of mindshare.

Making the issue into "we can legally keep the name" is plain wrong. They want the name ? Give them. The name is just a name. The free alternative is better, so will succeed under any kind of name (and, people will alias ssh to wosin [whatever open ssh is named] anyway, so the pratical impact will be zero).

Cheers,

--fred

Re:Et Tu Slashdot

[hautis]

IP is not about value. It's about life itself.

It's about who owns your genome. It's about who owns your medical and/or crime records.

It's about medicine companies denying life from hundreds of millions of people.

About GM labs creating seeds that produce sterile plants so farmers have to buy new seeds each year. Well, most farmers in the world couldn't afford GM seeds anyway.

It's about companies denying your right to develop software and give it away.

It's about your right to think.

It's about the very evolution of mankind and the whole of this globe.

Greed may help an individual go far, but for us as species it's like a disease that we're just learning to control.

Re:Et Tu Slashdot

[Art+Tatum]

And, if the original author allowed other people to use the name before, it's hard to make the case that he should be able to change his mind and destroy somebody else's name.

Well, he's not destroying anyone's name, exactly. But if he can be shown to be practicing a selective enforcement of his trademark (which, according to this article, he seems to be doing) then I don't think he has a leg to stand on. But I do believe it would be a nice gesture for OpenSSH to change its name.

Re:Et Tu Slashdot

[arothstein]

I've read an awful lot of arguments here of *why* they can usurp the trademark, but not many addressing the original poster's point: should they...

would it really matter to any of us if they call it openSquash instead of openSSH? I don't think so.

Does it matter to the guy running SSH? yes, certainly.

So why persist? Suddenly the guy who wrote SSH is no longer an open-source-brethren, he is now one of *those* commercial guys. Oh the heathen. Screw him to the wall.

I'm not so proud of the open source mentality suddenly.

Re:Et Tu Slashdot

[msobkow]

In a very loose sense I'd have to agree with you, and with the various people who have posted in support of Ylonen's right to defend the SSH trademark.

What I'm having a problem with is that SSH is the acronym for a protocol that has been submitted to standards bodies by the holder of the SSH trademark. By definition anything submitted to the public standards bodies becomes part of the public domain.

Aside from the use of the term in the standards documents, there has been no apparent attempt to stop anyone other than the open source development team from using SSH in the name of their "product." As someone else has pointed out in these threads, trademark defense has to be consistent to be valid.

I'm not sure a trademark on the acronym SSH is valid without being more specific about the design of the trademark. Even IBM's trademarks aren't on the three letters IBM, but on specific color combinations and fonts for their famous corporate logo.

Although I generally don't feel Ylonen is acting in good faith in this matter, I'd rather see us switch to a name like OpenSTN, provided that the documentation submitted to the standards bodies are also updated to use a protocol acronym other than SSH. Whatever acronym is used for the standard is the acronym that should be used by Open???.

I don't agree with comments in this thread that the open source project should have a page crediting and linking the commercial provider's site. If anything, they should be referencing the site and documentation from the standards bodies describing the protocol. Once a standard has been submitted to ISO, ANSI, W3C, or any other such body, it is the standard that becomes important for determining interoperability, not the identity of the originator. Any historical credit for the standard should be referenced by the standards documentation, not by the open source implementation.

Re:Et Tu Slashdot

[divec]

I have reviewed my copy of his license (1.2.27).

Y'need to look at the license for 1.2.12, which is the version OpenSSH is derived from.

Re:Et Tu Slashdot

[zaius]

Actually, Theo may be in the right about 'immediately enforcing' trademark violations... Xerox and Kleenex are two famous examples of corporations who didn't immediately enforce their trademarks and ended up losing them by a clause in trademark law dealing with 'name dilusion'.

This is why Coke runs around suing everyone like crazy for using their name places it shouldn't be... not because they really think skript_kiddie666's webpage is going to cause problems, but because if they don't keep on top of it they could lose their multi-billion dollar brand.

Prompt nodification

[smoondog]

the article raises an interesting point. Many of these crazy patent/trademark infringemtent lawsuits we see all share one thing in common: They are obnoxiously late. The law should have strong enforcement of making sure lawsuits happen right after the infringement. None of this "They making a lot of money so we'll selectively sue them" attitude. Most of the time these companies would have to be dead to not be aware of years of infringement.

-Moondog

Re:Prompt nodification

[the+eric+conspiracy]

Many of these crazy patent/trademark infringemtent lawsuits we see all share one thing in common: They are obnoxiously late. The law should have strong enforcement of making sure lawsuits happen right after the infringement.

Both trademark and patent laws contain provisions requiring that the owner file claims within a limited period of time. In the case of SSH the trademark holder may already be too late.


MOVE 'ZIG'.

Re:what's next

[fluxrad]

what about the "Scotch" in scotch tape?

aye laddie. We're about to put the sue on you far yar blaytant infringemunt of ayre tlademallk.


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

Compromise

[The+Famous+Brett+Wat]

Ylönen said he's not sure of his next step if the OpenSSH team doesn't back down. "I have tried to be polite, stick to facts, and reason with everyone," he said. "I hope that we can find a solution that will cause minimal disruption in the network security community and will also allow us to protect our trademark rights. It would be shame if this issue escalated to something that damages everyone."

If he doesn't want it to escalate, then he'd best compromise. I think that there's a broad feeling of indignance in the OpenSSH developer and user community that there's a "submarine trademark" (if I may put it that way) on something which we consider to be the name of a protocol. I think there's going to be a great reluctance to go ahead with a name change, because it would let the nose of the camel into the tent. What next -- remove all mention of "SSH" from the documentation?

If Ylönen demands no less than the removal of "SSH" from the project name, and OpenSSH isn't willing to do this, then he has the choice of either backing down or going ahead and making himself really unpopular by suing a free software project. This whole direction does not strike me as being one that can result in a net win for Ylönen. If he wins his trademark rights he'll establish himself as an enemy of the OpenSSH community; if he loses his trademark he looks like a poor businessman.

Instead, he should cut his losses and suddenly realise that he can license the use of the trademark to the OpenSSH project for free, on condition that they clearly distinguish themselves from his product, and perhaps provide linkage to his web site as a clarifying measure. If the real problem is customer confusion, then let's deal with the confusion without all this ugly legal sabre-rattling nonsense.

Does Ylönen realise that he's setting himself up as an enemy of the Free Software Republic? This isn't sensible.

Re:Compromise

[Baki]

Wrong compromise. He gave away ssh including the name (as long as you keep it compatible with the ssh-protocol) before the trademark. Thus is trademark is invalid.

The only thing he can do is modify the name of his product, trademark the new name, and launch an advertisement campaign to make it known.

Re:Compromise

[frost22]

If he doesn't want it to escalate, then he'd best compromise.

But there he's got a problem. The Problem's name is Theo. Theo and "compromise" live in tortally disjunct universes.

In the end, I think, the only thing he can do is go to court.

f.

Re:Too Little, Too Late

[interiot]

Another quote:

All this time our policy has been that the trademarks cannot be used by others without a proper acknowledgment, and cannot be used in product names without a special license from us," he said. "We have enforced it against all significant players in the field," he added. "We have not felt it appropriate to go after every random web page or the various non-commercial student projects done at universities."

So which is it? Do we think it's better for a trademark owner to go after every single petty violation? Or does it seem to be more fair when a trademark owner lets some of the little guys slip through the cracks, but then has to take action if they become larger? You can't have both worlds...

(granted, there was that other clincher, but your particular argument conflicts with other common slashdot sentiment)
--

Re:Have a contest for a new name

[TheGratefulNet]

yeah, but the suffix police would getcha.

M$ probably thinks they own the CE suffix. winCE and all.

so would you rather M$ go after you or that SSH guy? ;-)

--

An idea!

[bdowne01]

Let's trademark every letter in the alphabet! That way we can sue whoever uses our trademarks. We'd make a fortune!

Re:An idea!

[Fatal0E]

Let's trademark every letter in the alphabet! That way we can sue whoever uses our trademarks. We'd make a fortune!

Next you'll say "I'll trademark the trademark symbol! Then anyone who trademarks anything will violate my trademark and I'll sue them for trademark infringement." (that idea is trademarked btw. And so are the three letters btw)

Now lets all have a good laugh while our mod points die.
"Me Ted"

Re:You thnk ths s funny?

[Anoriymous+Coward]

Actually that was easer to read than most AC postngs.

At least there's no (TM)s n your username.

Re:I like Theo, but that was the wrong thing to do

[Alioth]

The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.

That's what I thought until I read the last bit of his letter to the OpenSSH developers:

This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

Until I read that, I sympathised with the SSH company - I thought they were doing the right thing by just requesting instead of sending the attack-dog lawyers. However, they made an agressive pre-emptive strike to destroy openssh.com's domain before they even have had a chance to consider changing their name.

If I were in charge of OpenSSH, I would have gladly changed the name of my code has he not pre-emptively tried to destroy my domain before I had a chance to even consider what to rename my product to!

Re:I like Theo, but that was the wrong thing to do

[Elbereth]

This is exactly my opinion, too.

What is so difficult about renaming OpenSSH to something like SecureTelnet or SecureLogin or SecureRSH? It doesn't have to have SSH in the name of the product. Nobody is saying that the OpenSSH filename can't be "ssh" or that Theo has to stop writing an SSH clone.

I like OpenSSH a lot, but if this is the way they're going to conduct themselves, then I'll switch back to SSH. SSH is guaranteed to be around in a year; OpenSSH, OTOH, might face legal problems if they keep going down this road.

Re:Is this a troll?

[Chas]

Actually it will. Since naming rights are specifically addressed within the license.


Chas - The one, the only.
THANK GOD!!!

Re:What about trademarking other things like this?

[magic]

OpenSSH should compromise because what they are doing is illegal. Look, the guy wrote SSH and trademarked that name. He was really nice about it and release the source and supported open source projects. When a trademark is diluted, you legally loose your trademark (Kleenex and Xerox are the textbook examples). Don't stab him in the back for supporting open source by taking away his brand name, which was a major marketing investment.

-m

Let me get this straight...

[panda]

Some dude in Finland is gonna sue another dude in Canada over a Trademark owned in the U.S.?

Puh-leaze!

Enough with the stupid intellectual propery lawsuits already.

I think Tatu's just pissed that OpenSSH is a better product than his commercial SSH, and that OpenSSH is becoming so widely used that it, and not Tatu's commercial ssh, is what people generally mean when they say, SSH. Shit! Now I've just supported his case. :-)

Possibilities...

[scriptkiddie]

Here are the results of grep "s.*s.*h$" /usr/share/dict/web2 | tr hs HS ....

abySSolitH
AddreSSograpH
arguSfiSH
aSpiSH
aSSiSH
aStoniSH
BakSHaiSH
bakSHeeSH
BaSkiSH
beaStiSH
beSlaSH
beSplaSH
blueStockingiSH
bookSelleriSH
BoSniScH
braSSiSH
briSkiSH
bruSHbuSH
buSybodyiSH
buSyiSH
cloSiSH
clotHeSbruSH
coarSiSH
contradiStinguiSH
counterdiStinguiSH
croSSfiSH
croSSHatcH
croSSpatcH
croSSpatH
daiSybuSH
damSelfiSH
diSembelliSH
diSenmeSH
diSeStabliSH
diSfleSH
diSfurniSH
diSgarniSH
diSpleniSH
diSreliSH
diSSoconcH
diStinguiSH
duSkiSH
eSSayiSH
eStabliSH
faStiSH
fleSHbruSH
foreStiSH
freSHiSH
FrieSiSH
froStfiSH
fuStianiSH
gaStroSopH
geySeriSH
gHoStfiSH
gHoStiSH
glaSSfiSH
gloSSograpH
gooSefiSH
gooSiSH
graSSHopperiSH
greaSebuSH
griSettiSH
guStoiSH
gutterSnipiSH
gypSyiSH
HadaSSaH
HandSomeiSH
HarSHiSH
HaSHiSH
HaStiSH
HorSefiSH
HorSefleSH
HouSeSmitH
HouSewifiSH
IbSeniSH

Hmm, I don't seem to have a full dict file! It doesn't matter though, I don't think the OpenSSH folks will find a name better than "Horseflesh."

World First!

[fungai]

"I like Theo".

Re:All squawking aside...

[demon]

Read the ssh 1.2.12 license once. You'll find that the OpenSSH people are meeting the terms of the license. The problem is not theirs, it's Tatu's.
_____

It's a real existing word

[Sloppy]

The problem with "FRESH" is that it is a real word. That means they it might conflict with someone else, that a domain name won't be available, etc. If you're going to start fresh, don't use "fresh" -- use something really fresh instead.

---

Re:I like Theo, but that was the wrong thing to do

[Balp]

> The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be
> reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but
> there is DOCUMENTED confusion.

You mean being polite as when you don't recive a letter saing that you give up all your clames sand a letter to the open public trying to state that please do it. The letter form the lawyer deamanded an answer before the letter to the mailinglist was sent. I think this is a real nice way of saying it and being polite. (And yes it was a thretening lawyer letter first... Then he changed...) In my optionon Tatu has been lower over the years, when he first released ssh (I had ssh as replacement for rsh since about version 1.2.20, and for almost all logins since 1.2.14. thats is since around 95) in the begining I saw his as a good guy amied in making the internet a more secure place, then he has swifted more and more to making money. Actually I don't have anything against geting payed and gaining from your products, but keep that on a nice way.

I think that he by him self is doing his best too loose money as he and SSH Comunications Security, as they tries to force all users the hard way over to SSH 2. SSH 2 is no longer free of use, that means that the step costed money for the most users, individuals and non-profit organizations. The ssh using community was quite irritated by this and most servers still are running SSH1 protocol. (This versions are soon to be removed from ftp.ssh.com). So instead of helping users to get the better protocol he has slowed that step. Now with OpenSSH the step from SSH1 to SSH2 is possible to make without upgrading ALL servers and clients at the same time. A loot easyer.

/ Balp

Re:its kinda too bad, but its the rules

[teeth]

I know several Johns; their individual Johnness in no way compromises the Johnness of any of the others.

I also know two Alberts, this, however, is almost certainly a statistical anomaly...

Re:What about trademarking other things like this?

[swinge]

(whether or not it actually is a shell is really a moot point, however), and the logical abbreviation - following standard shell style

rsh is not a shell itself, it provides access to a "remote shell". In the same way, a secure shell would be any shell that you got access to securely.

Which leads to my favorite new name for the open source version: what it does is "opens shell" or, OpensSH. There, everybody happy now?

Re:Skipping to the meat of the letter:

[the+eric+conspiracy]

Owning a trademark in one realm of human communication doesn't give you the right to own it in all others.

Bzzzt. Wrong. The main point of law is the question of whether the name domain OpenSSH might cause confusion. In this case, given the identical functionality if the products I think they have a good case.


MOVE 'ZIG'.

Microsoft Finally Contributes to Open Source

[bumski]

So you're suggesting that the open source community should follow the shining example set by Microsoft? That's got to be a first.

Well, here's telnet...

[devphil]

Good thing nobody is enforcing a trademark on "telnet," eh?

Yet.

Domain Name.......... telnet.com
Creation Date........ 2000-11-21
Registration Date.... 2000-11-21
Expiry Date.......... 2001-11-21

Organisation Name.... Rainforest Consulting
Organisation Address. 2180 Pleasant Hill Road, Suite A-5, #376
Organisation Address.
Organisation Address. Duluth
Organisation Address. 30096
Organisation Address. GA
Organisation Address. UNITED STATES

Re:There's the solution!

[AFCArchvile]

Well, then let's consider this a last resort maneuver, just in case SSH gets a legal team like Digital:Convergence, Apple, Microsoft, or Sun Microsystems.

Have I covered all the corporate legal system abusers? Hardly.

Re:Is you a troll? (apologies...)

[eightball]

And where is the proof that is causing unreasonable impact on SSH Corp? We only have a brief statement from the accuser that he has received "significant amount of e-mail" without qualification (x per day for example, had to add 2 employees just to tell these people to buzz off, etc...).

IMHO, it is more akin to a chain letter than an email virus. It causes problems because some people are stupid. It is not because when a person has a question about a problem with a product, it automatically emails every vendor for every piece of software installed on the machine asking for resolution to their problem.

However, this support problem works both ways. Problems with other implementations end up in free ssh forums.

Maybe next time..

[Molt]

Maybe next time the authors of a security system will look back on this, and will decide as a result not to release a open standard based on their work?

Yes, changing the name is inconvenient, and yes, it is probably going to end up being legal to keep the name OpenSSH, but the MS lobbying, and the RIAA cases are also legal and inconvenient to the people doing them and most people here don't seem to support them.

Please, let us be careful not to ostracise the people that actually write the open standards that OpenSource relies on. The author of SSH was kind enough to let us use the protocol, let us respect the work he put in by putting in the work of changing the name OpenSSH to something else.. and remembering the new name

Re:Maybe next time..

[Znork]

And maybe when they do that they will end up being just another proprietary unused worthless security-through-obscurity product.

SSH would be exactly there, had they gone down that route from the beginning.

The author of SSH was kind enough to release his code and make it public (sorta had to since he had GPL parts in there at the time), we were nice enough to decide ssh was a good idea and use it in a lot of places, creating the market for him. We got a turnaround, license changed, proprietary product that didnt work on all platforms any more and an incompatible shiny new protocol.

Lets vote on this!

[Codeala]

I think the best way to resolve this is to call for a vote. Just to be fair, only people who ever contributed code to the OpenSSH project are allow to vote. They help create it and it is time they decide what they want to do.

I further suggestion a first round vote to decide if "OpenSSH" must go. If so, then a submission period for new names then vote on that again. Perhaps for the second round everyone can vote?

====

Re:There's the solution!

[StenD]

As the article states there are several other SSH(TM)implementations out there

with SSH in the product name

that aren't being hassled over this.

Sorry, but he's actively assisted the development of other SSH products with SSH in the product name. If he asked that the OpenSSH documentation contain a trademark notice, that would have been reasonable. Demanding that the project change its name, at this point, is not.

Re:What about trademarking other things like this?

[Cyno]

what about:

OpenAndSecureRemoteShell
sterm #it does X redirection/port forwarding
snet #kinda like telnet, only better
osh #an open/secure remote shell
osrsh
srsh
ossh

remember we can always make symbolic links, at least until the courts (upholding justice, heh, yeah right...) rule that symbolic links are a distiction without a difference, violating trademark/copyright/patent/corporate law

Maybe they should rename OpenSSH

[jfunk]

I think they should take Apple's lead and call it BHC.

Butt-Head Cryptographer...

Besides, I can type bcp a smidgeon faster than scp. :-)*

Re:Microsoft's Lawyers Fixed this for Openssh

[mbyte]

In Germany some company has the trademark on explorer(tm)* for software products. So they sue everyone who is putting a link on some kind of explorer(tm)* software, like ftp-explorer(tm)*.

Microsoft DO have some deal with them, but both sides refuse to reveal details of it.

* explorer is a registered trademark of the symicron GmbH


Samba Information HQ

Re:secshell

[ranessin]

The Slashdot reaction would be irrelevent. At least then it would have been legal.

Ranessin

How long before a suit over 1 similar character?

[109+97+116+116]

Lets see...

ssh... 3 letters...

MS two letters...

How long until someone tries to sue ove the use of 1 similar character?

How long until people will realize that the name of the game is selling an idea of a product to numbers of people and crap like this has little impact on what people are going to choose for low level software like this.

It is purely utilitarian!

If it does the job and people know it works and does it's job well then the story is over.

Wall Street Journal Headline:

McDonalds sues Wendy's for having a name with three of the same letters!

Re:Too Little, Too Late

[jhantin]

So which is it? Do we think it's better for a trademark owner to go after every single petty violation? Or does it seem to be more fair when a trademark owner lets some of the little guys slip through the cracks, but then has to take action if they become larger? You can't have both worlds...

Perhaps if the trademark holder was considerate enough to just notify the little guy early on that the mark was already taken, before they invested a lot of money, time, effort, goodwill, or whatever into the mark, without letting slip the hounds of litigation, we could have the best of both worlds.

Just my two copper, anyway.

Re:I think I'm too goddam busy

[pheph]

Ahh, i will send an informative message to the developers once i really figure everything out. See, i know more than enough about the problem to bitch to slashdot, but a far cry from what it takes to be a helpful developer! Perhaps tomorrow :)

Re:Skipping to the meat of the letter:

[PhilHibbs]

This is prior restraint and flies in the face of the first amendment.You mean this First Amendment:

CONGRESS SHALL MAKE NO LAW RESPECTING ... ABRIDGING THE FREEDOM OF SPEECH, ...

Are you confused between who SSH Communications are, and what congress is?

ssh(R) trademark issues: comments and proposal

[ylo]

I'd like to address several issues raised by people in relation to my
notice of the ssh(R) trademark to the OpenSSH group. Also, I would
like to make a proposal to the community for resolving this issue
(included at the end).

First, I'll answer a number of questions and arguments presented in
the discussion.

> "the SSH Corp trademark registration in the US is for a logo only"

It is for the lowercase word "ssh" (I was mistaken earlier in saying
that it was for the uppercase word "SSH"). As many people obviously
know, trademark registrations in the USA are a matter of public record
and it is open to anyone to review the details of SSH Corp's trademark
portfolio.

Under US law, a trademark registration entitles the owner to exclusive
use of the trademark as it is registered, in relation to the goods
and/or services for which it is registered. Trademark infringement
occurs when another person uses the same, or a substantially identical
mark, for the same or related goods or services, in a manner which is
likely to cause consumer confusion. Consequently, use of the
uppercase word "SSH" or a name containing the "ssh" or "SSH" mark will
likely amount to trademark infringement under US law, if it is in
relation to goods or services within the same field of use covered by
our ssh(R) trademark. Of course, there are many possible
non-infringing uses of "SSH", for example, anyone might have a brand
of chocolade called "SSH".

> "A license was granted in 1995 that allows free use of the trademarks"

This is not accurate, but refers to the following language in
ssh-1.2.12 COPYING file:

As far as I am concerned, the code I have written for this software
can be used freely for any purpose. Any derived versions of this
software must be clearly marked as such, and if the derived work is
incompatible with the protocol description in the RFC file, it must be
called by a name other than "ssh" or "Secure Shell".

First, this is a copyright license ("the CODE can be used..."), with an
additional restriction on naming. It is not a trademark license.

Also, this text is from the COPYING file from ssh-1.2.12, dated Nov
17, 1995. The trademark claims were made in 1996 (ssh-1.2.13 was the
first release claiming them, released on Feb 11, 1996), and this
license provision would not have covered them anyway. Ever since, our
policy has been not to allow unauthorized use of the trademarks. The
trademark claims have been made consistently in every release ever
since.

> "no-one has ever been notified of infringement"

For example, I notified Van Dyke of the trademark a few years ago when
they used the SSH mark on their web site inappropriately. We
discussed it, they were very co-operative, and immediately added
trademark markings and acknowledgement on their website. Issue
solved. (They were not using it in a product name.)

Basically, anyone we have ever really encountered in the marketplace
has either been notified or is a licensee of ours.

> "F-Secure SSH has been using the name for years"

F-Secure (formerly Data Fellows) is our distributor/VAR, and they are
using the SSH trademark in their product name under a separate written
trademark license agreement. All of the F-Secure SSH products are SSH
Communication Security Corp's products, some verbatim and some with
modifications by F-Secure.

> (reference to FiSSH, TTSSH, Top Gun ssh, etc.)

These are all non-commercial academic projects made at universities.
We have never really encountered any one of these in the marketplace.

We have tried to notify commercial people who have been using the
trademark inappropriately. OpenSSH was the first non-commercial
implementation to raise to the radar screen.

> "why did you notify OpenSSH now"

The reason OpenSSH was contacted now was that they have only become
more visible during the last months, and I have recently seen a
significant increase in e-mails confusing the meaning of the SSH
trademarks and using them inappropriately. I have also recently
received quite a few e-mails confusing OpenSSH as my product.

> "how about the 'ssh' command name under Unix/Linux?"

This relates to the proposal I want to make.

Basically, I am willing to work out a way that will allow anyone to use
the "ssh" command name on Unix/Linux. It appears that there are
ways to do it without exposing our trademarks to unnecessary risk.

The arrangement I am proposing would be as follows.

1. We (SSH Corp) would allow the use of "ssh" (and sshd, etc) as a
command name on Unix/Linux under the following restrictions:

1.1. Any product where the command name "ssh" is used must only be
licensed under a valid license (i.e., must not be in the
public domain). E.g. BSD license, GPL, and normal commercial
licenses would all be ok.

1.2. An acknowledgement of our ownership of the ssh(R) and Secure
Shell(TM) trademarks must be included in the software (help
text, documentation, license). It would not need to be
printed out every time the program is normally run, but would
need to be included in e.g. in an appropriate place on man
pages and in help texts.

1.3 The SSH Corp trademarks cannot be used in product names
without a separate trademark license from us (which we would
not normally grant, unless we see a valid business case for
it, and then only for products using a compatible protocol).

2. A new unencumbered name is created for the protocol, which can be
used by any vendor without creating confusion. The IETF standard
would be renamed to use the new protocol name, and the community
would work to cease using "SSH" as a protocol name and would
instead start using the new name. The new name would need to be
unencumbered, and the xx.com, xx.net, and xx.org domain names
would be made to permanently point to e.g. the IETF main page. My
own proposal would be to change the name to SECSH, provided that
Van Dyke is willing to contribute their currently unused secsh.com
domain name for this purpose. We would be willing to contribute
our secsh.org and secsh.net domains on the same basis.

3. We would submit an official statement to the IETF that we will make no
trademark claims about the "bits on the wire" in the protocol (e.g.,
the protocol version strings or the various names used in the
protocol).

4. We would need to reach agreement with the OpenSSH group to change
their product name and to otherwise cease using the SSH
trademarks inappropriately. We appreciate that some people have
brought the non-commercial university group use to our attention.
We are carefully reviewing this situation.

Let's discuss the exact terms if I get a preliminary "ok, looks fine,
let's try to get this resolved along those lines" from the community
and the relevant parties.

Please let us know what you think.

Best regards,

Tatu Ylonen
Chairman and CTO, SSH Communications Security Corp

>From ylo Wed Feb 14 03:36:19 +0200 2001
From: Tatu Ylonen
To: openssh-unix-dev@mindrot.org
Subject: SSH trademarks and the OpenSSH product name
Organization: SSH Communications Security, Finland

Friends,

Sorry to write this to a developer mailing list. I have already
approached some OpenSSH/OpenBSD core members on this, including Markus
Friedl, Theo de Raadt, and Niels Provos, but they have chosen not to
bring the issue up on the mailing list. I am not aware of any other
forum where I would reach the OpenSSH developers, so I will post this
here.

As you know, I have been using the SSH trademark as the brand name of
my SSH (Secure Shell) secure remote login product and related
technology ever since I released the first version in July 1995. I
have explicitly claimed them as trademarks at least from early 1996.

In December 1995, I started SSH Communications Security Corp to
support and further develop the SSH (Secure Shell) secure remote login
products and to develop other network security solutions (especially
in the IPSEC and PKI areas). SSH Communications Security Corp is now
publicly listed in the Helsinki Exchange, employs 180 people working
in various areas of cryptographic network security, and our products
are distributed directly and indirectly by hundreds of licensed
distributors and OEMs worldwide using the SSH brand name. There are
several million users of products that we have licensed under the
SSH brand.

To protect the SSH trademark I (or SSH Communications Security Corp,
to be more accurate) registered the SSH mark in the United States and
European Union in 1996 (others pending). We also have a registration
pending on the Secure Shell mark.

The SSH mark is a significant asset of SSH Communications Security and
the company strives to protect its valuable rights in the SSH® name
and mark. SSH Communications Security has made a substantial
investment in time and money in its SSH mark, such that end users have
come to recognize that the mark represents SSH Communications Security
as the source of the high quality products offered under the mark.
This resulting goodwill is of vital importance to SSH Communications
Security Corp.

We have also been distributing free versions of SSH Secure Shell under
the SSH brand since 1995. The latest version, ssh-2.4.0, is free for
any use on the Linux, FreeBSD, NetBSD, and OpenBSD operating systems,
as well as for universities and charity organizations, and for
personal hobby/recreational use by individuals.

We have been including trademark markings in SSH distributions, on the
www.ssh.fi, www.ssh.com, and www.ssh.org web sites, IETF standards
documents, license/readme files and product packaging long before the
OpenSSH group was formed. Accordingly, we would like you to
understand the importance of the SSH mark to us, and, by necessity,
our need to protect the trademark against the unauthorized use by
others.

Many of you are (and the initiators of the OpenSSH group certainly
should have been) well aware of the existence of the trademark. Some
of the OpenBSD/OpenSSH developers/sponsors have also received a formal
legal notice about the infringement earlier.

I have started receiving a significant amount of e-mail where people
are confusing OpenSSH as either my product or my company's product, or
are confusing or misrepresenting the meaning of the SSH and Secure
Shell trademarks. I have also been informed of several recent press
articles and outright advertisements that are further confusing the
origin and meaning of the trademark.

The confusion is made even worse by the fact that OpenSSH is also a
derivative of my original SSH Secure Shell product, and it still looks
very much like my product (without my approval for any of it, by the
way). The old SSH1 protocol and implementation are known to have
fundamental security problems, some of which have been described in
recent CERT vulnerability notices and various conference papers.
OpenSSH is doing a disservice to the whole Internet security community
by lengthing the life cycle of the fundamentally broken SSH1
protocols.

The use of the SSH trademark by OpenSSH is in violation of my
company's intellectual property rights, and is causing me, my company,
our licensees, and our products considerable financial and other
damage.

I would thus like to ask you to change the name OpenSSH to something
else that doesn't infringe the SSH or Secure Shell trademarks,
basically to something that is clearly different and doesn't cause
confusion.

Also, please understand that I have nothing against independent
implementations of the SSH Secure Shell protocols. I started and
fully support the IETF SECSH working group in its standardization
efforts, and we have offered certain licenses to use the SSH mark to
refer to the protocol and to indicate that a product complies with the
standard. Anyone can implement the IETF SECSH working group standard
without requiring any special licenses from us. It is the use of the
"SSH" and "Secure Shell" trademarks in product names or in otherwise
confusing manner that we wish to prevent.

Please also try to look at this from my viewpoint. I developed SSH
(Secure Shell), started using the name for it, established a company
using the name, all of our products are marketed using the SSH brand,
and we have created a fairly widely known global brand using the name.
Unauthorized use of the SSH mark by the OpenSSH group is threathening
to destroy everything I have built on it during the last several
years. I want to be able to continue using the SSH and Secure Shell
names as identifying my own and my company's products and
technologies, which the unlawful use of the SSH name by OpenSSH is
making very hard.

Therefore, I am asking you to please choose another name for the
OpenSSH product and stop using the SSH mark in your product name and
in otherwise confusing manner.

Regards,

Tatu Ylonen

SSH Communications Security http://www.ssh.com/
SSH IPSEC Toolkit http://www.ipsec.com/
SSH(R) Secure Shell(TM) http://www.ssh.com/products/ssh

Re:ssh... short shiny hair? silly slimy hubris? ..

[Migrant+Programmer]

Heh. I work for a company named Fred. We wouldn't sue =)

Apples and Watermelons.

[Chas]

1. SGI had already trademarked "GL"
2. SGI did NOT already give away the right to use "GL" freely.
3. Tatu didn't trademark "ssh" initially.
4. Tatu released a version under a license that allowed for use (unrestricted use no less) of the "ssh" mark, so long as it conformed to the SSH standard.
5. The standards, penned by Tatu himself, use the term "ssh" for the protocol.

   This is nothing more than a company trying to rescind the actions of it's founder to protect a failing business strategy.

   Why? Because people are being drawn to the open-source implementation rather than paying out good money for something they can get for free.

   Tatu's also probably peeved that OpenSSH will receive wider distribution (through Linux, BSD, and possibly OS-X sales/downloads) than his company's probably capable of. And thus will be more likely to achieve ubiquity than his proprietary, commercial products.

   Sorry, but it doesn't work that way Tatu. You can't fish something out there until it hits name-recognition status, then make them change their name so you can supplant them. The community is NOT your advertising tool.

Chas - The one, the only.
THANK GOD!!!

Re:Apples and Watermelons.

[Gaijinator]

While I do see your side of the argument - that Tatu is being more than just a little unfair - it doesn't mean that OpenSSH can't change their name, nor does it mean they have to. I simply say that they should change their name to avoid an unnecessary dispute by giving into a relatively minor concession (this would be a completely different story if Tatu told them they couldn't use his standard - then I'd be all for fighting back).

If you still really need to feel like the open source community is making a victory, then just tell everyone that OpenSSH did this to prove they don't need ssh's name to become the more popular version.

Re:Apples and Watermelons.

[MenTaLguY]

Why? Because people are being drawn to the open-source implementation rather than paying out good money for something they can get for free.

In this case, the open-source implementation is also arguably better.

Re:Apples and Watermelons.

[Chas]

Question, why should they change their name?

Say FTP tried enforcing their trademark. Would wu-ftp, CuteFTP, and all the other *FTP products out there have to change their names? Especially since their name is also relevant to the protocol name?

Yes, it'd be nice if they changed and were still just as successful. But why should they have to accept such an onus? Simply because Tatu & Company feel like it?

Also, why just stop at dictation of naming conventions? Every time someone just rolls over and plays nice with these greedy (expletive deleted), it merely gives them incentive to push for more.

Give them an inch and they don't take a mile. They don't even take a league. They take an AU.


Chas - The one, the only.
THANK GOD!!!

Re:There's the solution!

[treke]

My question is whether this name change would make it to the point of actually having to change the commands. I could concede that the project name might be reasonable, but changing the commands would be pushing it.
treke

Re:secshell

[aaabbbccc]

...although its a real pitty he didn't think of enforcing his trademark early on...

Imagine that he did back in 1999 when OpenSSH was first released. What would have been the Slashdot reaction then?

Trademark issued Dec 2000

[bmacy]

I was talking to an IP lawyer friend about this some. He said the trademark was issued in the US on Dec 2000.

Brian Macy

Well,

[omarius]

How about calling it SlaSH?

No, wait, don't sue me! ;)

-Omar

(or SwiSH
or SwaSH
or...
)

�'tis very similar to the commonly suggested name

[yerricde]

Encrypted SHell

What about FRESH? That would be a more precise name:
F ree (it's free software)
R emote (remote login is its main purpose)
E ncrypted (truth in advertising; encryption doesn't in and of itself provide security)
SH ell

All your hallucinogen are belong to us.

But it's not "ssh"!

[TWX_the_Linux_Zealot]

It's OpenSSH, which is a completely different set of ASCII codes! how can the people who make "ssh" even get close to confusing "OpenSSH" with their product? it's even got a different MD5 sum and different source code!

"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."

Re:Skipping to the meat of the letter:

[Matthew+Weigel]

This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

Actually, when I read the letter, I saw

In particular, we request that you...take all steps necessary to cancel the domain name registration for the name ``openssh.com''.

Are you just trying to stir up the flames?

Do they have the right to do this?

[codewolf]

Of course SSH has the right to demand that their name not be used by others. Even if it is an open source project that isn't demanding money for their products, it is a clear violation of a trademarked name, and I'm surprized that it took them this long to come after them. Hell, even if it can be viewed as SSH spiting the OpenSSH project for coming out with a more secure model than SSH1, well, they had the name, and someone else is using it, and gaining a usage level off of the recognition of that name. This isn't a hit to OpenSSH, it's a hit to the name, and SSH has every right to it. I'm sure if I came out with an OS called OpenWindows2000 I'd get sued as well, and I'd expect it. And, this is not a flame on either one(s), I use both, as I run linux, BSD, and Windows OS's Just my two cents.....

Re:Do they have the right to do this?

[SimHacker]

Actually, Sun might sue you for using OpenWindows2000, and even if they lost, the shrill nasal whining of their lawyers might drive you to suicide. Better stick to BrokenWindows.

-Don

Re:Do they have the right to do this?

[codewolf]

well, at least I'd get something out of the publicity.

Re:Have a contest for a new name

[the_other_one]

The CE suffix was just a joke. However, I am serious about the idea of a contest to pick a new name. I do not have the resources to set up a contest site but someone out there must have the capability.

I propose that the community that cares should let the guy have the SSH name as a thank you for the donation of the original code. Then get on with life with a new trademarkable name.

The winner of the contest will receive an AOL CD and 15 minutes of fame.

Re:secshell

[Col.+Klink+(retired)]

the standard, as I understand it, that openSSH is based on, is described in an open standard named secshell.

No, your understanding is wrong. The standard is called "SSH". Look at the IETF SSH Protocol Description:

Abstract

SSH is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH Connection Protocol. It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encrypted tunnel. The SSH Connection Protocol has been designed to run on top of the SSH transport layer and user authentication protocols.

Re:What about trademarking other things like this?

[FattMattP]

Big companies don't compromise. They send in the lawyers and fight to the death (or until the money runs out). Why should we compromise? As as been shown the "licence file predates the trademark, and it grants rights that cannot be removed." Also they have not chosen to enforce this until now.

much like the .arc extension begat .zip

[liberty!]

Trademarking a commonly used text string has been done before, and has been solved before.

More than a decade ago, we saw this with SEA trying to enforce the .arc extension for archived files being trademarked. The result was Phil Katz releasing the pkzip utilities, and the whole community switched over to zip files within a few months. SEA had made itself odious to the user community, and was cut off.

It could happen again.

Latest Tatu Ylonen proposal is reasonnable

[fifirebel]

In summary:

• The trademark must be acknowledged in the documentation (not every time you run the program);
• The commands can keep their name (ssh, sshd);
• THe IETF protocol would be renamed to SecSH.

  • See it here.

This whole thing is my fault......

[oobeleck]

I sorta feel bad now. 4 weeks ago we (my company) was slated to buy SSH server/client software from a well known SSH "commercial vendor". I had to deploy it on 90+ SUN systems and some Windows clients. The security group did all the talking with the vendor and then they handed it off to me. (I am just a lowly Unix/SA wanna be security guy) I said "Hey, I bet their is an opensource version of SSH out there somewhere. I honestly had not heard of OpenSSH (I did know about OpenBSD.) I checked into it and sure enough there was OpenSSH. I loaded it on every box in a few days. A week later the "commercial vendor" sales guy called me to see if I was ready to go forward with the purchase. I told him I used a perfectly good opensource version called OpenSSH and would not need his product. He started blubbing about support and I started laughing at him. Then he hung up. (It was going to be a fairly expensive purchase) This is a true story I swear to God.... Blame me, I am the straw that broke the camels back.

Re:What about trademarking other things like this?

[Znork]

Of course, without the product actually being opensource for a while it would never ever have reached any form of popularity.

The major marketing investment done in SSH has been made by Unix system admins who needed a secure and practical (and easily obtainable) way to connect between hosts, and who were later left to fend for themselves as the product went closed and unsupported on a large number of platforms.

And, frankly, having gone through the pains of dealing with the forms of licensing of SSH and having salesmen tell me there is NO version that has ever been free (ok, I know more about the licensing than the salesmen) to the various other stages, it was a true pleasure to dump the commercial branch and go entirely with OpenSSH.

If SSH has any brandname value it is despite SSH Inc, not because of it.

The beautiful paradox is...

[nologin]

I agree that Ylönen should defend his trademark. Considering that he has commercial interests based upon the SSH name, I don't see how he can not choose to defend the trademark.

However, I also must state that he should never have gotten the trademark in the first place. His trademark is the same as the name of his company, the name of the protocol (which is also a networking standard) and the descriptive name of the product. "SSH Communications Inc.'s SSH product uses the SSH protocol..." This is what is confusing a lot of people here.

So there is the paradox. Both points are opposite yet equally valid. As far as I am concerned, this is nothing more than a bad pissing contest.

What ever the outcome is, it still isn't going to change the secure shell product that I use. So please, don't go pissing in my front yard...

BTW, sorry about gratuitously using the word "piss". Unfortunately, I don't have a better word to describe what they [the involved parties] are doing.

Theo is behaving the same way I would.

[Vulture_]

Theo is behaving the same damned way I would if I were in his shoes. I have a big problem with software companies of any kind (save maybe game companies), and I have absolutely no qualms with reaching out and crushing them at every available opportunity.

Besides, it's called OpenSSH, not simply SSH. Like GNUscape Navigator instead of Netscape Navigator. Big difference. And as mentioned in an earlier post, Microsoft's lawyers set the appropriate precedent in court already.

The bit about pre-emptively cancelling OpenSSH's domain was really low, by the way.

Get 'em, Theo!

Re:I like Theo, but that was the wrong thing to do

[peterb]

How dare you imply that Theo would ever act like a complete and utter asshole.

Oh, Wait.

Sometimes I have strange dreams.

How about (mmm, lame subject line)

[AndyS]

TCFKAO (The Client Formerly Known As Openssh)

or just a nice ascii art symbol like a ascii-art blowfish or something ;>

Re:How about (mmm, lame subject line)

[AndyS]

http://www.doc.ic.ac.uk/clef.txt might be a good
symbol - clef being French for key (or so I'm told) - and there are lots and lots of good pictures of it too!

(it's a treble clef, I'm artistically challenged)

Re:How about (mmm, lame subject line)

[AndyS]

d'oh

www.doc.ic.ac.uk/~aces98/clef.txt

I'm feeling stupid now :(

Re:what's next

[belroth]

"Petrol" was once a trademark. So was "fridge" I believe.
----

Re:What about trademarking other things like this?

[Dwonis]

You're totally right. There's no way the OpenSSH project has to change its name.

But should it anyway? It would really make us (the OSS community) look a lot better if we made a courteous move we didn't have to. And really, what will OpenSSH lose by changing its name? Not a lot.
--------
Genius dies of the same blow that destroys liberty.

Re:its kinda too bad, but its the rules

[mindstrm]

You may not see why the lack of enforcement should diminish their ability to prosecute, however, long-standing trademark law DOES.

Who even knew it was trademarked? Did they ever attempt to let anyone know this before? No.

SSH is the common word for a protocol; everyone knows that. It's already been what trademark law calles, 'diluted'. It's a common name now; once something is common like that, you can't take it back just because it's trademarked. Everyone already has something in their mind when they think of 'ssh', and it's not this guys product in particular, it's merely the protocols involved.

Re:I like Theo, but that was the wrong thing to do

[belroth]

The statement that the mark wasn't enforced was the WRONG tack to take.

Why not, it is relevant under US law isn't it?

He didn't send threatening lawyer letters.

Maybe his lawyers have advised that this bird won't fly and he's trying anyway with an implied threat (which may have no substance)?
And quoting from his email:
Some of the OpenBSD/OpenSSH developers/sponsors have also received a formal legal notice about the infringement earlier.

Notice something, the original license (..snip..) allowed you to call your application ssh.
That's irrelevant.

HOW? He gave permission to call it ssh and now he wants to change his mind and that's not relevant?

SAMBA couldn't call itself SMB, confusion reasons, but the applications use SMB (like, smbd).

No reason they couldnt call it OpenSMB is there? Samba just sounds better.

However, if the Open Source community insists on fighting on the Trademark grounds, we're in the wrong.

Oh well, opinions differ - yours and mine in this case :-) You can't dispute the merits of Trademarks. I could if I was being awkward but I'm happy with the idea that trademarks are to protect the consumer, the problems here are detailed elsewhere in this discussion - lateness, dilution, selective enforcement etc.

I find it interesting to compare an extract from his email with another from the licence for 1.2.12 which was the basis for OpenSSH:

OpenSSH is also a derivative of my original SSH Secure Shell product, and it still looks very much like my product (without my approval for any of it, by the way).

and

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

That seems like permission to me, and he appears to be either forgetful or disingenuous. Given the FUD in the email about protocols.....
----

Re:Is this a troll?

[Chas]

Uhm. No. Yes. SSH corp did NOT enforce their trademark. In fact, they're still not enforcing it with other projects "infringing" on the SSH trademark. Unlike patents, trademarks are an all or nothing thing. But you neglect the following. Tatu SPECIFICALLY released SSH under a license that allowed use of the SSH name well before the trademark was EVER applied for. All the protocol documentation for SecShell terms secshell as "SSH protocol". SSH corp is a failing business. More than likely, they'd use the confusion of renaming OpenSSH to usurp the market share that the OSS project has achieved. Which would simply support their faulty business model a short while longer.


Chas - The one, the only.
THANK GOD!!!

Example?

[kaoshin]

I RTFA, but I'm still not clear on the confusion about this. Can anyone please provide a specific example (call or email log, newsgroup post, vague recollection, anything) where even a single user became confused between the two applications, or is this just a preemptive confusion stopper? All I've read is talk about the legal mumbo jumbo and little mention about the actual issue that this is supposed to address. I'm not saying anyone is full of all the crap in the entire world, but I'd like to know if anyone has seen where this is really an issue to either SSH or OpenSSH.

Re:its kinda too bad, but its the rules

[aaabbbccc]

Instead SSH waited until OpenSSH was popular enough for a sudden name change to confuse people and make things very difficult for them. No matter how you look at it it's very dirty.

How about: SSH has tried for over a year to make a private agreement with OpenSSH and thus spare the public of this affair but since de Raadt steadfastedly refused to compromise, Ylonen is now forced to take the issue publicly.

And even more ironic, didn't the OpenSSH people try to get www.openssh.com a while ago? I thought trademarks were irrelevant?

ssh... short shiny hair? silly slimy hubris? ...

[crovira]

This is devolution. What a couple of morons. Call the damn thing Fred and fuck the lawyers.

Re:Skipping to the meat of the letter:

[mihalis]

This part, however, goes too far:

This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

Where is that bit? I can't find it. Thanks

rsh

[VojakSvejk]

OK, as someone who profits from proprietary software, I do sympathize with Ylonen, but can I trademark a name that's derived of someone else's?

selnet
sicrosoft
smazon.com

Future Projects

[Wolfier]

What have we learned from this story?

Next time, when we start a Free project aiming to be compatible with someone else's code, why don't we *TALK* to them first?

I'm not saying we should ASK for permission to use name or anything, but just to get an idea how they'd interpret their own agreements.

Say, if the OpenSSH team talked to SSHC and said "Now we have your 1.27 license, and it says we can use the name if it is compatible. Can you verify that?"

If they said "Ok you can use that" then they'd better keep their mouths shut at this time. Too bad it wasn't what happened.

Re:Future Projects

[Black_Cherry]

You'd think it would just be common sense to find out if a name is either: Trademarked, or already in use(see sawmill). Oh well.

__

Re:Microsoft's Lawyers Fixed this for Openssh

[masq]

No. Although your logic is good, and actually may be viable in this instance, Microsoft did what they always do; they bought the other guys out....

http://www.zdnet.com/yil/content/mag/9901/dubiou s5 .html

Microsoft WON a case. hah. you're funny.

Command Names and Trademarks.

[Gorobei]

Usually, I would support the trademark owner: IBM owns IBM, and I expect anything with IBM in its name to come from IBM.

This case is worrying, however, because ssh is also the name of the command. The trademark is not only identifying a brand, it is also the thing you type to perform an action. If DEC (or whoever) had patented "dir" they would have made competing OSes less attractive because new OSes would have to invent arbitrary different names for conceptually identical commands. If SSH enforces the trademark, it is only reasonable that they must fight against alternative implementations using the command "ssh".

This would lead to a repeat of the look-and-feel wars of the GUIs, only this time fought over CLIs using trademark law. LnF was about users moving to different platforms/apps and expecting things to work the same. CLI is no different: users expect telnet to do approximately the same thing on all platforms. If command names are choosen to avoid infrigement, we all will lose.

Re:What about trademarking other things like this?

[Zebbers]

you said it yourself skippy. GL IS a trademark of sgi. SSH afiak is a standard. You can't trademark www ftp cgi.

Pulled from the OpenBSD Journal

[jimbobborg]

From the OpenSSH License: OpenSSH contains no GPL code. 1) Copyright (c) 1995 Tatu Ylonen , Espoo, Finland All rights reserved As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell". However, I am not implying to give any licenses to any patents or copyrights held by third parties, and the software includes parts that are not under my direct control. As far as I know, all included source code is used in accordance with the relevant license agreements and can be used freely for any purpose...

Re:�'tis very similar to the commonly suggested na

[GrenDel+Fuego]

Ahh, but then mentos would be after you.

"what are you doing?"

"running make on my new FRESH install"

"HEY! WE'RE THE FRESHMAKER!"

....

Ok, so it's a bad joke. Leave me alone.

Re:what's next

[agentZ]

Let me take a drink from my Thermos and then I'll explain it to you. Oh wait! "Thermos" is actually a registered trademark. It's just a brand of vaccuum bottle. But sometimes a brand name (like Coke or SSH) just becomes synoymous (sp?) with the product, no matter who makes it.

I wish they'd just "shh" over "ssh"

[gbgbgbg]

What a bunch of whiners. Running about in a frenzy over a fucking name. Grow up people. This is stupid, lame, immature, and a complete and total waste of time and energy.

Re:Microsoft's Lawyers Fixed this for Openssh

[alexburke]

It was a defunct ISP that had a product called "Internet Explorer" one year before Microsoft released IE. In actual fact, Microsoft didn't win -- they lost, and had to pay the founder of the ISP (I think) $$$$$$.

--

What about trademarking other things like this?

[Gaijinator]

I think we can all agree that secure shell is a descriptive name for this program (whether or not it actually is a shell is really a moot point, however), and the logical abbreviation - following standard shell style - is "ssh". Now, to avoid utter confusion, it is a good idea to make sure there aren't other programs called ssh. OpenSSH makes perfect descriptive sense for the program - it's open source, and it's a lot like ssh.

However, on the other side of the table is OpenGL and Mesa3D. Now, MesaGL would more accurately describe what Mesa3D emulates, but GL is a trademark of SGI, and they probably wouldn't like it if it was used without their permission. The best solution would be for the designers of OpenSSH to change their name and avoid any more disputes. This would also give open source developers a more moderate reputation, as opposed to the uncompromising one they seem to have nowadays.

Re:What about trademarking other things like this?

[Throw+Away+Account]

OpenSSH is doing nothing illegal; they have a non-revocable license to use the name.

According to the SSH version 1.2.12 license:

"As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."

OpenSSH is doing nothing illegal in using the term "ssh", because OpenSSH is a derivative work of ssh 1.2.12 and is compatible with the RFC.

Now, Mr. Ylönen may regret having given that permission. But the only argument he can make is that the OpenSSH name is not sufficient to mark that the software is a distinct derivative work of ssh. If so, he can object to the OpenSSH name itself, but not the use of "ssh" in the name.

BTW, Kleenex® and Xerox® (along with Velcro®) are still trademarked (at least in the U.S.) due to the extensive efforts of their legal departments. Partly because their founders had the sense to not issue a license allowing other people to call their products Kleenex, Xerox, and Velcro, unlike Mr. Ylönen.

SssssssssSSH!

[Ocelot+Wreak]

Does this mean that if I name my software product "Sssssh!" or maybe even "Sshhhh!" (as in "BE QUIET!"), that I'm going to be sued because it has the letters ssh (TM) in the name? ;-))

what's next

[bluelip]

gnapster? gaim? openssl? what about the "Scotch" in scotch tape? Isn't honestly a true brand from 3m? Or vise-grips vs locking pliers? What is allowed and what isn't?

Re:what's next

[Peter+Harris]

Whit the fuck wis that meant tae be?

Come tae Glesga an try oan a fake accent like that, ya bam. Ah fucken dare ye.

:-)

--

Interesting

[Tony-A]

If OpenSSH changes its name to, say, OpenNSA, then nsa becomes the "in" word for securely telnetting into a remote system and ssh becomes a has-been term.

Lawyer: not open and shut, but close

[hawk]

I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your jurisdiction.

I'm not certain which jurisdiction's law governs here (and am not going to do the hour or two of research unless someone pays :). However, given the Canadian base of OpenSSH, as well as the wide distribution of the original product into the English speaking world, I'll make some evaluations based on English Common Law.

He said that software could be used and modified, and that *incompatible* programs must not use the ssh name. That doesn't *give* permission to call compatible programs ssh, but it certainly implies it. Similarly, finding someone with a smoking gun in his hand over the shot and still bleeding body doesn't *prove* he killed him, but there's a whole lot of 'splainin' to do . . .

I don't see where he can go with this without producing more info. With implied consent and five years of silence, it's a real hard row to hoe . . .

hawk, esq.

OpenSSH name has reputation all its own

[sydb]

If the original license predates the trademark, and the trademark has not been protected, and he has an IETF standard with the name, well, I don't see how he has a leg to stand on. Certainly no moral leg.

Also, I think the OpenSSH developers deserve to feel agrieved by his tactics; their name has a reputation all of it's own, entirely unrelated to the reputation of this guys company.

It seems to me he must have hoped for a lot of glory when he introduced the protocol and the IETF standard. Now this is just sour grapes that a free implementation could be competing with him so strongly.

Go OpenSSH!

early cite

[Tjp($)pjT]

http://www.nevis.columbia.edu/cgi-bin/man.sh?man=s sh Doesn't the wide distribution without the (TM) attribute prior to the P&TO issuance dilute these claims?

Aspirin

[cgaylord]

Sorry Tatu ... you just became the next "Aspirin" ... go cry on Bayer's shoulder.

wrong view of the candy

[hawk]

No, it's more like he left a sign on the candy that said, "If you don't like my dog, please don't eat the candy," after which someone came up, patted the dog, threw the stick for the dog, and ate a piece of candy.

mplex

[asdasd1]

STRATIG0S ton pairneis!!!

Underwear Gnomes

[scoove]

Sounds like our Finnish friends have been watching too much southpark

Three easy steps to making money:

1. Create open source protocols (aka "SSH") and engage in community support of standard.

2. ?

3. Panic that people are using the name of the standard you asked them to. Issue threatening legal letters. Make big profits.

*scoove*

SSH, Inc. (TM) is off any vendor list I'd ever approve... how about you?

Can't he sell support for OpenSSH?

[Scarblac]

I'm reading this rather late, so noone will see my reply, but whatever.

Since his company apparently has problems and lots of people contant it for support for OpenSSH, couldn't he just start supplying it, for a fee? It seems to me they should be capable of that, and they'd be in a great position to point out the advantages of using their own, commercial ssh...

Re:I like Theo, but that was the wrong thing to do

[mjh]

Good job. We have now taken the position to the outside world of being total assholes.

I agree with you on this point. But on the overall argument I disagree. Yes, Tatu is trying to be nice. And yes, Theo is being an asshole. But that being said, I don't see how Theo's going to lose this. With his current attitude, he's in danger of losing the PR battle, but that seems to be it.

Have you seen the license for ssh 1.2.12 (which is what OpenSSH is based off of)? Here is the most salient part (IMHO):

This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland

COPYING POLICY AND OTHER LEGAL ISSUES

As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

The only thing he says about the name is that if you're not compatible, then you can't use the name. Which leaves the only possible interpretation to be that if you are compatible, you can use the name.

I think that it would be a nice gesture on OpenSSH's part to give up the name. But I don't think it is, by any means, required. And if OpenSSH wishes to protect their identity, using a publically available name, that's entirely up to them. Theo could be more nice about it, but I don't think he'd be in the wrong to keep the name.

Nice Take...

[SnatMandu]

This story makes a nice point.

There's the solution!

[AFCArchvile]

Good thing nobody is enforcing a trademark on "telnet," eh?

Well, then, there's the solution: just rename OpenSSH to OpenSTN (Secure TelNet).

Sure, name changes are hard, but in Quake, when a rocket is barreling towards you, what do you do? Strafe to the side, right! And this is the legal equivalent of that.

Re:There's the solution!

[mcrandello]

AFAIK the trademark being used in the product name is what tatu has a problem with. As the article states there are several other SSH(TM) implementations out there that aren't being hassled over this.

My suggestion is to have the installer name the command 'stn' then simply symlink it to 'ssh' by default.

I've gotta admit...

[Matthew+Weigel]

I think SSHCS's claims have no standing, and their decision to ``defend their trademark'' against only a single product sheds a poor light on Tatu Ylonen.

Nonetheless, the letter is much, much friendlier than what I've seen in similar cases -- i.e., cease and desist yesterday.

IMO, it looks like SSHCS is following good and proper form as they do this entirely questionable act :-/

Re:its kinda too bad, but its the rules

[Sloppy]

Well, the other argument, besides the time delay, is that the trademark became diluted even before OpenSSH existed. SSH isn't just the name of a product, it's also the name of a protocol that many programs use. So a lot of the time when people talk about "ssh", they are not referring specifically to the product sold by SSH Communications Security Corporation. For example, if you sold me a shell account on your box, I would ask you, "Do you support SSH logins?" But I wouldn't actually be asking whether you run SSHCS's product or not.

Thus, due to his decision to name the protocol and the product the same thing (and encouraging others developers to also use the protocol), he caused "SSH" to not be

a device (as a word) pointing distinctly to the origin or ownership of merchandise to which it is applied and legally reserved to the exclusive use of the owner as maker or seller

"SSH" cannot be a trademark, because the word isn't used that way.
---

Uh-oh, you're screwed

[Zico]

It's Pizza and OS/2 from now on.

Sorry, but you better get rid of OS/2, also. I think RMS and the FSF have had a trademark on the term "half an OS" for about the last 5 years of HURD's development. :)

Cheers,

Re:secshell

[eightball]

He didn't say the document didn't have claims of trademarks, or that there is no basis for trademarks based on his quote.

He said ssh was referred to the protocol name in the document.

Alas, I am too late, a moderation point was wasted on your behalf.

What are you smoking?

[ranessin]

US Trademark law requires trademark owners to notify violaters immediately, not two years down the road.

Ranessin

Re:Too Little, Too Late

[interiot]

Just because it's law, doesn't mean it's best. I was hoping to encourage some discussion of where the line should be drawn.

Also, unless Tatu is lying outright, he says (in the paragraph that I quoted) that OpenSSH is NOT the first to be "attacked".
--

OpenSSH named after protocol or application?

[coyote-san]

Asking the question that everyone else seems to be missing, was OpenSSH named after SSH-the-application or SSH-the-protocol?

For countless reasons, I'm sure it's the latter. But that begs the question of why SSH-the-company was so incredibly incompetent that they named SSH-the-protocol after SSH-the-application even though virtually all servers and clients try to incorporate their protocol into the name. TELNET, FTP, FINGER, PING, HTTP(D), etc. Sendmail and bind are two notable exceptions, and of course this can't apply to multiprotocol clients (e.g., Mosaic, Navigator/Commuicator).

OpenSSH, to me, says one thing and one thing only - that it's an "open" implementation of the "SSH" protocol. It has absolutely no connection to SSH-the-program or SSH-the-company other than the historical curiosity that the latter originated the protocol and is pushing it on the standards track. (Something which is undoubtably dead in the water until they (SSH, not ISO) pull their head out of their corporate assh.)

If SSH-the-company wants to keep the identity of SSH-the-program distinct from SSH-the-protocol, they should change the name of SSH-the-program.

Re:OpenSSH named after protocol or application?

[agentZ]

This is so lucid it's hard to describe. Sort of like the first person to develop "a car" calling their brand name "car" and forcing everybody else to sell "automotive conveyances."

IANAL(tm) <-- I should...

Re:OpenSSH named after protocol or application?

[Ian+Bicking]

Sendmail and bind are two notable exceptions

Sendmail isn't really a protocol -- SMTP, UUCP, etc. are protocols. sendmail does have a command-line interface which is widely used. And they've never tried to keep other MTUs from implementing their own sendmail-like wrappers and naming them sendmail. Bind might still be an exception though.

Am I being obnoxiously picky? Yeah, I suppose so.

Re:Have a contest for a new name

[Alpha+State]

Encrypted SHell

Read Yesterday's Article...

[sulli]

for some good alternative names. The best in my opinion was FRESH: Free Remote Encrypted Shell. Sounds good to me!

All squawking aside...

[Tache0N]

Whether we like it or not he is at this point politely asking that his license be respected. Perhaps he could have done this earlier, and perhaps he could have been more clear. The fact remains that this gentleman has given us an excellent tool that fixes one of the worst security problems, that being clear text authentication. So why don't we thank him by respecting his wishes and changing the name? Here are some possibilities: 1. OpenShell, OSH replaces SSH. 1.1 OpenOSH, OSH replaces SSH. 2. Secure Remote Shell, SRSH replaces SSH. 2.1 OpenSRSH, SRSH replaces SSH. 3. Crypto Remote Shell, CRSH replaces SSH. 3.1 OpenCRSH, CRSH replaces SSH There could be many variants of the above that not only sound good but make sense.. I hope the community can come together on this and perhaps /. can mediate this by creating an online vote that can help the OpenSSH folks pick a new name.

Re:secshell

Nice selective quoting Colonel. From your link:

9. Trademark Issues

SSH is a registered trademark and Secure Shell is a trademark of SSH
Communications Security Corp. SSH Communications Security Corp permits
the use of these trademarks as the name of this standard and protocol,
and permits their use to describe that a product conforms to this
standard, provided that the following acknowledgement is included where
the trademarks are used: ``SSH is a registered trademark and Secure
Shell is a trademark of SSH Communications Security Corp
(www.ssh.com)''. These trademarks may not be used as part of a product
name or in otherwise confusing manner without prior written permission
of SSH Communications Security Corp.


Of course, as previously posted, "The Rat" apparently has a licence.

Commonness of SSH

[LoonXTall]

grep ssh /etc/services

Next to be sued: Red Hat, Debian, Slackware, et al. for not clearly labeling SSH as a trademark.

Trademark law applies only to commerce

[D.+J.+Bernstein]

``Under US law, a trademark registration entitles the owner to exclusive use of the trademark as it is registered, in relation to the goods and/or services for which it is registered,'' Tatu Ylonen tells us.

But that's not true. What the owner obtains are exclusive rights (within one field) to use the trademark in commerce. Read the law:

• 15 U.S.C. 1114(1)(a) applies only to actions ``in commerce.''
• 15 U.S.C. 1114(1)(b) applies only to documents ``intended to be used in commerce.''
• 15 U.S.C. 1125(a)(1) applies only to actions ``in commerce.''
• The new cybersquatting prohibitions, 15 U.S.C. 1125(d)(1)(a), and 15 U.S.C. 1129(1)(A), apply only to people acting with an ``intent to profit.''

I doubt that the name OpenSSH is likely to confuse or deceive people. However, even if it is, non-commercial use of the name is legal.

I recently announced my plans to set up freebugtraq, a non-commercial competitor to bugtraq. I was promptly threatened with a trademark lawsuit. Where do trademark owners get the idea that they can control non-commercial activities?

Re:I like Theo, but that was the wrong thing to do

[h0p]

I disagree completely. Theo is not being an asshole. He is being realistic.

I think Ylönen is just going after OpenSSH because several bsd and linux distributions are including OpenSSH with the basic install, and therefore taking away his market share.

I have no respect for Ylönen, he made a free product and everything was good. Decided to make some money off it, and changed a free product into a commercial product. After that, someone came along took his old free product and expanded upon it, no big deal. but when this other _free_ product became more popular then his commercial product he stats bringing out the copyright crap. get real.

Ylönen is making me lose respect for Finnish programmers (land of demo coders)..

its kinda too bad, but its the rules

[deft]

This may all boil down to "too bad openSSH, bad call on using someone elses name". As much as I'd like to support open SSH, i don't like their "expiration of right to prosecute" argument. this strangely paralels the domain fair use arguments. If it can be confused, then it infringes. (the recent win by a "*sucks.com site definitely makes it more interesting).

I can't see why any lack of enforcement in 2 years should be an argument that enforcing it now is any less just. It was never the fault of SSH Communications Security that the open project decided to use SSH letters. And maybe just now their trademark is being infringed. Noone told them to pick SSH.

Yes, it sucks, yes, there are probably motivations to enforce it NOW all of the sudden. But that doesn't make it less enforceable or less of an argument.

Just because somebody gets fed up with something, or realizes the damage it is doing late in the game does not make it less damage. (regardless of how legitimate the infringement claim will turn out to be).

Re:its kinda too bad, but its the rules

[millert]

That is completely false, please get your facts straight and back up your claims. Heck, up until very recently SSH Communications had a link from their website to the OpenSSH site.

As for openssh.com you've got it backwards. The OpenSSH folks had to register openssh.com because someone grabbed openssh.org shortly after the first release of openssh. Granted, the person in question had good intentions, but still...

Re:its kinda too bad, but its the rules

[dmiller]

Yes, it sucks, yes, there are probably motivations to enforce it NOW all of the sudden. But that doesn't make it less enforceable or less of an argument.

Actually it does - one of the central principles of trademark law is that you have to actively defend your trademark. You cannot, for example, wait for your trademark to come into general use and then demand it back.

Re:its kinda too bad, but its the rules

[nothng]

The thing is had this been addressed earlier in developement it openssh could have much more easily changed it's name. Instead SSH waited until OpenSSH was popular enough for a sudden name change to confuse people and make things very difficult for them. No matter how you look at it it's very dirty. Obviously OpenSSH is giving SSH communications such a run for it's money that this is the only thing they can find to put a damper on OpenSSH.

It's a shame there is no statute of limitations on trademarks. Just because something is "legal" doesn't mean that it's justified. I hope not everyone thinks this way. What I think is really sad is the fact that OpenSSH in my opinion is even a better product. I've tried on many occasions to get SSH to compile with no success. OpenSSH however worked with minimal effort.

Re:I like Theo, but that was the wrong thing to do

[f5426]

> Good job. We have now taken the position to the outside world of being total assholes.

Saying "If you do that, you'll look like a total asshole" to Theo de Raadt is pushing him to do it. Ask around you "who is the biggest open-source asshole ?". If you remove the goatse.cx (which may not be opensource), most answers will point to Theo.

He is already the most appreciated asshole of the community.

Cheers,

--fred

secshell

[daniell]

the standard, as I understand it, that openSSH is based on, is described in an open standard named secshell. the closed SSH works off that as well, but has the trademark SSH. I'm inclined to give the Author the right to the name, although its a real pitty he didn't think of enforcing his trademark early on, as now its quite late. However, I'd suggest that openSSH should keep its name and change its tool to sec, or secsh. And please don't make a lame joke about csh worrying about this.

Clearly the problem is that there are multiple tools that are used the same way and called the same thing. ssh makes a secshell connection to address with terminal emulation. One of these tools has a trademark on ssh; I think its actually in a good possition to make a case that the other tool should use a different name, such as the more descriptive secsh.

-Daniel

Re:secshell

[daniell]

You simply lack understanding. I'm wrong, but so are you.

http://www.ietf.org/ids.by.wg/secsh.html is the main heading for all discussions on SSH and secsh. Notice its named secsh. I'm surprised you wouldn't notice.

However, as was correctly pointed out by an anonymous poster, in a clearly more understanding manner, both the names ssh and secure shell are trademarked. Although explicly secsh is not, a strong case can be made that it is equivalent to secure shell.

Now it just sucks that english phrases that are propperly descriptive of a range of possible products can be considered commercial trademarks.

-Daniel

Re:secshell

[Col.+Klink+(retired)]

The only reason the web page is called "secsh" is that there already exists a page called "ssh" at http://www.ietf.org/ids.by.wg/ssh.html (the Site Security Handbook, which is NOT a protocol).

Re:secshell

[Happy+Monkey]

There are lamer jokes than that about the name "secsh"...
___

Re:I like Theo, but that was the wrong thing to do

[Znork]

However, it is a clear proof that the name ssh was in general use for products complying with the ssh RFC long before the trademark was granted, which basically means the trademark isnt valid, nor has ever been a valid trademark.

Read USC title 15 section 1115 for the various reasons that a trademark can be contested. There are at least 4 possible separate paragraphs that can be used in this case, including prior use, abandonment, permission and mark functionality.

All this is is a lesson to other people that legalities like trademark issues, patents and license issues isnt something you play around with and later decide what you really meant (or change your mind about it). SSH has been messy this way from the beginning.

..and who owns sh that SSH piggybacks on ?

[nqp]

I wonder if who ever thought up sh (as in unix shell) therefore has some case against SSH (secure shell) for confusing their product with the original ?

funny how theres no crap about tcsh, ksh, bash, csh... etc etc

Similar battle in Japan

[Sakura_Kinomoto]

It's interesting to observe that same type of battle is actually taking place in Japan as well.

It is battle between the company called Praesense making the software product Personaware which is much like a anime-style character based information manager. One of individual made the free-implementation of the product (but incorporates better features -- such as its own protocol called SSTP) called "Nise-Haruna" (website not available, because author was forced to close site -- don't know what kind of pressure took place, though) which means "Fake-Haruna" in Japanese.

Praesense sent the author of Nise-Haruna cease-or-desist letter. The Praesense apparently didn't like the fact that Nise-Haruna used word "Haruna" and "/haruna/" in their URL!

Later author changed the name of the program, so the program prompts for character's name at first time that the program is executed.

At this moment, after the author of Nise-Haruna's forced to cease its distribution (I think it is more of the author's choice)

I wanted to share this story, because it seems quite similar to what going on with SSH and OpenSSH.

Re:I like Theo, but that was the wrong thing to do

[nqp]

YES - I so agree ... the confusion is because SSH want both the protocol AND the trademark..

thats dangerous and I dont like it.

If Tatu had picked his own name, different from the protocol, then that would be a trademark.

what they are trying to do here is much scarrier and I think Theo is right to hang onto openssh.

If SSH was instead called "finnishSSH" would there be as much confusion ? NO.

The danger if Tatu succesfully prevents ANY ssh implementation from containing the letters ssh, is that the marketplace will think that there is ONE and ONLY ONE implementation....

just think about it.. SSH wants.. the name of the product, the implementation, the shell command... everything...

reeks of M$ behaviour IMHO...

I think OpenSSH is too goddam busy battling itself

[pheph]

I work at a NOC that mixes Linux and Unix (and very few Windows) servers adamantly. In a recent knee-jerk reaction, all the Unix admins (which don't really talk to the Linux admins) upgraded their commercial versions of ssh to:
"sshd: SSH Secure Shell 2.3.0 on sparc-sun-solaris2.8"
So, I've upgraded my servers to OpenSSH 2.3.0p1... Very well, but now half my servers can't talk to each other. I get so errors among instances of the exact same version of OpenSSH!

Disconnected; MAC error (Message authentication check fails.).

2f 75 73 72 2f 6c 6f 63
Disconnecting: Bad packet length ##########.

And one case were i can get to a password prompt, but even when i give it the right password, it rejects the attempt!

The few Unix administrators who run both OpenSSH and Commercial SSH are also finding OpenSSH isn't working the way they expected. I'm not asking slashdot for product support, just moral! :)

Now, I have fixed these problems and my servers are all communicating again, but it took a greater part of my day to resolve which i could have spent, i don't know, reading the onion or something. :)

Too Little, Too Late

[Alien54]

The Register had a followup on this.

Theo de Raadt, co-creator of OpenSSH, hopes the community, not the courts, will decide the trademark skirmish. He points to a licensing agreement that allowed independent versions of SSH before Ylönen received a trademark in 1996, and he wonders why Ylönen has taken five years to decide to enforce the trademark.

He adds: "There are two main clinchers going on here. One is the fact that this licence file predates the trademark, and it grants rights that cannot be removed. And the other is the history of non-enforcement... against anybody else in the entire field using this name, then suddenly enforcing us because we're getting big enough."

Looks like it is too little too late as far as trade mark enforcement goes. If nothing else, Ylönen may be trying to cash in on the name of OpenSSH.

Although there is a point that he (Ylönen) has to do something, I suppose, and better late than never. But it is likely too late.

Oh yeh, IANAL btw

greedy SSH want both protocol and trademark..

[nqp]

the confusion is because SSH want both the protocol AND the trademark.. (and probably the command-line name if they could as well)

thats dangerous and I dont like it.

If Tatu had picked his own name, different from the protocol, then this would be a trademark.

what they are trying to do here is much scarrier and I think Theo is right to hang onto openssh.

If SSH was instead called their product finnishSSH would there be as much confusion ? NO.

The danger if Tatu succesfully prevents ANY ssh implementation from containing the letters ssh, is that the marketplace will think that there is ONE and ONLY ONE implementation of ssh....

just think about it.. SSH wants.. the name of the product, the implementation, the shell command...everything...

reeks of M$ behaviour IMHO...

Is this a troll?

[Stu+Charlton]

Okay, we had quite an argument about SSH vs. OpenSSH just a few days ago, and now we're re-stoking the fire?

Trademark law is there to protect the consumer. Who can honestly deny that OpenSSH has been hurt SSH's business? The only point in contention is that SSH waited to long to enforce the trademark by being NICE -- by emailing the team over the period of a year, several times, at least from my interpretation of the letter in the last Slashdot piece on SSH.

Being NICE is something Slashdotters always seem to want corporations to do. And now it make have cost SSH its trademark. But we don't care, because we're so wrapped up in our own superiority and rights to entitlement that we bite back whenever it's something we disagree with, even if it's a double-standard. This attitude is no less evil than an "evil" (tongue-firmly-in-cheek) corporation.

Let's remember that there's a trademark on LINUX.

Re:I like Theo, but that was the wrong thing to do

[nobody/incognito]

> The guy made an effort NOT to bully an Open Source group.

tatu did exactly that: try to bully the openssh developers. apparently openssh is now so much better than tatu's product that it threatens tatu's profits. so he is trying to make the openssh developers stop what they are doing and respond to the threatening letters his lawyers sent out.

> He didn't send threatening lawyer letters. He asked people to be reasonable.

you are uninformed -- the threatening letters went out a couple weeks ago, before tatu went public instead of trying to find a reasonable accomodation. i'm surprised you don't know this.

> Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.

the only documented confusion is tatu's -- and the source of the confusion is tatu himself. he apparently now regrets his openness of several years ago, now that the stench of money is in his nose. i don't think tatu has a legal leg to stand on. you can't blind yourself to the use of a trademark (allowing the openssh developers to build reputation for ssh) then reverse course. tatu did the right thing in allowing the open source developers to work on and improve ssh. it is a shame that he has now turned from that course, and chooses another one that is venal and craven.

nobody

LAMFAM!

[gbgbgbg]

Both sides should merge and form a new entity called LAMFAM! Lame-Ass MotherFucking Arrogant Morons. Functional and descriptive.

I still can't believe bullshit like this. One, its a fucking waste! Two, if this is news, then the state of real news must be even more sad. Three, GET OVER IT!

People are stupid. Stupid people do stupid things. Kill 'em all, and let God sort 'em out.

News for turds, shit that splatters!

Its the truth, and you all know it.

what about the SH?

[AYEq]

Just trolling around, but maybe Mr.Bourne (or the author of the orig. shell) should sue them for using SH. C'mon that's pretty confusing. I might think that Mr. Bourne was involved in cryptography. (which is evil, right?) :)

Re:I like Theo, but that was the wrong thing to do

[Sloppy]

Trademarks are the only thing that prevents confusion in the marketplace. If people are confused and think that OpenSSH is from SSH, then there is a legitamate issue.

But is this confusion really caused by OpenSSH having a name that is similar to SSH, or is the confusion caused by the fact that Tatu Ylonen chose to overload "SSH" to mean both a product and a protocol?

If OpenSSH is renamed to "FooShell" but still implements the SSH protocols, confusion is going to remain. The reason there will be confusion is that the word "SSH" (more often than not) will still refer to something that might not be SSH Communication Security's product. Just as when people talk about Cola, they're not always talking about Coke.

---

The company name is kind of redundant?

[Zhyn]

The Company name is "SSH Communications Security Corporation", now if we exapnd it it says "Secure SHell Communications Security Corporation" OH boy, this product most be REALLY secure if they can mention sercurity twice in there name! Hmmm........ CC Cookie Chocolate Chip Company or Chocolate Chip Cookie Chocolate Chip Company "There Chocolatly"

Re:I think OpenSSH is too goddam busy battling its

[dmiller]

You should try emailing the developers at openssh-unix-dev@mindrot.org. We can only fix problems that we know about.

Is you a troll? (apologies...)

[eightball]

>Who can honestly deny that OpenSSH has been hurt SSH's business?

Hurt as in:

ruined reputation of?

tied up phone lines/email hubs with incessant demands for support of OpenSSH?

shorted SSH corp's stock, making Tatu's stock worthless?

OR, was it competition that did it?

Please counsel, take all the time you need to peruse your client's papers searching for a clue as to how often and how recent 'earlier' and 'already' means.

I don't particularly care in the long run whether I am using OpenSSH or OpenSecSH. 'ssh' has long been the familiar protocol name for that service. If it were so important for other companies not to use the letters 'ssh' how come most (if not all) unices have 'ssh' as the name for the service that uses port 22?

hmmmm...

[teeth]

very few people who type "vi" are running anything resembling the original implementation

...

Have a contest for a new name

[the_other_one]

My vote is for Cryptonomicon Enabled

Nobody would object if we put a CE after everything

telnetCE
ftpCE
fooCE
barCE
loseCE

..some others who use ssh in their name

[nqp]

copied from newsforge here

... Two authors of other popular SSH products posted messages at securepoint.com Wednesday, saying Ylönen hasn't moved to halt their use of the SSH name.

Ian Goldberg, author of Top Gun ssh for the Palm Pilot, wrote that he exchanged email with Ylönen and others at SSH Communications Security in the summer of 1997. "Tatu even asked me if I'd be willing to do an implementation of the 2.0 protocol," Goldberg wrote. "No one ever asked me to not use the 'ssh' name in the program title."

Robert O'Callahan, who released Teraterm SSH for Windows in 1998, wrote that several universities have distributed his product to their students, and it's been distributed on CD software collections, including with the book "Unix Secure Shell." He said he's never heard from SSH Communications Security about a trademark violation...

makes you think about the real reasons behind SSH's sudden change of mind...huh!!

maybe we should pettition SSH to change their name to something else so we stop confusing their product with the protocol !!! showmethemoneySSH or even just $$H (thats going to hurt the shell now!)

Re:I like Theo, but that was the wrong thing to do

[divec]

The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable.

I dunno, he made some pretty snide FUDy remarks, like "OpenSSH is encouraging insecurity cos it implements SSH1 not SSH2". There was really no need for that attack, which was somewhat incorrect in any case, it wouldn't bolster his legal position and it wasn't phrased in a way to persuade the OpenSSH people.

Open Source should take the High Road

[MrEfficient]

As far as the law is concerned, OpenSSH should probably be able to keep its name. But like the commercial says, just because you have the power to do something, doesn't mean you should.

OSS should take the high road and just rename itself. If OpenSSH does it now, then they can say they made their own decision and did it because they wanted to. If they wait too long, then stronger words will be used by both sides, and pretty soon emotions take over and you can kiss common sense and cooperation goodbye.

So, OpenSSH, change your name, not because you have to, but because you can. Be altruistic. I think that's the best outcome that will make everyone feel good about themselves and others.

Skipping to the meat of the letter:

[Chuck+Flynn]

The ssh mark is a significant asset of SSH Communications Security and the company strives to protect its valuable rights in the ssh name and mark.

This is true. Some might go so far as to say it's their only significant asset, but that's a different matter.

SSH Communications Security has made a substantial investment in time and money in its ssh mark, such that end users have come to recognize that the mark represents SSH Communications Security as the source of the high quality products offered under the mark.

Again, this is nothing controversial. SSH has held the mark since 1998, according to the USPTO documents on the site. They've invested money. No one doubts that.

This resulting goodwill is of vital importance to SSH Communications Security. It wants to make sure that you understand the importance of SSH's mark to it, and, by necessity, its need to protect its trademark against the unauthorized use by others.

Again, this is nothing controversial. Companies have to defend (or make the appearance of defending) their trademarks, lest they lose them. This is a mere legal formality.

This part, however, goes too far:

This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

This is prior restraint and flies in the face of the first amendment. SSH Communications Security owns the trademark on "SSH" in the realm of client-server protocols, that does not give it the right to bully openssh about their domain name.

Take down the offending software, perhaps, but domain names aren't mere marks that distinguish products from each other. They're our very language itself. Owning a trademark in one realm of human communication doesn't give you the right to own it in all others.

SSH = CNN

[civik]

Please watch my new cable network! OpenCNN.

Keeping with the open sourse ethos that if you slap a 'open' on the front of any trademark you can make it your own! We will have news, weather, stock quotes, just like the real thing, but we're 'open'!

Seriously, I understand the argument, but you cant fault them for protecting a valid trademark, especially when the products are basically the same. I would be all for OpenSSH keeping the name if they made refried beans, and not network security tools.

Civik
They have Internet on computers now!?!
-Homer Simpson

Microsoft's Lawyers Fixed this for Openssh

If I remember correctly, some guy [that's how good my memory is ;) ] took M$ to court over the name Internet Explorer. He proved he had used the name Internet Explorer before they did, but Microsoft won because their browser isn't Internet Explorer, it's MICROSOFT Internet Explorer. As long as they preface it with Microsoft, it's not the poor guy's word. Same with Excel, I believe. Likewise, this isn't SSH, it's Openssh. Anyway, I have to go, Matthew Broderick is suing me for having the same first name.

goat.secsh ?

[Pogue+Mahone]

'nuff said.
--