Slashdot Mirror
Secure Shell Will Remain 'SSH'
cdlu sent in a follow-up to the SSH dispute - the IETF has rejected a request from SSH, the company, to change the name of SSH, the protocol. This will save a lot of people from typing 'ln -s /usr/bin/secsh /usr/bin/ssh'.
This just in:
Tatu Ylonnen was overheard after the decision saying "Oh sshit."
-Chris
...More Powerful than Otto Preminger...
>"I'm very disappointed," Ylonnen said after the meeting. "What will I do next? Consult my lawyers." That's sad. Does that mean that we really cannot live without these paras^H^H^H^Hlawyers? How come that such a simple, reasonable request, clothed in polite terms, was rejected? Next will come the lawyers. They'll loose, of course (IANAL, so actual milage may vary), but it'll cost money and nervces, ultimately only feeding the vultures. Personally, that doesn't make the sun shine on my day. I thought this kind of thing only happened with large companies, not the OS community... (PS: No, I'm not affiliated. No, ultimately I don't care. I just don't like seeing lawyers whereever I turn)
---
"What, I need a *reason* for everything?" -- Calvin
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
IETF sued for trademark infringement.
I wonder if International Paper have a trademark on their initials?
--
Whew! I can't tell you how much that relieves me.
+5:offtopic,but anti-American
Under the normal run of things my opinion would be: "good, screw the company that wants to trademark the name of an open protocol". But this is a little different. He WROTE the damn thing, then gave it away. I don't think keeping the name is too much to ask. Especially considering how widespread this product has become. Do you know any sysadmins who don't use it??
Where's my lobbyist? Right here.
Additionally, SSH Communications Security has no desire to cause any inconvenience to users or developers who have been accustomed to using the "ssh" command name with our products. Accordingly, we will provide, free of charge, a trademark license to use the term "ssh" as a command name with proper attribution. It is the use of the ssh® trademark in product names or in ways otherwise likely to cause confusion and infringe the ssh® trademark that the company desires to prevent.
Can we not just use the name SSH and simply acknowledge the trademark (in the same way as e.g. Unix) ?
Consider, an old Windows TCP/IP stack vendor was FTP Software. What if they decided to assert trademark status on the FTP protocol?
I think that SSH (the company, not the protocol) should do some marketing. Maybe they can call their product "SSH Classic" or "New SSH" (just like a beverage.).
Actually, the whole thing about trademarking the protocol name is just silly.
--
"May I have ten thousand marbles, please?"
They decided not to change the usage of the word SSH as the name of the protocol. What OpenSSH decides to call its binaries is an entirely different decision that the IETF has nothing to do with.
For the record, the decision in the room was somewhat split, leaning about 2:1 towards not changing the name. It's still unclear if the name will be trademarked in the documents, which was the second (replaced?) request made to the IETF secure shell working group.
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
This actually introduces a new party into the mix over SSH. The previous todo was with OpenSSH, and now that the IETF (the people that work on networking standards) have said that they refuse to change SSH to anything else means that there's now two parties involved if a court case could result (And I suspect there will be, though we know who's going to lose it from the start...)
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Oh yes. Europe is such a hell-hole, and the US is so perfect.
So tell me, how does letting SSH (the company) suing to prevent the use of the term SSH (as a protocol, as part of the openSSH implementation, etc.) equate to letting the market figure it out?
SSH was NOT just trying to make an honest buck--they were trying to use market restricting laws to unfairly quash (what has developed into) their competition.
How free market, Ayn Rand is that?
And for that matter, what's wrong with socialism?
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
He could win. Several months ago (and I don't have time to find the link) a domain name had to be given up by its holder even though the ICANN arbitration held that he didn't. The person who wanted the name just sued in US court for trademark infringement, and won. You see, the IETF decisions are not binding in the courts. So Ylonnen could sue for trademark infringement. If he won, it would not matter what the IETF said.
Best Slashdot Co
From http://www.ssh.com/legal/trademarks/
---
The ssh® trademark is a significant asset of SSH Communications Security, and the company strives to protect its valuable rights in the SSH brand. SSH Communications Security has invested substantial resources in its ssh® mark, such that its customers have come to recognize that the mark represents SSH Communications Security as the source of the high quality products offered under this brand. This resulting goodwill is vital to SSH Communications Security.
The SSH Secure Shell remote login product was created in 1995 by Tatu Ylönen, CTO and chairman of the company. Free versions of the Secure Shell remote login software have been distributed under the SSH brand since 1995. The latest version, ssh-2.4.0, is free for any use on the Linux, FreeBSD, NetBSD, and OpenBSD operating systems, as well as for universities and charity organizations, and for personal, hobby, and recreational use by individuals.
Confusion has become widespread with respect to OpenSSH and its origin. OpenSSH is not a product of, and the OpenSSH group is not, in any way, related to, the SSH Communications Security company.
The use of the SSH trademark by members of OpenBSD in the OpenSSH project name, products and associated merchandising violates the company's intellectual property rights, and is causing the company, its customers, and its products considerable financial and other damages. The company has requested the OpenSSH group to change the OpenSSH name so as not to infringe on the ssh® trademark, and to prevent further confusion in the industry.
Similarly, the company is requesting other unauthorized users of the ssh® mark to refrain from infringing our valuable intellectual property rights.
The company fully supports the IETF Secure Shell working group in its standardization efforts. Any developer may implement the IETF Secure Shell working group standard without requiring any special licenses from the SSH company. SSH Communications Security has always and will continue to support the efforts of all acknowledged standards bodies and the open development of Internet security products, especially for non-profit, education and personal use.
Recognizing that the phrase "Secure Shell" is well-known within the community to describe the secure remote login protocol developed by Ylönen and SSH Communications Security, SSH has decided to abandon its trademark application for the name "Secure Shell" and dedicate it to public use. When developing and offering products implementing the Secure Shell remote login protocol, developers and integrators may use these words in product names, descriptions, etc., if they wish, without further designation.
Additionally, SSH Communications Security has no desire to cause any inconvenience to users or developers who have been accustomed to using the "ssh" command name with our products. Accordingly, we will provide, free of charge, a trademark license to use the term "ssh" as a command name with proper attribution. It is the use of the ssh® trademark in product names or in ways otherwise likely to cause confusion and infringe the ssh® trademark that the company desires to prevent.
All of SSH's products are marketed under the SSH brand name. SSH has become a widely known global brand to identify the company and the origin, quality and security associated with its offerings.
SSH provides trademark guidelines (PDF, 96 kb) regarding usage and attribution.
For more information on SSH trademarks, please refer to our Q&A document.
---
Anyway, it sounds to me like he wrote the program years back, then kept the name because it got into such widespread use. Now, they want to be distinguishable. Bunk. If I went and formed a company called "telnet industries" then there is no way I'd be able to get the protocol name changed.
If they didn't want the confusion regarding names, then they shouldn't have named their company after an existing product/protocol. And he can't claim he didn't know about it either, he wrote the damn thing in the first place!
Good for the IETF!
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I know that we here as /. are against all things related to intellectual property, but perhaps its time to look at the other side. Trademarks (in the US) are *NOT* designed to protect companies... they are designed to protect consumers. What you say ? They exist (primarily) so that consumers know where a product actually came from. Tatu has been *VERY* liberal in his offer to allow usage of ssh (if he had been granted a trademark) and all he (seems) to have been concerned about is persons NOT his customers believing that they were. This is NOT a Bad Thing (tm). Trademarks and Trademark law DO serve a useful purpose in our society, and its sad that this community has its typical knee jerk reaction.
-- Rich
Free your mind and your Ass will follow -- George Clinton
It's got nothing to do with any American corporations. Ylonen's company is 'SSH Communications of Finland'.
The fact is that only after several years of use by the public-at-large is he trying to defend his trademark. It's too late and the IETF made the right decision. Whether it's overturned by the courts remains to be seen.
In his original license he said that if someone modified his code and it was compatible with the original, it HAD to be called ssh. The others are still compatible with his code and based on it..so they are just doing what he originally asked.
"I'm very disappointed," Ylonnen said after the meeting. "What will I do next? Consult my lawyers."
I hope his lawyers have a little more common sense than he seems to display - after all the protocol has been named for longer than SSH Communications Security has held the trademark there should be no legal reason why the standard should be renamed.
Matt Thompson - Actuality - Insert product here.
It's too much to ask simply because he already gave it away. He already let it become popular and common, and a protocol spec, and NOW he's trying to backpedal a couple years of computing and enforce trademark. The name means what it means because of what it is, not simply because of his product, that's the issue.
Somehow this reminds me of the patents problem. It seems that open source developers care more about the technology than about politics, which is quite understandable. So for patents there are institutions coming who help OSS people, but how about names, and other political stuff? The FSF and ASF have some lawyers people I guess, but who can a simple, small open source team talk to if someone wants to "steal" their name?
This sig is stolen from someone who had a much better idea than I had.
But then again, Slashdot trolls have a history preferring legalistic control by fascistic governmental regulations. They should let the market sort it out. This sort of intervention is what make America such a hell hole these days with rampant regulations and diseased lawyers everywhere.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
Amigori
-------------
Patents and trademarks are a double-edged sword.
"The quality of life is determined by its activites."--Aristotle
Which American crypto companies operate in Finland? I live in Finland and I can't think of one.
SSH is founded by a finn (Tatu Ylönen) and it is stationed here. It may have offices elsewhere but it's a finnish company. F-Secure is a finnish company and is stationed here, but it too may have offices elsewhere. It's still a 100% finnish company.
While Tatu may have intended to keep his Trademark from public use, the fact of the matter is, like many popular brand names, it's become a generic term. You don't see the Trademark Police descending on little Mom&Pop sandwich stores in Tennessee when a conversation like this happens:
This space for rent. Call 1-800-STEAK4U
Q: Many programs today use "ssh" as a command name in competitive and freeware products. Does SSH intend to require programmers to rewrite their programs to eliminate this naming convention?
A: No. SSH has no desire to cause any inconvenience to users or developers who have been accustomed to using the "ssh" command name with our products. Accordingly, we will provide, free of charge, a trademark license to use the command name "ssh" with proper attribution.
From what I've seen (IANAL), "proper attribution" means you have to say "ssh was made by these guys, not us" when you decide to roll your own. Their real beef seems to be with companies putting SSL in their names, and as part of their corporate identities. Look at the chip market; how funny would it be if AMD were called BetterIntel, or Intellium, or ByeByeIntel? OK, the Intel thing is slightly off-topic, but I think my point is clear.
I would see two possible barriers to an attempt to recapture the use of the SSH trademark.
The first is that it appears that the trademark holder gave an explicit license to use the term SSH for independent implementations of the software.
The evidence for this includes (1) the original program documentation and (2) the IP submission to the IETF
The other track would be dilution. SSH communications did not take steps to protect their trademark. In fact they took positive steps to encourage the use of the name 'ssh' as a generic term to refer to a secure shell. These steps included submitting standards proposals to the IETF that used the name SSH.
The purpose of the dilution clause in trademark law is expressly to prevent companies from locking competitors out of a market by first encouraging them to use a term, then restricting its use. The problem with the SSH corp behavior is that it appears to fit exactly that pattern.
That is not to say that the SSH folk were necessarily doing anything calculated in advance. The project started off as an open source hobbyist type hack. Then it became an income for the developer, then a company. Problem with a company is that you have to meet payroll each month, you have responsibilities to your employees and shareholders.
The lesson for open source projects is that they need to be careful anout the names they use and make sure they establish their own brand independent of the 'open' generic brand.
These issues were almost certainly raised at the IETF meeting and the IETF hs no shortage of competent legal advice when it needs it. If the SSH people wanted to make a fight of it then they would have to go to the IESG in any case.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Look at the chip market; how funny would it be if AMD were called BetterIntel, or Intellium, or ByeByeIntel?
How funny would it be if AMD were called "FastX86"? How funny would it still be if Intel sued them for it?
How Sean Connery says "Sex"?
Could the little Windows key work in a pinch?
There's a lot more to this argument then a name change. I wish it would be that easy. Unfortunately it has a sort of domino effect to many other things as well. I'm not incredulous enough to believe that people would work past the name change but I do think that he should have thought about this years ago.
LiNT
I must be living in the dark but until recently I though SSH was ONLY a protocol. There is a company called SSH, that is news to me.
They should change their name like Helix Code had to do. I have a suggestion... FrogSSHit. I won't sue, I promise! Hey they could even get frogsshit.com. It is avaliable.
Is it just me, or are there a lot of stories lately with the theme of ...
We'll {Trademark,Patent,etc} it secretly and encourage widespread acceptance, then when the name/usage is commonplace we'll start to enforce our {Trademark,Patent,etc} and take over the world.
Are They All Mad!
<sigh>
I wonder about the legality of all of this. Isn't it the case that if you don't enforce patents or trademarks that they become void. What were they living in their mothers basement all of this time? Participating in cryogenic freezing experiments. Excessing earwax buildup?
But that's the way free markets work. It's time for Tatu Ylonnen to accept the fact that he's losing control and market share of SSH. The way to gain that back is with new and better products, not a sackful of lawyers.
His trademark arguments have some merit, but hassling free software authors any further can only result in bad relations between SSH, Inc. and the rest of the *nix world, which should instead be courted as potential customers.
--
314-15-9265
I'm in a similar situation. My "Nagle algorithm", developed under DoD contract in the 1980s, is in every mainstream TCP stack in the world and in almost every machine on the net. But I wouldn't try to use a trademark on that. It was released to the public via an RFC approved by the IETF, and now anyone can use it. That's fine with me.
John Nagle
It is interesting to see two moments in this case. First it is how ssh came into life. As far as I remember Ylonen started things much as freelancer. It seems that some of the very first ssh's were even licensed in a BSD form. But later, on version 2, Ylonen opened a company, changed the license to more restrictive terms and started a process that became what we see.
However, it is interesting to note how this process started to become a scandal. For some time, since version 2.1, ssh has been plagued by several bugs. Only 2.4 seems to be realtively free of them, but still it doesn't work too good. This series of problems coincide with the moment when Ylonen started to push ssh as SSH(TM) and restricted some aspects of the license even more.
Frankly it's a pitty. I think that OpenSSH is more weak that the traditional one. Sincerly I do prefer Ylonen's ssh, even in cases when it's uite buggy. OpenSSH has a lot of drawbacks in performance and stability.
However the growing path of bugs and this (TM) hype forces us to think if we really want to continue to use it. Two years ago a bug was solved in hours. Today SSH and whoever is inside of it, take nearly half a month to solve it. If this trend continues, then we surely will go for an option: OpenSSH. And all these (TM)s, (R)s and hype will be of less importance.