Slashdot Mirror
Secure Shell Will Remain 'SSH'
cdlu sent in a follow-up to the SSH dispute - the IETF has rejected a request from SSH, the company, to change the name of SSH, the protocol. This will save a lot of people from typing 'ln -s /usr/bin/secsh /usr/bin/ssh'.
It's nice to see common sense prevail over corporate stupidity.
Nice too for the folks at OpenSSH who did nothing wrong in basing their product after the name of the protocol and shouldn't have to suffer.
--
Delphis
Delphis
This just in:
Tatu Ylonnen was overheard after the decision saying "Oh sshit."
-Chris
...More Powerful than Otto Preminger...
>"I'm very disappointed," Ylonnen said after the meeting. "What will I do next? Consult my lawyers." That's sad. Does that mean that we really cannot live without these paras^H^H^H^Hlawyers? How come that such a simple, reasonable request, clothed in polite terms, was rejected? Next will come the lawyers. They'll loose, of course (IANAL, so actual milage may vary), but it'll cost money and nervces, ultimately only feeding the vultures. Personally, that doesn't make the sun shine on my day. I thought this kind of thing only happened with large companies, not the OS community... (PS: No, I'm not affiliated. No, ultimately I don't care. I just don't like seeing lawyers whereever I turn)
---
"What, I need a *reason* for everything?" -- Calvin
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
IETF sued for trademark infringement.
I wonder if International Paper have a trademark on their initials?
--
Nothing to see here, move along now.
The original ssh author should have been more cautious with the ssh name from the beggining, not after all the many years of typing ssh. At the minimum, it seemed to me like a very bad move (at least in terms of opensource reputation).
And we're all reprieved from goat.secsh ;-)
Every bloody emperor has his hand up history's skirt [Peter Hammill/VdGG]
michael, you forgot about /usr/bin/secshd /usr/bin/sshd'!
'ln -s
i was angry:1 with:2 my:4 friend - i told:3 4 wrath:5, 4 5 did end.
i was angry:1 with:2 my:4 friend - i told:3 4 wrath:5, 4 5 did end.
i was 1 2 4 foe i 3 it not 4 5 did grow
Whew! I can't tell you how much that relieves me.
+5:offtopic,but anti-American
Under the normal run of things my opinion would be: "good, screw the company that wants to trademark the name of an open protocol". But this is a little different. He WROTE the damn thing, then gave it away. I don't think keeping the name is too much to ask. Especially considering how widespread this product has become. Do you know any sysadmins who don't use it??
Where's my lobbyist? Right here.
Once more a large international entity totally ignores the rights of a small corporation from a small country.
If the owner of SSH trademark were bigger and from the U.S.A. a decision like this would have been completely out of the question.
Additionally, SSH Communications Security has no desire to cause any inconvenience to users or developers who have been accustomed to using the "ssh" command name with our products. Accordingly, we will provide, free of charge, a trademark license to use the term "ssh" as a command name with proper attribution. It is the use of the ssh® trademark in product names or in ways otherwise likely to cause confusion and infringe the ssh® trademark that the company desires to prevent.
Can we not just use the name SSH and simply acknowledge the trademark (in the same way as e.g. Unix) ?
Consider, an old Windows TCP/IP stack vendor was FTP Software. What if they decided to assert trademark status on the FTP protocol?
I think that SSH (the company, not the protocol) should do some marketing. Maybe they can call their product "SSH Classic" or "New SSH" (just like a beverage.).
Actually, the whole thing about trademarking the protocol name is just silly.
--
"May I have ten thousand marbles, please?"
They decided not to change the usage of the word SSH as the name of the protocol. What OpenSSH decides to call its binaries is an entirely different decision that the IETF has nothing to do with.
For the record, the decision in the room was somewhat split, leaning about 2:1 towards not changing the name. It's still unclear if the name will be trademarked in the documents, which was the second (replaced?) request made to the IETF secure shell working group.
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
This actually introduces a new party into the mix over SSH. The previous todo was with OpenSSH, and now that the IETF (the people that work on networking standards) have said that they refuse to change SSH to anything else means that there's now two parties involved if a court case could result (And I suspect there will be, though we know who's going to lose it from the start...)
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Oh yes. Europe is such a hell-hole, and the US is so perfect.
So tell me, how does letting SSH (the company) suing to prevent the use of the term SSH (as a protocol, as part of the openSSH implementation, etc.) equate to letting the market figure it out?
SSH was NOT just trying to make an honest buck--they were trying to use market restricting laws to unfairly quash (what has developed into) their competition.
How free market, Ayn Rand is that?
And for that matter, what's wrong with socialism?
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
My point exactly. ;D
Start trademarking protocol names and soon you can't write a whole sentence without
He could win. Several months ago (and I don't have time to find the link) a domain name had to be given up by its holder even though the ICANN arbitration held that he didn't. The person who wanted the name just sued in US court for trademark infringement, and won. You see, the IETF decisions are not binding in the courts. So Ylonnen could sue for trademark infringement. If he won, it would not matter what the IETF said.
Best Slashdot Co
Slashdot policy: Ontopic, Reconciling, Appropriate, Legal, or Inoffensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
From http://www.ssh.com/legal/trademarks/
---
The ssh® trademark is a significant asset of SSH Communications Security, and the company strives to protect its valuable rights in the SSH brand. SSH Communications Security has invested substantial resources in its ssh® mark, such that its customers have come to recognize that the mark represents SSH Communications Security as the source of the high quality products offered under this brand. This resulting goodwill is vital to SSH Communications Security.
The SSH Secure Shell remote login product was created in 1995 by Tatu Ylönen, CTO and chairman of the company. Free versions of the Secure Shell remote login software have been distributed under the SSH brand since 1995. The latest version, ssh-2.4.0, is free for any use on the Linux, FreeBSD, NetBSD, and OpenBSD operating systems, as well as for universities and charity organizations, and for personal, hobby, and recreational use by individuals.
Confusion has become widespread with respect to OpenSSH and its origin. OpenSSH is not a product of, and the OpenSSH group is not, in any way, related to, the SSH Communications Security company.
The use of the SSH trademark by members of OpenBSD in the OpenSSH project name, products and associated merchandising violates the company's intellectual property rights, and is causing the company, its customers, and its products considerable financial and other damages. The company has requested the OpenSSH group to change the OpenSSH name so as not to infringe on the ssh® trademark, and to prevent further confusion in the industry.
Similarly, the company is requesting other unauthorized users of the ssh® mark to refrain from infringing our valuable intellectual property rights.
The company fully supports the IETF Secure Shell working group in its standardization efforts. Any developer may implement the IETF Secure Shell working group standard without requiring any special licenses from the SSH company. SSH Communications Security has always and will continue to support the efforts of all acknowledged standards bodies and the open development of Internet security products, especially for non-profit, education and personal use.
Recognizing that the phrase "Secure Shell" is well-known within the community to describe the secure remote login protocol developed by Ylönen and SSH Communications Security, SSH has decided to abandon its trademark application for the name "Secure Shell" and dedicate it to public use. When developing and offering products implementing the Secure Shell remote login protocol, developers and integrators may use these words in product names, descriptions, etc., if they wish, without further designation.
Additionally, SSH Communications Security has no desire to cause any inconvenience to users or developers who have been accustomed to using the "ssh" command name with our products. Accordingly, we will provide, free of charge, a trademark license to use the term "ssh" as a command name with proper attribution. It is the use of the ssh® trademark in product names or in ways otherwise likely to cause confusion and infringe the ssh® trademark that the company desires to prevent.
All of SSH's products are marketed under the SSH brand name. SSH has become a widely known global brand to identify the company and the origin, quality and security associated with its offerings.
SSH provides trademark guidelines (PDF, 96 kb) regarding usage and attribution.
For more information on SSH trademarks, please refer to our Q&A document.
---
Anyway, it sounds to me like he wrote the program years back, then kept the name because it got into such widespread use. Now, they want to be distinguishable. Bunk. If I went and formed a company called "telnet industries" then there is no way I'd be able to get the protocol name changed.
If they didn't want the confusion regarding names, then they shouldn't have named their company after an existing product/protocol. And he can't claim he didn't know about it either, he wrote the damn thing in the first place!
Good for the IETF!
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
" 'I'm very disappointed,' Ylonnen said after the meeting. 'What will I do next? Consult my lawyers.' "
Is this what Open Source is coming to?
---Any philosophy that can be put "in a nutshell" belongs there.---
I know that we here as /. are against all things related to intellectual property, but perhaps its time to look at the other side. Trademarks (in the US) are *NOT* designed to protect companies... they are designed to protect consumers. What you say ? They exist (primarily) so that consumers know where a product actually came from. Tatu has been *VERY* liberal in his offer to allow usage of ssh (if he had been granted a trademark) and all he (seems) to have been concerned about is persons NOT his customers believing that they were. This is NOT a Bad Thing (tm). Trademarks and Trademark law DO serve a useful purpose in our society, and its sad that this community has its typical knee jerk reaction.
-- Rich
Free your mind and your Ass will follow -- George Clinton
It's got nothing to do with any American corporations. Ylonen's company is 'SSH Communications of Finland'.
The fact is that only after several years of use by the public-at-large is he trying to defend his trademark. It's too late and the IETF made the right decision. Whether it's overturned by the courts remains to be seen.
He expressly gave the right for all to use ssh in his original headers many years ago.
I wish he didn't desire to withdraw that now, as he's done a great job for all of us.
At least the publicity, even in loosing, lets everybody know who started this and who sells it commercially.
When I die, please cast my ashes upon Bill Gates -- for once, make him clean up after me!
In his original license he said that if someone modified his code and it was compatible with the original, it HAD to be called ssh. The others are still compatible with his code and based on it..so they are just doing what he originally asked.
It's too much to ask simply because he already gave it away. He already let it become popular and common, and a protocol spec, and NOW he's trying to backpedal a couple years of computing and enforce trademark. The name means what it means because of what it is, not simply because of his product, that's the issue.
are ignorami that can't spell.
I still don't see how someone can confuse SSH with OpenSSH. There are OS versions of everything these days. It's not like OSSH is called S-SH or SSHOpen, which would be confusing. It's OpenFuckinSSH. Wait a sec, maybe I'm on to something there... :P
BOSTON SUCKS!
They invented, programmed, and gave away for free SSH. Now they want to sell enhanced versions, meanwhile, the IETF thinks their invention is so good it should be an Internet standard. SSH has had a trademark on their company name for some time. Now IETF comes in and says that they're going to call the standard the same thing as the product. The SSH people get mad, and for good reason -- they have something to sell using their hard-earned (and well-earned) brand, and the IETF wants to make it a generic term. Well, I hope they take the IETF to court and win for being such jackasses.
While I can see where he's coming from, there is a price to pay for aggresively putting your name out to the public. I can't tell you how many times I've seen signs on buildings saying "No Roller Blades", and wondered why any other brand of inline skates were not prohibited. The problem is that SSH has become a generic term. If they were really intrested in protecting it, they prolly should have been more worried a while back.
I'd look at is as a new PR spin. Like saying "We're the real SSH." or maybe "Aren't your servers important enough to to use the original SSH?", or better yet, set yourself apart from the others with a better product, rather than just a name... there's a concept!
So they were using a commonly-used term in their title. No problem there. They just couldn't then go back and try and trademark "ftp". "FTP software", that's trademarkable.
In this case, the person who started using the acronym, as I understand, LATER decided to trademark it... Making it much muddier than your example, but I think its too late to undo the "commonly-used" of ssh.
Addison
Somehow this reminds me of the patents problem. It seems that open source developers care more about the technology than about politics, which is quite understandable. So for patents there are institutions coming who help OSS people, but how about names, and other political stuff? The FSF and ASF have some lawyers people I guess, but who can a simple, small open source team talk to if someone wants to "steal" their name?
This sig is stolen from someone who had a much better idea than I had.
But then again, Slashdot trolls have a history preferring legalistic control by fascistic governmental regulations. They should let the market sort it out. This sort of intervention is what make America such a hell hole these days with rampant regulations and diseased lawyers everywhere.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
Amigori
-------------
Patents and trademarks are a double-edged sword.
"The quality of life is determined by its activites."--Aristotle
Which American crypto companies operate in Finland? I live in Finland and I can't think of one.
SSH is founded by a finn (Tatu Ylönen) and it is stationed here. It may have offices elsewhere but it's a finnish company. F-Secure is a finnish company and is stationed here, but it too may have offices elsewhere. It's still a 100% finnish company.
While Tatu may have intended to keep his Trademark from public use, the fact of the matter is, like many popular brand names, it's become a generic term. You don't see the Trademark Police descending on little Mom&Pop sandwich stores in Tennessee when a conversation like this happens:
This space for rent. Call 1-800-STEAK4U
Sweet jeebus /.ers love to whine. I'm sorry, y'all. I can be as hardcore a free software advocate as you'll find and in general I think patents and trademarks are bad things. In this case, though, it's not like he's threatening to try and revoke all licencing privledges to any ssh related code (which of course, he can't, but stuipider things have been done by big corporations). He wants a name change so that, god forbid, he *may* make some money.
/bin/newname /bin/ssh". I just can't take it. Most of us probly have 19 shell scripts on our boxen whose sole purpose it is to save us from typing out full commands (i.e. "sc.sh" which reads "cd /windows/games/Starcraft;sudo wine starcraft.exe").
/. fanatics, but I say fucking relax and let a man have a few bucks for a product which everyone with a brain uses and loves.
Oh, the inconveniece of typing once "ln -s
I seem to be alone on this among fellow
-k
Q: Many programs today use "ssh" as a command name in competitive and freeware products. Does SSH intend to require programmers to rewrite their programs to eliminate this naming convention?
A: No. SSH has no desire to cause any inconvenience to users or developers who have been accustomed to using the "ssh" command name with our products. Accordingly, we will provide, free of charge, a trademark license to use the command name "ssh" with proper attribution.
From what I've seen (IANAL), "proper attribution" means you have to say "ssh was made by these guys, not us" when you decide to roll your own. Their real beef seems to be with companies putting SSL in their names, and as part of their corporate identities. Look at the chip market; how funny would it be if AMD were called BetterIntel, or Intellium, or ByeByeIntel? OK, the Intel thing is slightly off-topic, but I think my point is clear.
I would see two possible barriers to an attempt to recapture the use of the SSH trademark.
The first is that it appears that the trademark holder gave an explicit license to use the term SSH for independent implementations of the software.
The evidence for this includes (1) the original program documentation and (2) the IP submission to the IETF
The other track would be dilution. SSH communications did not take steps to protect their trademark. In fact they took positive steps to encourage the use of the name 'ssh' as a generic term to refer to a secure shell. These steps included submitting standards proposals to the IETF that used the name SSH.
The purpose of the dilution clause in trademark law is expressly to prevent companies from locking competitors out of a market by first encouraging them to use a term, then restricting its use. The problem with the SSH corp behavior is that it appears to fit exactly that pattern.
That is not to say that the SSH folk were necessarily doing anything calculated in advance. The project started off as an open source hobbyist type hack. Then it became an income for the developer, then a company. Problem with a company is that you have to meet payroll each month, you have responsibilities to your employees and shareholders.
The lesson for open source projects is that they need to be careful anout the names they use and make sure they establish their own brand independent of the 'open' generic brand.
These issues were almost certainly raised at the IETF meeting and the IETF hs no shortage of competent legal advice when it needs it. If the SSH people wanted to make a fight of it then they would have to go to the IESG in any case.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
P as in previous!
In his original license he clearly states that you may make derivatives of ssh and use the 'ssh' name. Later he changed it and registered the trademark.
So anybody who is using the sourcecode distributed with the old license may use the name ssh. So it is not a reasonable request
Jeroen
Secure messaging: http://quickmsg.vreeken.net/
If you've followed the case, you'll know that the command name was to remain ssh. Only the protocol was to be changed.
So no symlinking would have been necessary anyway.
- mipe -
- A.P.
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Look at the chip market; how funny would it be if AMD were called BetterIntel, or Intellium, or ByeByeIntel?
How funny would it be if AMD were called "FastX86"? How funny would it still be if Intel sued them for it?
Please use relative symlinks! i.e. "ln -s secsh /usr/bin/ssh" This way your links do not break if you mount that filesystem elsewhere, or if you move that directory (though not too likely to happen in the case of /usr/bin). The same reasoning is why you should use relative links in html.
How Sean Connery says "Sex"?
and then see what happens to your ksh / csh scripts.
Two wrongs may not make a right, but three
The "FTP" in "FTP Software" did not stand for "file transfer protocol." It stood for "Fun That Pays." (Seriously.)
News for Nerds. Stuff that Matters? Like hell.
I must be living in the dark but until recently I though SSH was ONLY a protocol. There is a company called SSH, that is news to me.
They should change their name like Helix Code had to do. I have a suggestion... FrogSSHit. I won't sue, I promise! Hey they could even get frogsshit.com. It is avaliable.
Lets say, for example, that IETF changes the name of the ssh protocol. Then why would it have to change it to secsh or some other name where you can find 'sec' as a substring? Why not just add a 'secure' term to the original rsh? Lets say srsh as Secure Remote Shell. After all, ssh was a replacement of rsh. And srsh is easier to type form keyboard than secsh. :)
What you say ? They exist (primarily) so that consumers know where a product actually came from
Seems reasonable when implemented on a reasonable level. But is owning three letters of the alphabet reasonable?
I own part of a company that uses three letters to abbreviate its name (I'll use ARC as an example). My attorneys have made it very clear to us that we can only reasonably protect ARC when used within our uniquely designed logo. If someone else uses ARC in that logo, they're in violation of our trademark.
What I cannot protect is:
- someone else using only the letters ARC in their business or product names
- someone else using ARC within a business or product name (e.g. Sparcstation - even if Sun chose to spell it SpARCstation, I have no claim)
Likewise, my product name trademarks are for specific categories. There is another company using the exact same product name that we have TM'ed to make a brand of space heaters. They own it in their class, we own it in our class.
I'd have to believe that unless someone at the USPTO was on LSD when they gave away three letters of our alphabet, Ylonnen's attorneys have a weak claim unless they can demonstrate that the mark (not the letters) was infringed upon. (How many "ABC" companies do you see out there? Does American Broadcasting Company go after them? What about all the kids games that say "ABC" on the cover? Trademark infringement for use of the same three letters in the same sequence? Not!)
Incidentally, I have put the SSH company on my list of banned vendors at our company. Any vendor that's willing to lie and cheat the IETF and Internet community is likely to do the same to me.
*scoove*
IANAL, but I've put many of their kids through college.
But that's the way free markets work. It's time for Tatu Ylonnen to accept the fact that he's losing control and market share of SSH. The way to gain that back is with new and better products, not a sackful of lawyers.
His trademark arguments have some merit, but hassling free software authors any further can only result in bad relations between SSH, Inc. and the rest of the *nix world, which should instead be courted as potential customers.
--
314-15-9265
As a kind of outsider (MVS, not Unix, security), it seems to me that SSH Communications Security Corp. of Finland is causing more confusion among consumers by using a well-established protocol and command name as part of its company name and as part of the names of other products that don't (cmiiw!) use the secure shell protocol.
American Biometric Company Inc. changed its name to Ankari Inc. to emphasize that it doesn't offer just biometric products. Maybe SSH ... Corp. should change its name to emphasize that it offers many more products than just SSH(R) Secure Shell(TM). TietoliikenneTurva, maybe. (Anyone who actually speaks Finnish care to help me out here?) (It's about as meaningful to the rest of us as Ankari.)
And for that matter, maybe it should change the name of its ssh product as well: TT-SSH?
This might reflect better on Tatu...
Bayer tried to protect its trademark on "aspirin" too late in the U.S.
Not exactly. Bayer used to own trademarks on ASPIRIN® and HEROIN® but lost them in the Treaty of Versailles in 1919.
In Europe, it's still in vigor (in several forms -- Aspirin, Aspirina, etc.), making it harder for the competition, which must bill themselves as acetylsalicylic acid....
Here's a map showing places where Bayer still owns the ASPIRIN® trademark.
--If I were designing an operating system, I would set the Epoch as January 1, 1923. (Read More...)
Will I retire or break 10K?
I'm in a similar situation. My "Nagle algorithm", developed under DoD contract in the 1980s, is in every mainstream TCP stack in the world and in almost every machine on the net. But I wouldn't try to use a trademark on that. It was released to the public via an RFC approved by the IETF, and now anyone can use it. That's fine with me.
John Nagle
I find it pretty annoying actually. I live in South Africa, we didn't have Pepsi here for about a decade because they left to show their disapproval of apartheid. (Of course, they've since tried to make a comeback here, but have failed. The irony of this is that although they left to show support for the cause of the south african black man, the south african black man now drinks Coke).
Aanyway, I was in London last year, and I felt like a Coke, so I walked into a KFC. I only saw a Pepsi machine, so I wasn't sure if they had Coke, so I asked the girl behind the counter "Do you have Coke?". "Yes". "Are you sure have *Coke*?". "Yes". "I'll have a *coke* please". She proceeds to fill me a cup of Pepsi. I was pretty pissed.
I was flying back from Germany last year too, and I asked the hostess on Air France for a Coke. She gives me a Pepsi. AAARGH!!
This idea that Pepsi can be called Coke is quite unusual to me.
It is interesting to see two moments in this case. First it is how ssh came into life. As far as I remember Ylonen started things much as freelancer. It seems that some of the very first ssh's were even licensed in a BSD form. But later, on version 2, Ylonen opened a company, changed the license to more restrictive terms and started a process that became what we see.
However, it is interesting to note how this process started to become a scandal. For some time, since version 2.1, ssh has been plagued by several bugs. Only 2.4 seems to be realtively free of them, but still it doesn't work too good. This series of problems coincide with the moment when Ylonen started to push ssh as SSH(TM) and restricted some aspects of the license even more.
Frankly it's a pitty. I think that OpenSSH is more weak that the traditional one. Sincerly I do prefer Ylonen's ssh, even in cases when it's uite buggy. OpenSSH has a lot of drawbacks in performance and stability.
However the growing path of bugs and this (TM) hype forces us to think if we really want to continue to use it. Two years ago a bug was solved in hours. Today SSH and whoever is inside of it, take nearly half a month to solve it. If this trend continues, then we surely will go for an option: OpenSSH. And all these (TM)s, (R)s and hype will be of less importance.
Why would anyone type 'ln -s /usr/bin/secsh /usr/bin/ssh' when you could just type 'ln -s /usr/bin/s{ec,}sh'?
Why not call it what it is, slogin. As a secure replacement for rlogin/rsh, where rlogin is interactive, rsh used for non-interactive single commands, slogin/ssh always followed the same usage. I believe it was the lazy that preferred typing 3 letters as opposed to 6 that made 'ssh' take off as the default name, although to those such as myself that always use a hostname symbolic link, it doesn't really matter what the command is called. Call it slogin in /etc/services too, the original protocol was called login.
We tended to say things like "you guys" back when I lived in Michigan, but I always felt impolite saying that when the group I was addressing contained women (or consisted entirely of women).
My point is simply that "y'all" is not "a weird-ass thing southern people say", but something which helps communicate clearly and precisely --- something that helps you say what you mean...
... and, so that this isn't entirely off-topic, I would suggest that not renaming the SSH protocol was a good decision, simply because it would make efficient, precise communication about the protocol and the programs which use it unnecessarily difficult. Who cares how you set the link, the point is that it's just too late, the term is now part of the vernacular.
... just like "y'all" is, south of the Mason-Dixon line (and in some very small parts of Germany, meanwhile).
Well, since I had to step back 30 feet to get a look at your entire ass, I'd say the pants aren't what you need to worry about.
--
There is no sin except stupidity -- Oscar Wilde