Slashdot Log In
The ssh vs. OpenSSH Trademark Battle, Next Round
from the your-cooperation-is-appreciated-and-expected dept.
My favorite tidbit from the article is this: "[OpenBSD and OpenSSH Developer Theo] de Raadt cites U.S. trademark law that requires owners of trademarks to notify violators immediately ... de Raadt argues that Ylönen would have to be living under a rock not to be aware of OpenSSH before now. OpenSSH, released in December 1999 and in use before that, was used by more than 17% of all SSH users earlier this month, according to a study published on the University of Alberta Web site." Besides that, the story does a great job of listing other people whose products including "SSH" in their names have been left blissfully alone, making it seem that OpenSSH is getting what can only be called special treatment.
Of interest: here is a link to a page at openssh.com showing the legal papers received and scanned by members of the OpenSSH project, including the trademark application in question, showing an entirely lowercased "ssh" as the applied-for mark.
You think this is funny? (Score:2)
Re:What about trademarking other things like this? (Score:2)
I think its too late for that... the trademark has already been sufficiently diluted - I started using OpenSSH about 4 months ago, and I had never even heard of the company until this article.
Re:I like Theo, but that was the wrong thing to do (Score:2)
If you're not compatible, you can't use the name.
That doesn't mean you can use the registered mark. When that was done, there was no registered mark. The Mark is owned by a corporation (founded by this gentlemen, not that it's terribly relevant), and can't be appropriated without authorization.
For example, if I write some code, call my program Microsoft, and say in my license that you may use the name Microsoft in referring to my code, you aren't authorized to use it.
That is hardly a license to a Trademark issued two years after that was written.
The author of the original software asked you not to use the name ssh or Secure Shell if they are incompatible. That is a contractual agreement as part of a license.
The company is using the Trademark SSH to refer to their company and software. When you used that license, you contracted to not name is SSH if it is not compatible. That has NO bearing on the trademark.
Re:Et Tu Slashdot (Score:3)
If his permission to use "ssh" is revocable, arguably so are any other parts of his license -- including the permission to use the code in derivative works. Rolling over on the name could be used in court as evidence that the OpenSSH crew agreed that the license is revocable -- in which case he can next eliminate the whole OpenSSH project, whatever its name. Ooops...
Re:Compromise (Score:2)
Well, at least, it shouldn't work that way. Fraunhofer is doing the exact same thing with mp3. The problem is that there needs to be a distinct line drawn between specifications and products. You shouldn't be able to trademark a specification (such as the SSH protocol).
Question (Score:3)
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
What if it were Linux (Score:3)
Encrypted shell (esh)
trusted Shell (tsh)
secure telnet (stn) which btw, is more accurate, as it's not really a shell.
Get involved
FTP and FTQ too! (Score:2)
Re:Et Tu Slashdot (Score:2)
But this part of the law was created for exactly this case... when a trademark owner allows others to invest a large amount of time and/or money into an infringing mark without their knowledge of infringement, and then tries to pull the rug out from everyone at exactly the worst time.
--
SeSH? (Score:3)
The concept of trademarking an application name so close to a standard protocl name is, at best, silly. On the other hand, I don't think that it's worth starting a big fight over. There are far better things to put our energy/ time/ money into.
--
Re:Et Tu Slashdot (Score:2)
I sorta disagree. gcc was not named cc. gnutar was not named tar. They don't have to name their program ssh. RMS would say that they should do things as differently as possible, and provide a --traditional for inter-operability (Btw, I would love hearing what Theo would say if RMS tried to tell himn what to do
Sure gnuls would be ridiculous, so my example isn't worth much. Even apache is named httpd, so...
> By your standards F-Secure is diluting the ssh mark
Frankly, I don't know. I was just saying that *I* often confused ssh and openssh, and that *I* would have zero problem using asfkaos (A Shell Formelly Known As OpenSHH) as it would help me to stay away from ssh(tm) products.
OTOH, maybe you are right, and ssh corp should be told to f*ck themselves...
Cheers,
--fred
It's a suite of products, people! (Score:2)
"ssh" is a secure replacement for rsh, "slogin" is a secure replacement for rlogin, and "scp" for rcp.
rsh was for remote shell, ssh is for secure shell.
That's why, so if you think you're cool and are allowed to speak just because you popped a RedHat CD into your Packard Bell, please reformat, reload windows, and don't come back.
Thank you.
-Nev
He's being "nice", but... (Score:5)
O SSH [pdc.kth.se]
TTSSH [zip.com.au]
NiftySSH [lysator.liu.se]
MacSSH [macssh.com]
Java-SSH [cam.ac.uk]
TGssh [www.ai]
sshCE [movsoftware.com]
An OpenVSM project called just SSH [ohio-state.edu]
SSH-OS2 [nmsu.edu]
...
and, well, you get the point. He's just going after OpenSSH because they're beating him in the market. And not only does he have no legal leg to stand on, but he's being a real slime by only going after the successfull one. Theo would be right to tell hime where to stick his lawyers.
Re:What if it were Linux (Score:2)
he's done that. there was a story on slashdot a while ago about it, but it would be a horrendous pain in the ass about it. basically, linus has no problem with use of the lunix trademark as long as it's done in good faith. but when somebody registered a bunch of linux-related domain names so he could sell them, linus threatened action, and the guy backed down.
note: that's how i remember it. i could be on crack.
Last license I buy from SSH Inc. (Score:2)
opensource project with a very good stance on why it did and should continue to use the name OpenSSH. I was planning on rolling out SSH this summer to over 800 desktops/servers. I guess I will be DEFINATLY going with OpenSSH in light of these developments.
Re:Et Tu Slashdot (Score:2)
A name... (Score:4)
I like Theo, but that was the wrong thing to do... (Score:4)
Good job. We have now taken the position to the outside world of being total assholes.
The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.
Now, this is totally absurd.
He didn't bully, DON'T use that against him. The arguement that he didn't bring it up until confusion happened may be legally correct, but now sets the horrible precedent that Open Source groups will be as shady as possible, and if you give them an inch, they'll take a mile.
Notice something, the original license (if anything tells people not to be nice and release their source code, this is the example, that was hardly a license, more of a nice gesture) allowed you to call your application ssh.
That's irrelevant.
OpenSSH could be renamed, OpenSecSH, which would be an open implementation of the SecSH protocol, which is the name of the working group. The FILE could still be called ssh/sshd.
SAMBA couldn't call itself SMB, confusion reasons, but the applications use SMB (like, smbd).
However, you can be polite, compile as osecsh and osecshd and include a symlink (automatically, but prompted) for ssh and sshd, so if you have both implementations, you can decide which one you want.
However, if the Open Source community insists on fighting on the Trademark grounds, we're in the wrong.
You can dispute the merits of Software Patents.
You can dispute the merits of long copyright terms.
You can dispute the merits of copyrights in general.
You can't dispute the merits of Trademarks.
Trademarks are the only thing that prevents confusion in the marketplace. If people are confused and think that OpenSSH is from SSH, then there is a legitamate issue.
Also, I don't think you're going to win on the enforcement. One year or so is reasonable, given that OpenSSH has minimal press coverage, etc. I think that it would be EASY for SSH to show that they found out about it, saw a problem, and then asked them to fix it.
Theo, you're going to lose, and you're being a bastard. He hasn't demanded that you stop making a version of SSH, just that you not use his product name.
Theo, I'm an OpenBSD user. I love OpenBSD. I love OpenSSH. You're in the wrong here... VERY WRONG.
Alex
Et Tu Slashdot (Score:5)
Now it's open sources' turn. The right thing to do is honor the wishes of the guy who created SSH, the guy who made SSH available to you (albeit with a license you didn't like), and the guy who still tries to make a living from his hard work.
Give up the conflicting name. Not because you have to. Because it's the right thing to do.
Prompt nodification (Score:3)
-Moondog
Re:Et Tu Slashdot (Score:5)
He gave the name away, and now he regrets having done so. Well, too bad. OpenSSH used the name with the entirely justifiable understanding that this was allowed. They took nothing that had not been offered. They built a brand of their own, which the original author now wants to destroy since it is becoming competitive.
That's dirty pool.
Claim your namespace.
Compromise (Score:5)
If he doesn't want it to escalate, then he'd best compromise. I think that there's a broad feeling of indignance in the OpenSSH developer and user community that there's a "submarine trademark" (if I may put it that way) on something which we consider to be the name of a protocol. I think there's going to be a great reluctance to go ahead with a name change, because it would let the nose of the camel into the tent. What next -- remove all mention of "SSH" from the documentation?
If Ylönen demands no less than the removal of "SSH" from the project name, and OpenSSH isn't willing to do this, then he has the choice of either backing down or going ahead and making himself really unpopular by suing a free software project. This whole direction does not strike me as being one that can result in a net win for Ylönen. If he wins his trademark rights he'll establish himself as an enemy of the OpenSSH community; if he loses his trademark he looks like a poor businessman.
Instead, he should cut his losses and suddenly realise that he can license the use of the trademark to the OpenSSH project for free, on condition that they clearly distinguish themselves from his product, and perhaps provide linkage to his web site as a clarifying measure. If the real problem is customer confusion, then let's deal with the confusion without all this ugly legal sabre-rattling nonsense.
Does Ylönen realise that he's setting himself up as an enemy of the Free Software Republic? This isn't sensible.
Re:Too Little, Too Late (Score:3)
All this time our policy has been that the trademarks cannot be used by others without a proper acknowledgment, and cannot be used in product names without a special license from us," he said. "We have enforced it against all significant players in the field," he added. "We have not felt it appropriate to go after every random web page or the various non-commercial student projects done at universities."
So which is it? Do we think it's better for a trademark owner to go after every single petty violation? Or does it seem to be more fair when a trademark owner lets some of the little guys slip through the cracks, but then has to take action if they become larger? You can't have both worlds...
(granted, there was that other clincher, but your particular argument conflicts with other common slashdot sentiment)
--
Re:Have a contest for a new name (Score:2)
M$ probably thinks they own the CE suffix. winCE and all.
so would you rather M$ go after you or that SSH guy? ;-)
--
Re:You thnk ths s funny? (Score:2)
At least there's no (TM)s n your username.
Re:Et Tu Slashdot (Score:2)
The Project History and Credits section of the OpenSSH website would seem to refute your assertion:
The original license contained the following text:
While I can't personally vouch for the veracity of the OpenSSH history, it and the original license not only seem to directly contradict your assertion that "you couldn't use it for commercial purposes", but also seems to imply that if a derived version of the original is compatible with the protocol description, then he has no problem with someone referring to it as "ssh" or "Secure Shell".
Also, The SSH transport and user authentication protocols have been submitted to the IETF [w3.org] by Ylönen himself, which I believe qualifies as "submit[ting] as an open standard". As a matter of fact, it's currently the main focus of the Secure Shell (secsh) IETF working group [ietf.org].
All in all, this parallels the "one click" scenario pretty closely, with the difference being that SSH was far more novel and complex an idea than "one click" shopping. If Mr Ylönen had released it as a commercial product, or even just released it under a more restrictive license, there would be no debate. As it stands, though, it reeks of dodgy business practices brought on by stockholder pressure and OpenSSH's success.
Re:I like Theo, but that was the wrong thing to do (Score:3)
That's what I thought until I read the last bit of his letter to the OpenSSH developers:
This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.
Until I read that, I sympathised with the SSH company - I thought they were doing the right thing by just requesting instead of sending the attack-dog lawyers. However, they made an agressive pre-emptive strike to destroy openssh.com's domain before they even have had a chance to consider changing their name.
If I were in charge of OpenSSH, I would have gladly changed the name of my code has he not pre-emptively tried to destroy my domain before I had a chance to even consider what to rename my product to!
Re:Et Tu Slashdot (Score:3)
Agreed. The SSH chap sounds like a decent, pleasant fellow. Given that by far the hardest thing he's asked the OpenSSH people to do is choose a new name, and that he's contributed significantly to their own success, it would show a lack of common courtesy should they refuse to comply.
I honestly can't see why /. is making such a fuss about this, it smacks of mob hysteria and, as you say, double standards.
Re:What about trademarking other things like this? (Score:2)
-m
Let me get this straight... (Score:4)
Puh-leaze!
Enough with the stupid intellectual propery lawsuits already.
I think Tatu's just pissed that OpenSSH is a better product than his commercial SSH, and that OpenSSH is becoming so widely used that it, and not Tatu's commercial ssh, is what people generally mean when they say, SSH. Shit! Now I've just supported his case.
Re:Compromise (Score:3)
The only thing he can do is modify the name of his product, trademark the new name, and launch an advertisement campaign to make it known.
Re:Not only is this dumb... (Score:3)
Nah. Trademark law provides for unrelated products to be sold under the same trademark without infringement.
MOVE 'ZIG'.
Maybe they should rename OpenSSH (Score:4)
Butt-Head Cryptographer...
Besides, I can type bcp a smidgeon faster than scp.
Apples and Watermelons. (Score:5)
This is nothing more than a company trying to rescind the actions of it's founder to protect a failing business strategy.
Why? Because people are being drawn to the open-source implementation rather than paying out good money for something they can get for free.
Tatu's also probably peeved that OpenSSH will receive wider distribution (through Linux, BSD, and possibly OS-X sales/downloads) than his company's probably capable of. And thus will be more likely to achieve ubiquity than his proprietary, commercial products.
Sorry, but it doesn't work that way Tatu. You can't fish something out there until it hits name-recognition status, then make them change their name so you can supplant them. The community is NOT your advertising tool.
Chas - The one, the only.
THANK GOD!!!
Re:secshell (Score:4)
No, your understanding is wrong. The standard is called "SSH". Look at the IETF SSH Protocol Description [ietf.org]:
Abstract
SSH is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH Connection Protocol. It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encrypted tunnel. The SSH Connection Protocol has been designed to run on top of the SSH transport layer and user authentication protocols.
much like the .arc extension begat .zip (Score:3)
More than a decade ago, we saw this with SEA trying to enforce the
It could happen again.
Re:What about trademarking other things like this? (Score:3)
The major marketing investment done in SSH has been made by Unix system admins who needed a secure and practical (and easily obtainable) way to connect between hosts, and who were later left to fend for themselves as the product went closed and unsupported on a large number of platforms.
And, frankly, having gone through the pains of dealing with the forms of licensing of SSH and having salesmen tell me there is NO version that has ever been free (ok, I know more about the licensing than the salesmen) to the various other stages, it was a true pleasure to dump the commercial branch and go entirely with OpenSSH.
If SSH has any brandname value it is despite SSH Inc, not because of it.
Re:Et Tu Slashdot (Score:5)
"As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."
This would pretty clearly seem to imply that as long as OpenSSH was creating a protocol-complaint product that they were welcome to use the name ssh. Otherwise it would have said something like "SSH is the trademark of SSHC, INC, and may not be used without our permission, period".
Unless I am missing something here, it would seem as if Ylonen pretty clearly authorized other compatible and derived products to use the name 'SSH'. And once that permission was granted, it can never - at least not if we want to 'do the right thing' - be taken back.
Claim your namespace.
What about trademarking other things like this? (Score:5)
However, on the other side of the table is OpenGL and Mesa3D. Now, MesaGL would more accurately describe what Mesa3D emulates, but GL is a trademark of SGI, and they probably wouldn't like it if it was used without their permission. The best solution would be for the designers of OpenSSH to change their name and avoid any more disputes. This would also give open source developers a more moderate reputation, as opposed to the uncompromising one they seem to have nowadays.
Lawyer: not open and shut, but close (Score:4)
I'm not certain which jurisdiction's law governs here (and am not going to do the hour or two of research unless someone pays
He said that software could be used and modified, and that *incompatible* programs must not use the ssh name. That doesn't *give* permission to call compatible programs ssh, but it certainly implies it. Similarly, finding someone with a smoking gun in his hand over the shot and still bleeding body doesn't *prove* he killed him, but there's a whole lot of 'splainin' to do . . .
I don't see where he can go with this without producing more info. With implied consent and five years of silence, it's a real hard row to hoe . . .
hawk, esq.
Re:I like Theo, but that was the wrong thing to do (Score:4)
I agree with you on this point. But on the overall argument I disagree. Yes, Tatu is trying to be nice. And yes, Theo is being an asshole. But that being said, I don't see how Theo's going to lose this. With his current attitude, he's in danger of losing the PR battle, but that seems to be it.
Have you seen the license for ssh 1.2.12 (which is what OpenSSH is based off of)? Here is the most salient part (IMHO):
The only thing he says about the name is that if you're not compatible, then you can't use the name. Which leaves the only possible interpretation to be that if you are compatible, you can use the name.
I think that it would be a nice gesture on OpenSSH's part to give up the name. But I don't think it is, by any means, required. And if OpenSSH wishes to protect their identity, using a publically available name, that's entirely up to them. Theo could be more nice about it, but I don't think he'd be in the wrong to keep the name.
Nice Take... (Score:3)
This story [segfault.org] makes a nice point.
Uh-oh, you're screwed (Score:3)
It's Pizza and OS/2 from now on.
Sorry, but you better get rid of OS/2, also. I think RMS and the FSF have had a trademark on the term "half an OS" for about the last 5 years of HURD's development. :)
Cheers,
OpenSSH named after protocol or application? (Score:5)
For countless reasons, I'm sure it's the latter. But that begs the question of why SSH-the-company was so incredibly incompetent that they named SSH-the-protocol after SSH-the-application even though virtually all servers and clients try to incorporate their protocol into the name. TELNET, FTP, FINGER, PING, HTTP(D), etc. Sendmail and bind are two notable exceptions, and of course this can't apply to multiprotocol clients (e.g., Mosaic, Navigator/Commuicator).
OpenSSH, to me, says one thing and one thing only - that it's an "open" implementation of the "SSH" protocol. It has absolutely no connection to SSH-the-program or SSH-the-company other than the historical curiosity that the latter originated the protocol and is pushing it on the standards track. (Something which is undoubtably dead in the water until they (SSH, not ISO) pull their head out of their corporate assh.)
If SSH-the-company wants to keep the identity of SSH-the-program distinct from SSH-the-protocol, they should change the name of SSH-the-program.
Read Yesterday's Article... (Score:3)
Re:I like Theo, but that was the wrong thing to do (Score:3)
Read USC title 15 section 1115 for the various reasons that a trademark can be contested. There are at least 4 possible separate paragraphs that can be used in this case, including prior use, abandonment, permission and mark functionality.
All this is is a lesson to other people that legalities like trademark issues, patents and license issues isnt something you play around with and later decide what you really meant (or change your mind about it). SSH has been messy this way from the beginning.
Too Little, Too Late (Score:5)
Theo de Raadt, co-creator of OpenSSH, hopes the community, not the courts, will decide the trademark skirmish. He points to a licensing agreement that allowed independent versions of SSH before Ylönen received a trademark in 1996, and he wonders why Ylönen has taken five years to decide to enforce the trademark.
He adds: "There are two main clinchers going on here. One is the fact that this licence file predates the trademark, and it grants rights that cannot be removed. And the other is the history of non-enforcement... against anybody else in the entire field using this name, then suddenly enforcing us because we're getting big enough."
Looks like it is too little too late as far as trade mark enforcement goes. If nothing else, Ylönen may be trying to cash in on the name of OpenSSH.
Although there is a point that he (Ylönen) has to do something, I suppose, and better late than never. But it is likely too late.
Oh yeh, IANAL btw
Re:I like Theo, but that was the wrong thing to do (Score:3)
But is this confusion really caused by OpenSSH having a name that is similar to SSH, or is the confusion caused by the fact that Tatu Ylonen chose to overload "SSH" to mean both a product and a protocol?
If OpenSSH is renamed to "FooShell" but still implements the SSH protocols, confusion is going to remain. The reason there will be confusion is that the word "SSH" (more often than not) will still refer to something that might not be SSH Communication Security's product. Just as when people talk about Cola, they're not always talking about Coke.
---
Re:What about trademarking other things like this? (Score:3)
According to the SSH version 1.2.12 license:
"As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."
OpenSSH is doing nothing illegal in using the term "ssh", because OpenSSH is a derivative work of ssh 1.2.12 and is compatible with the RFC.
Now, Mr. Ylönen may regret having given that permission. But the only argument he can make is that the OpenSSH name is not sufficient to mark that the software is a distinct derivative work of ssh. If so, he can object to the OpenSSH name itself, but not the use of "ssh" in the name.
BTW, Kleenex® and Xerox® (along with Velcro®) are still trademarked (at least in the U.S.) due to the extensive efforts of their legal departments. Partly because their founders had the sense to not issue a license allowing other people to call their products Kleenex, Xerox, and Velcro, unlike Mr. Ylönen.
Microsoft's Lawyers Fixed this for Openssh (Score:4)