Forgot your password?
typodupeerror
Encryption Security

The ssh vs. OpenSSH Trademark Battle, Next Round 252

Posted by timothy
from the your-cooperation-is-appreciated-and-expected dept.
If you are following the flap over the use of the letters Ess, Ess and Aitch in product names -- SSH Communications Security Corporation has asked the OpenSSH project to stop using those letters in the name of their software -- a story on NewsForge adds more details. If you didn't catch it then, here's yesterday's NewsForge article as well. Good thing nobody is enforcing a trademark on "telnet," eh?

My favorite tidbit from the article is this: "[OpenBSD and OpenSSH Developer Theo] de Raadt cites U.S. trademark law that requires owners of trademarks to notify violators immediately ... de Raadt argues that Ylönen would have to be living under a rock not to be aware of OpenSSH before now. OpenSSH, released in December 1999 and in use before that, was used by more than 17% of all SSH users earlier this month, according to a study published on the University of Alberta Web site." Besides that, the story does a great job of listing other people whose products including "SSH" in their names have been left blissfully alone, making it seem that OpenSSH is getting what can only be called special treatment.

Of interest: here is a link to a page at openssh.com showing the legal papers received and scanned by members of the OpenSSH project, including the trademark application in question, showing an entirely lowercased "ssh" as the applied-for mark.

This discussion has been archived. No new comments can be posted.

The ssh vs. OpenSSH Trademark Battle, Next Round

Comments Filter:
  • Intel already has a trademark on the letter I. Seriously. I'm sure many of the other 25 are already taken, too.
  • IANAL, but... It may be that SSHCS's behaviour isn't only about bashing free software competition, but also about preventing possible corporate hijacking of the product and company name. Imagine what might happen if they didn't try to enforce the trademark. Some company in USA or elsewhere might register itself as "SSH Communications Services", and start advertising and selling their own security product called "SSH". That product could be different, strictly closed and incompatible with SSH standards. If there's some international law that prevents exactly same company name, just choose "SSH Communications International" or just "SSH inc."

    I'm not sure if such hijacking is legally possible, or worthwhile, but it would really be unfair and damaging to SSHCS, or any company, which is why we have the trademark laws. This may be one reason why they may have to enforce it.

    The reaction of SSH Communications Services may thus be quite understandable and acceptable. But that doesn't of course negate the fact that Tatu and SSHCS made a legally fatal mistake in giving the protocol, the free version of the product, the commercial version, and the company the same name.

  • I think the trademark dispute of SSH in the OpenSSH name is rediculous.

    Just to show how much more understanding and reasonable all the other big corporations are, I'm going to introduce the products:

    OpenKleenex
    OpenJello
    OpenSPAM
  • i'm voting fer :

    0p3N55h3Z 4-3v3R!
  • When a trademark is diluted, you legally loose your trademark (Kleenex and Xerox are the textbook examples). Don't stab him in the back for supporting open source by taking away his brand name, which was a major marketing investment.

    I think its too late for that... the trademark has already been sufficiently diluted - I started using OpenSSH about 4 months ago, and I had never even heard of the company until this article.
  • I don't see anything in there giving authorization of the Trademark...

    If you're not compatible, you can't use the name.

    That doesn't mean you can use the registered mark. When that was done, there was no registered mark. The Mark is owned by a corporation (founded by this gentlemen, not that it's terribly relevant), and can't be appropriated without authorization.

    For example, if I write some code, call my program Microsoft, and say in my license that you may use the name Microsoft in referring to my code, you aren't authorized to use it.

    That is hardly a license to a Trademark issued two years after that was written.

    The author of the original software asked you not to use the name ssh or Secure Shell if they are incompatible. That is a contractual agreement as part of a license.

    The company is using the Trademark SSH to refer to their company and software. When you used that license, you contracted to not name is SSH if it is not compatible. That has NO bearing on the trademark.
  • by Throw Away Account (240185) on Thursday February 15, 2001 @09:56PM (#428101)
    Ylönen gave permission to use "ssh" to describe derivatives of his program that conformed to the RFC in the license that accompanied version from which OpenSSH is derived. Now, years later, he's decided he wants to retract it.

    If his permission to use "ssh" is revocable, arguably so are any other parts of his license -- including the permission to use the code in derivative works. Rolling over on the name could be used in court as evidence that the OpenSSH crew agreed that the license is revocable -- in which case he can next eliminate the whole OpenSSH project, whatever its name. Ooops...
  • by Anonymous Coward
    A man who worked hard to get widespread usage of a protocol by making it freely available is now trying to stuff the shit back in the horse. Sorry it doesn't work that way.

    Well, at least, it shouldn't work that way. Fraunhofer is doing the exact same thing with mp3. The problem is that there needs to be a distinct line drawn between specifications and products. You shouldn't be able to trademark a specification (such as the SSH protocol).
  • by fluxrad (125130) on Thursday February 15, 2001 @05:58PM (#428109) Homepage
    Have they sued the makers of all *nix OSes yet for putting infringing statements in places like:

    /etc/services


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network
  • by Keepiru (78270) on Thursday February 15, 2001 @05:59PM (#428115) Homepage
    I wonder, how would we all feel if it were Linus sending out a C&D for someone misusing the term Linux. Would we still be on the side of trademarks are bad? There is no doubt a lot of confusion here, it's not that hard to rename it.

    Encrypted shell (esh)
    trusted Shell (tsh)
    secure telnet (stn) which btw, is more accurate, as it's not really a shell.


    Get involved
  • FTP Software never sued anybody over the File Transfer Program they named themselves after. Probably because the use of the initials FTP goes way back before the history of computers, popularized by graphiti artists as an abbreviation for "Fuck The Police", often used alongside FTQ for "Fuck The Queen". -Don
  • It's only legal weasling if a law is being used contrary to its original intent.

    But this part of the law was created for exactly this case... when a trademark owner allows others to invest a large amount of time and/or money into an infringing mark without their knowledge of infringement, and then tries to pull the rug out from everyone at exactly the worst time.
    --

  • by Stephen Samuel (106962) <samuel@b[ ]een.com ['cgr' in gap]> on Thursday February 15, 2001 @06:03PM (#428120) Homepage Journal
    Perhaps we could move to OpenSeSH? In a lot of ways, it's almost more descriptive, since the protocol, and the application allow Secure Sessions, more than simple secure shells (eg: scp and SSH-based X-sessions). The name would also point to the use of the SSH protocol (which is not trademarked -- only the application).

    The concept of trademarking an application name so close to a standard protocl name is, at best, silly. On the other hand, I don't think that it's worth starting a big fight over. There are far better things to put our energy/ time/ money into.
    --

  • > gnuls kinda takes the beauty out of unix

    I sorta disagree. gcc was not named cc. gnutar was not named tar. They don't have to name their program ssh. RMS would say that they should do things as differently as possible, and provide a --traditional for inter-operability (Btw, I would love hearing what Theo would say if RMS tried to tell himn what to do :-) ).

    Sure gnuls would be ridiculous, so my example isn't worth much. Even apache is named httpd, so...

    > By your standards F-Secure is diluting the ssh mark

    Frankly, I don't know. I was just saying that *I* often confused ssh and openssh, and that *I* would have zero problem using asfkaos (A Shell Formelly Known As OpenSHH) as it would help me to stay away from ssh(tm) products.

    OTOH, maybe you are right, and ssh corp should be told to f*ck themselves...

    Cheers,

    --fred
  • Wake the fuck up if you're on here bitching that SSH isn't a shell.

    "ssh" is a secure replacement for rsh, "slogin" is a secure replacement for rlogin, and "scp" for rcp.

    rsh was for remote shell, ssh is for secure shell.

    That's why, so if you think you're cool and are allowed to speak just because you popped a RedHat CD into your Packard Bell, please reformat, reload windows, and don't come back.

    Thank you.

    -Nev
  • by darial (177051) on Thursday February 15, 2001 @10:48PM (#428123)
    ..but the reality is that he's selectivly enforcing his invalid trademark (check the trademark db if you don't believe me). And he's doing this enforcement against the product that's **gasp** putting him out of business. If he really wanted to protect the (tm), he would need to go after:

    O SSH [pdc.kth.se]
    TTSSH [zip.com.au]
    NiftySSH [lysator.liu.se]
    MacSSH [macssh.com]
    Java-SSH [cam.ac.uk]
    TGssh [www.ai]
    sshCE [movsoftware.com]
    An OpenVSM project called just SSH [ohio-state.edu]
    SSH-OS2 [nmsu.edu]
    ...

    and, well, you get the point. He's just going after OpenSSH because they're beating him in the market. And not only does he have no legal leg to stand on, but he's being a real slime by only going after the successfull one. Theo would be right to tell hime where to stick his lawyers.
  • he's done that. there was a story on slashdot a while ago about it, but it would be a horrendous pain in the ass about it. basically, linus has no problem with use of the lunix trademark as long as it's done in good faith. but when somebody registered a bunch of linux-related domain names so he could sell them, linus threatened action, and the guy backed down.

    note: that's how i remember it. i could be on crack.

  • I really hate it when a company picks on a simple
    opensource project with a very good stance on why it did and should continue to use the name OpenSSH. I was planning on rolling out SSH this summer to over 800 desktops/servers. I guess I will be DEFINATLY going with OpenSSH in light of these developments.
  • Maybe because Ylönen is actually in the same boat as Bezos, et. al. He submitted ssh as an open standard, which was upstanding of him. Then he turned around and tried to trademark the name of the open standard. Now he's decided that OpenSSH is taking too much of his business, and he's trying to shut them down by preventing them from using the name of the protocol in their program name.
    More similarly, he's in the same boat as Sun, but without the forthrightness. At least Sun established a trademark, and actively enforced it, before they submitted it to multiple standards bodies as an 'open' standard. Even then, the standards bodies balked at allowing a major company like Sun to hold a trademark on, and control of, a standard which they issued. I'm not sure why Ylönen thinks that the IETF is going to swallow his company sandbagging them like this.
  • by djrogers (153854) on Thursday February 15, 2001 @05:34PM (#428137)
    I think they should follow samba's example, and make a word out of it.... My vote is for SaSHay.
  • by alexhmit01 (104757) on Thursday February 15, 2001 @08:03PM (#428138)
    The statement that the mark wasn't enforced was the WRONG tack to take.

    Good job. We have now taken the position to the outside world of being total assholes.

    The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.

    Now, this is totally absurd.

    He didn't bully, DON'T use that against him. The arguement that he didn't bring it up until confusion happened may be legally correct, but now sets the horrible precedent that Open Source groups will be as shady as possible, and if you give them an inch, they'll take a mile.

    Notice something, the original license (if anything tells people not to be nice and release their source code, this is the example, that was hardly a license, more of a nice gesture) allowed you to call your application ssh.

    That's irrelevant.

    OpenSSH could be renamed, OpenSecSH, which would be an open implementation of the SecSH protocol, which is the name of the working group. The FILE could still be called ssh/sshd.

    SAMBA couldn't call itself SMB, confusion reasons, but the applications use SMB (like, smbd).

    However, you can be polite, compile as osecsh and osecshd and include a symlink (automatically, but prompted) for ssh and sshd, so if you have both implementations, you can decide which one you want.

    However, if the Open Source community insists on fighting on the Trademark grounds, we're in the wrong.

    You can dispute the merits of Software Patents.
    You can dispute the merits of long copyright terms.
    You can dispute the merits of copyrights in general.

    You can't dispute the merits of Trademarks.

    Trademarks are the only thing that prevents confusion in the marketplace. If people are confused and think that OpenSSH is from SSH, then there is a legitamate issue.

    Also, I don't think you're going to win on the enforcement. One year or so is reasonable, given that OpenSSH has minimal press coverage, etc. I think that it would be EASY for SSH to show that they found out about it, saw a problem, and then asked them to fix it.

    Theo, you're going to lose, and you're being a bastard. He hasn't demanded that you stop making a version of SSH, just that you not use his product name.

    Theo, I'm an OpenBSD user. I love OpenBSD. I love OpenSSH. You're in the wrong here... VERY WRONG.

    Alex
  • by Anonymous Coward on Thursday February 15, 2001 @05:34PM (#428139)
    When it comes to Microsoft, Jeff Bezos, et al, Slashdot cries out in unison, "why don't you do what's right, not just what's legally allowed."

    Now it's open sources' turn. The right thing to do is honor the wishes of the guy who created SSH, the guy who made SSH available to you (albeit with a license you didn't like), and the guy who still tries to make a living from his hard work.

    Give up the conflicting name. Not because you have to. Because it's the right thing to do.

  • by smoondog (85133) on Thursday February 15, 2001 @06:04PM (#428140)
    the article raises an interesting point. Many of these crazy patent/trademark infringemtent lawsuits we see all share one thing in common: They are obnoxiously late. The law should have strong enforcement of making sure lawsuits happen right after the infringement. None of this "They making a lot of money so we'll selectively sue them" attitude. Most of the time these companies would have to be dead to not be aware of years of infringement.

    -Moondog

  • by Inti (99884) on Thursday February 15, 2001 @06:05PM (#428142) Homepage
    No way. The author released the code years ago under a license that pretty clearly allowed use of the name. You can't take something like that back. Once something is released to the world under a certain set of conditions, you can't take it back, no matter how much you might like to.

    He gave the name away, and now he regrets having done so. Well, too bad. OpenSSH used the name with the entirely justifiable understanding that this was allowed. They took nothing that had not been offered. They built a brand of their own, which the original author now wants to destroy since it is becoming competitive.

    That's dirty pool.

    Claim your namespace.
  • by The Famous Brett Wat (12688) on Thursday February 15, 2001 @06:06PM (#428143) Homepage Journal
    Ylönen said he's not sure of his next step if the OpenSSH team doesn't back down. "I have tried to be polite, stick to facts, and reason with everyone," he said. "I hope that we can find a solution that will cause minimal disruption in the network security community and will also allow us to protect our trademark rights. It would be shame if this issue escalated to something that damages everyone."

    If he doesn't want it to escalate, then he'd best compromise. I think that there's a broad feeling of indignance in the OpenSSH developer and user community that there's a "submarine trademark" (if I may put it that way) on something which we consider to be the name of a protocol. I think there's going to be a great reluctance to go ahead with a name change, because it would let the nose of the camel into the tent. What next -- remove all mention of "SSH" from the documentation?

    If Ylönen demands no less than the removal of "SSH" from the project name, and OpenSSH isn't willing to do this, then he has the choice of either backing down or going ahead and making himself really unpopular by suing a free software project. This whole direction does not strike me as being one that can result in a net win for Ylönen. If he wins his trademark rights he'll establish himself as an enemy of the OpenSSH community; if he loses his trademark he looks like a poor businessman.

    Instead, he should cut his losses and suddenly realise that he can license the use of the trademark to the OpenSSH project for free, on condition that they clearly distinguish themselves from his product, and perhaps provide linkage to his web site as a clarifying measure. If the real problem is customer confusion, then let's deal with the confusion without all this ugly legal sabre-rattling nonsense.

    Does Ylönen realise that he's setting himself up as an enemy of the Free Software Republic? This isn't sensible.

  • by interiot (50685) on Thursday February 15, 2001 @06:09PM (#428145) Homepage
    Another quote:

    All this time our policy has been that the trademarks cannot be used by others without a proper acknowledgment, and cannot be used in product names without a special license from us," he said. "We have enforced it against all significant players in the field," he added. "We have not felt it appropriate to go after every random web page or the various non-commercial student projects done at universities."

    So which is it? Do we think it's better for a trademark owner to go after every single petty violation? Or does it seem to be more fair when a trademark owner lets some of the little guys slip through the cracks, but then has to take action if they become larger? You can't have both worlds...

    (granted, there was that other clincher, but your particular argument conflicts with other common slashdot sentiment)
    --

  • yeah, but the suffix police would getcha.

    M$ probably thinks they own the CE suffix. winCE and all.

    so would you rather M$ go after you or that SSH guy? ;-)

    --

  • Actually that was easer to read than most AC postngs.

    At least there's no (TM)s n your username.
  • The Project History and Credits section of the OpenSSH website would seem to refute your assertion:

    OpenSSH is a derivative of the original free ssh 1.2.12 release from Tatu Ylönen. This version was the last one which was free enough for reuse by our project. Parts of OpenSSH still bear Tatu's license which was contained in that release. This version, and earlier ones, used mathematical functions from the libgmp library. That library was also included with these early ssh versions. The libgmp library is made available under the (LGPL) Lesser GNU Public Licence, although versions of that era were under the regular (GPL) GNU Public Licence.

    Rapidly after the 1.2.12 release, newer versions bore successively more restrictive licenses, even though libgmp was still included and neccesary for using the software. Earlier restrictive licenses forbade people from making a Windows or DOS version. Later licenses restricted the use of ssh in a commercial environment, instead requiring companies to buy an expensive version from Datafellows.

    The original license contained the following text:

    As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

    While I can't personally vouch for the veracity of the OpenSSH history, it and the original license not only seem to directly contradict your assertion that "you couldn't use it for commercial purposes", but also seems to imply that if a derived version of the original is compatible with the protocol description, then he has no problem with someone referring to it as "ssh" or "Secure Shell".

    Also, The SSH transport and user authentication protocols have been submitted to the IETF [w3.org] by Ylönen himself, which I believe qualifies as "submit[ting] as an open standard". As a matter of fact, it's currently the main focus of the Secure Shell (secsh) IETF working group [ietf.org].

    All in all, this parallels the "one click" scenario pretty closely, with the difference being that SSH was far more novel and complex an idea than "one click" shopping. If Mr Ylönen had released it as a commercial product, or even just released it under a more restrictive license, there would be no debate. As it stands, though, it reeks of dodgy business practices brought on by stockholder pressure and OpenSSH's success.

  • by Alioth (221270) <no@spam> on Friday February 16, 2001 @08:20AM (#428152) Journal
    The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.

    That's what I thought until I read the last bit of his letter to the OpenSSH developers:

    This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

    Until I read that, I sympathised with the SSH company - I thought they were doing the right thing by just requesting instead of sending the attack-dog lawyers. However, they made an agressive pre-emptive strike to destroy openssh.com's domain before they even have had a chance to consider changing their name.

    If I were in charge of OpenSSH, I would have gladly changed the name of my code has he not pre-emptively tried to destroy my domain before I had a chance to even consider what to rename my product to!

  • by sql*kitten (1359) on Thursday February 15, 2001 @11:47PM (#428153)
    Give up the conflicting name. Not because you have to. Because it's the right thing to do.

    Agreed. The SSH chap sounds like a decent, pleasant fellow. Given that by far the hardest thing he's asked the OpenSSH people to do is choose a new name, and that he's contributed significantly to their own success, it would show a lack of common courtesy should they refuse to comply.

    I honestly can't see why /. is making such a fuss about this, it smacks of mob hysteria and, as you say, double standards.

  • OpenSSH should compromise because what they are doing is illegal. Look, the guy wrote SSH and trademarked that name. He was really nice about it and release the source and supported open source projects. When a trademark is diluted, you legally loose your trademark (Kleenex and Xerox are the textbook examples). Don't stab him in the back for supporting open source by taking away his brand name, which was a major marketing investment.

    -m

  • by panda (10044) on Friday February 16, 2001 @08:47AM (#428157) Homepage Journal
    Some dude in Finland is gonna sue another dude in Canada over a Trademark owned in the U.S.?

    Puh-leaze!

    Enough with the stupid intellectual propery lawsuits already.

    I think Tatu's just pissed that OpenSSH is a better product than his commercial SSH, and that OpenSSH is becoming so widely used that it, and not Tatu's commercial ssh, is what people generally mean when they say, SSH. Shit! Now I've just supported his case. :-)
  • by Baki (72515) on Friday February 16, 2001 @12:53AM (#428165)
    Wrong compromise. He gave away ssh including the name (as long as you keep it compatible with the ssh-protocol) before the trademark. Thus is trademark is invalid.

    The only thing he can do is modify the name of his product, trademark the new name, and launch an advertisement campaign to make it known.

  • I wonder, how would we all feel if it were Linus sending out a C&D for someone misusing the term Linux.
    You are aware of why Linus holds a registered trademark on the term Linux (as applied to computer operating systems), right?
    Would we still be on the side of trademarks are bad?
    Who is on the side of "trademarks are bad"? We're on the side of "selective enforcement of trademarks are bad, and most likely invalid".
    There is no doubt a lot of confusion here, it's not that hard to rename it
    No, it isn't, and had Ylönen requested that the OpenSSH project change its name near the beginning, and been requiring that other SSH impementations that he knew of change their names, I at least wouldn't be objecting to this. By singling out OpenSSH for this treatment, springing this upon them (apparently) more than a year after OpenSSH was started (with much controversy over the domain names, if you will recall - this wasn't a stealth project), and assisting with the development of other SSH implementations without requiring that their names be changed, he created this situation.
  • (my post says theres no expiration on the right to prosecute, there shouldnt be, and openSSH should have known better.)

    There is, there should be, and they did based on what was true at the time.

    There is an expiration on the time to prosecute, and their very well should be. Statute of limitations exist for many things. Generally the idea is you have to decide _now_ if something pisses you off enough to sue, not wait until 10 years down the road when your company isn't doing so hot and needs some extra loot. If someone has a trademark, they have to defend it. Waiting until someone else has established their own name and then trying to take them down is not only dirty, it flies in the face of the law.

    When OpenSSH started, they believed they were ok to use that name. So they only thing they could have "known better" was to know that once their product started to steal market share from ssh, SSH would turn on them.

    And lastly, how exactly would this be SSH getting their name back? Have they been unable to use it in the interim? No. Is OpenSSH the same as SSH? No. Can you attack anyone whose name contains part of yours? Maybe if WIPO is presiding, but not in US law. I can name my application "Something Explorer" without being sued by MS.

    Yes, OpenSSH used the ssh name, but only in the sense that the name OpenSSH accurately describes what it is and does. I can see the name and say "ah! an open implementation of ssh. much preferable to that closed source garbage." So the gains made by OpenSSH were as much because of conscious decisions as name similarity. It's not like releasing a soft drink in a red can named Coca-Cola, where people think your product is the same. It's more like releasing a product called "Generic Cola" in a red can -- people can quickly figure out that it is supposed to be like Coke, but is cheaper. If Coke really does taste better than Generic Cola, then people will still buy Coke. If not, then that's Coke's problem, not an invitation for their lawyers to try to shut down Generic Inc.

    Side note: if SSH really wanted to have a distinct name to build a brand around, they shouldn't have just used the "single-letter abbreviations for what my shell is, followed by sh" naming convention. If I were to decide, that right there would lead me to rule that their trademark was unenforceable.

  • Good heavens! My head is throbbing in sympathy.

    -Don

  • (whether or not it actually is a shell is really a moot point, however), and the logical abbreviation - following standard shell style

    rsh is not a shell itself, it provides access to a "remote shell". In the same way, a secure shell would be any shell that you got access to securely.

    Which leads to my favorite new name for the open source version: what it does is "opens shell" or, OpensSH. There, everybody happy now?

  • Many of these crazy patent/trademark infringemtent lawsuits we see all share one thing in common: They are obnoxiously late. The law should have strong enforcement of making sure lawsuits happen right after the infringement.

    Both trademark and patent laws contain provisions requiring that the owner file claims within a limited period of time. In the case of SSH the trademark holder may already be too late.


    MOVE 'ZIG'.
  • by the eric conspiracy (20178) on Thursday February 15, 2001 @06:13PM (#428174)
    "Duron Paints." Now, if Duron was a registered trademark before AMD even conceived of the chip by the same name, Duron Paints can sue AMD, and cause AMD to rename their Duron line.

    Nah. Trademark law provides for unrelated products to be sold under the same trademark without infringement.


    MOVE 'ZIG'.
  • Owning a trademark in one realm of human communication doesn't give you the right to own it in all others.

    Bzzzt. Wrong. The main point of law is the question of whether the name domain OpenSSH might cause confusion. In this case, given the identical functionality if the products I think they have a good case.


    MOVE 'ZIG'.
  • Good thing nobody is enforcing a trademark on "telnet," eh?

    Yet.

    Domain Name.......... telnet.com

    Creation Date........ 2000-11-21
    Registration Date.... 2000-11-21
    Expiry Date.......... 2001-11-21

    Organisation Name.... Rainforest Consulting
    Organisation Address. 2180 Pleasant Hill Road, Suite A-5, #376
    Organisation Address.
    Organisation Address. Duluth
    Organisation Address. 30096
    Organisation Address. GA
    Organisation Address. UNITED STATES
  • Nah. Trademark law provides for unrelated products to be sold under the same trademark without infringement.

    No, this is not always true, see the case of Visa condoms [jenkins-ip.com] being denied, even though it's nothing to do with credit cards.
    --

  • As the article states there are several other SSH(TM)implementations out there
    with SSH in the product name
    that aren't being hassled over this.
    Sorry, but he's actively assisted the development of other SSH products with SSH in the product name. If he asked that the OpenSSH documentation contain a trademark notice, that would have been reasonable. Demanding that the project change its name, at this point, is not.
  • by jfunk (33224) <jfunk@roadrunner.nf.net> on Thursday February 15, 2001 @08:18PM (#428189) Homepage
    I think they should take Apple's lead and call it BHC.

    Butt-Head Cryptographer...

    Besides, I can type bcp a smidgeon faster than scp. :-)*
  • In Germany some company has the trademark on explorer(tm)* for software products. So they sue everyone who is putting a link on some kind of explorer(tm)* software, like ftp-explorer(tm)*.

    Microsoft DO have some deal with them, but both sides refuse to reveal details of it.

    * explorer is a registered trademark of the symicron GmbH


    Samba Information HQ
  • This is prior restraint and flies in the face of the first amendment.You mean this First Amendment:
    CONGRESS SHALL MAKE NO LAW RESPECTING ... ABRIDGING THE FREEDOM OF SPEECH, ...
    Are you confused between who SSH Communications are, and what congress is?
  • To say SSH is dirty for waiting is like saying that the recent DirectTV tactic of letting everyone clone their chips over and over without a word, and then destroying them all in one genious swoop, was dirty.
    DirecTV didn't. If you actually read any of the articles about the DirecTV situation, they note that this has been an ongoing battle between DirecTV and the hackers. SSH laid an ambush for the OpenSSH project, and US trademark law, at least, doesn't allow for that.
  • by Chas (5144) on Thursday February 15, 2001 @08:25PM (#428202) Homepage Journal
    1. SGI had already trademarked "GL"
    2. SGI did NOT already give away the right to use "GL" freely.
    3. Tatu didn't trademark "ssh" initially.
    4. Tatu released a version under a license that allowed for use (unrestricted use no less) of the "ssh" mark, so long as it conformed to the SSH standard.
    5. The standards, penned by Tatu himself, use the term "ssh" for the protocol.

      This is nothing more than a company trying to rescind the actions of it's founder to protect a failing business strategy.

      Why? Because people are being drawn to the open-source implementation rather than paying out good money for something they can get for free.

      Tatu's also probably peeved that OpenSSH will receive wider distribution (through Linux, BSD, and possibly OS-X sales/downloads) than his company's probably capable of. And thus will be more likely to achieve ubiquity than his proprietary, commercial products.

      Sorry, but it doesn't work that way Tatu. You can't fish something out there until it hits name-recognition status, then make them change their name so you can supplant them. The community is NOT your advertising tool.




    Chas - The one, the only.
    THANK GOD!!!
  • ...although its a real pitty he didn't think of enforcing his trademark early on...

    Imagine that he did back in 1999 when OpenSSH was first released. What would have been the Slashdot reaction then?

  • by omarius (52253)
    How about calling it SlaSH?

    No, wait, don't sue me! ;)

    -Omar

    (or SwiSH
    or SwaSH
    or...
    )

  • This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

    Actually, when I read the letter, I saw

    In particular, we request that you...take all steps necessary to cancel the domain name registration for the name ``openssh.com''.
    Are you just trying to stir up the flames?
  • by Col. Klink (retired) (11632) on Thursday February 15, 2001 @06:58PM (#428215)
    the standard, as I understand it, that openSSH is based on, is described in an open standard named secshell.

    No, your understanding is wrong. The standard is called "SSH". Look at the IETF SSH Protocol Description [ietf.org]:

    Abstract

    SSH is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH Connection Protocol. It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encrypted tunnel. The SSH Connection Protocol has been designed to run on top of the SSH transport layer and user authentication protocols.

  • Big companies don't compromise. They send in the lawyers and fight to the death (or until the money runs out). Why should we compromise? As as been shown the "licence file predates the trademark, and it grants rights that cannot be removed." Also they have not chosen to enforce this until now.
  • by liberty! (80607) on Thursday February 15, 2001 @07:02PM (#428218) Homepage
    Trademarking a commonly used text string has been done before, and has been solved before.

    More than a decade ago, we saw this with SEA trying to enforce the .arc extension for archived files being trademarked. The result was Phil Katz releasing the pkzip utilities, and the whole community switched over to zip files within a few months. SEA had made itself odious to the user community, and was cut off.

    It could happen again.

  • by Znork (31774) on Friday February 16, 2001 @03:41AM (#428223)
    Of course, without the product actually being opensource for a while it would never ever have reached any form of popularity.

    The major marketing investment done in SSH has been made by Unix system admins who needed a secure and practical (and easily obtainable) way to connect between hosts, and who were later left to fend for themselves as the product went closed and unsupported on a large number of platforms.

    And, frankly, having gone through the pains of dealing with the forms of licensing of SSH and having salesmen tell me there is NO version that has ever been free (ok, I know more about the licensing than the salesmen) to the various other stages, it was a true pleasure to dump the commercial branch and go entirely with OpenSSH.

    If SSH has any brandname value it is despite SSH Inc, not because of it.
  • You may not see why the lack of enforcement should diminish their ability to prosecute, however, long-standing trademark law DOES.

    Who even knew it was trademarked? Did they ever attempt to let anyone know this before? No.

    SSH is the common word for a protocol; everyone knows that. It's already been what trademark law calles, 'diluted'. It's a common name now; once something is common like that, you can't take it back just because it's trademarked. Everyone already has something in their mind when they think of 'ssh', and it's not this guys product in particular, it's merely the protocols involved.

  • by Inti (99884) on Thursday February 15, 2001 @08:46PM (#428238) Homepage
    From the license of 1.2.12, upon which OpenSSH is based (according to the Newsforge article [http]):

    "As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."

    This would pretty clearly seem to imply that as long as OpenSSH was creating a protocol-complaint product that they were welcome to use the name ssh. Otherwise it would have said something like "SSH is the trademark of SSHC, INC, and may not be used without our permission, period".

    Unless I am missing something here, it would seem as if Ylonen pretty clearly authorized other compatible and derived products to use the name 'SSH'. And once that permission was granted, it can never - at least not if we want to 'do the right thing' - be taken back.


    Claim your namespace.

  • Doh! FTP originally stood for Fuck The Pope, not Fuck The Police. (I got it confused with an NWA song...) Fucking the Pope is a much better idea than Fucking the Police, since he needs it a lot more, and doesn't fuck back as hard.

    -Don

  • This is devolution. What a couple of morons. Call the damn thing Fred and fuck the lawyers.
  • This part, however, goes too far:

    This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.

    Where is that bit? I can't find it. Thanks

  • Actually, Sun might sue you for using OpenWindows2000, and even if they lost, the shrill nasal whining of their lawyers might drive you to suicide. Better stick to BrokenWindows.

    -Don

  • What have we learned from this story?

    Next time, when we start a Free project aiming to be compatible with someone else's code, why don't we *TALK* to them first?

    I'm not saying we should ASK for permission to use name or anything, but just to get an idea how they'd interpret their own agreements.

    Say, if the OpenSSH team talked to SSHC and said "Now we have your 1.27 license, and it says we can use the name if it is compatible. Can you verify that?"

    If they said "Ok you can use that" then they'd better keep their mouths shut at this time. Too bad it wasn't what happened.

  • Usually, I would support the trademark owner: IBM owns IBM, and I expect anything with IBM in its name to come from IBM.

    This case is worrying, however, because ssh is also the name of the command. The trademark is not only identifying a brand, it is also the thing you type to perform an action. If DEC (or whoever) had patented "dir" they would have made competing OSes less attractive because new OSes would have to invent arbitrary different names for conceptually identical commands. If SSH enforces the trademark, it is only reasonable that they must fight against alternative implementations using the command "ssh".

    This would lead to a repeat of the look-and-feel wars of the GUIs, only this time fought over CLIs using trademark law. LnF was about users moving to different platforms/apps and expecting things to work the same. CLI is no different: users expect telnet to do approximately the same thing on all platforms. If command names are choosen to avoid infrigement, we all will lose.

  • Let's trademark every letter in the alphabet! That way we can sue whoever uses our trademarks. We'd make a fortune!

    Next you'll say "I'll trademark the trademark symbol! Then anyone who trademarks anything will violate my trademark and I'll sue them for trademark infringement." (that idea is trademarked btw. And so are the three letters btw)

    Now lets all have a good laugh while our mod points die.
    "Me Ted"
  • It was a defunct ISP that had a product called "Internet Explorer" one year before Microsoft released IE. In actual fact, Microsoft didn't win -- they lost, and had to pay the founder of the ISP (I think) $$$$$$.

    --
  • by Gaijinator (218180) on Thursday February 15, 2001 @05:35PM (#428257)
    I think we can all agree that secure shell is a descriptive name for this program (whether or not it actually is a shell is really a moot point, however), and the logical abbreviation - following standard shell style - is "ssh". Now, to avoid utter confusion, it is a good idea to make sure there aren't other programs called ssh. OpenSSH makes perfect descriptive sense for the program - it's open source, and it's a lot like ssh.

    However, on the other side of the table is OpenGL and Mesa3D. Now, MesaGL would more accurately describe what Mesa3D emulates, but GL is a trademark of SGI, and they probably wouldn't like it if it was used without their permission. The best solution would be for the designers of OpenSSH to change their name and avoid any more disputes. This would also give open source developers a more moderate reputation, as opposed to the uncompromising one they seem to have nowadays.
  • gnapster? gaim? openssl? what about the "Scotch" in scotch tape? Isn't honestly a true brand from 3m? Or vise-grips vs locking pliers? What is allowed and what isn't?
  • by hawk (1151) <hawk@eyry.org> on Friday February 16, 2001 @04:35AM (#428262) Journal
    I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your jurisdiction.

    I'm not certain which jurisdiction's law governs here (and am not going to do the hour or two of research unless someone pays :). However, given the Canadian base of OpenSSH, as well as the wide distribution of the original product into the English speaking world, I'll make some evaluations based on English Common Law.

    He said that software could be used and modified, and that *incompatible* programs must not use the ssh name. That doesn't *give* permission to call compatible programs ssh, but it certainly implies it. Similarly, finding someone with a smoking gun in his hand over the shot and still bleeding body doesn't *prove* he killed him, but there's a whole lot of 'splainin' to do . . .

    I don't see where he can go with this without producing more info. With implied consent and five years of silence, it's a real hard row to hoe . . .

    hawk, esq.
  • How about: So Shit Happens

    --
  • No, it's more like he left a sign on the candy that said, "If you don't like my dog, please don't eat the candy," after which someone came up, patted the dog, threw the stick for the dog, and ate a piece of candy.
  • I'm reading this rather late, so noone will see my reply, but whatever.

    Since his company apparently has problems and lots of people contant it for support for OpenSSH, couldn't he just start supplying it, for a fee? It seems to me they should be capable of that, and they'd be in a great position to point out the advantages of using their own, commercial ssh...

  • Good job. We have now taken the position to the outside world of being total assholes.

    I agree with you on this point. But on the overall argument I disagree. Yes, Tatu is trying to be nice. And yes, Theo is being an asshole. But that being said, I don't see how Theo's going to lose this. With his current attitude, he's in danger of losing the PR battle, but that seems to be it.

    Have you seen the license for ssh 1.2.12 (which is what OpenSSH is based off of)? Here is the most salient part (IMHO):

    This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland

    COPYING POLICY AND OTHER LEGAL ISSUES

    As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than "ssh" or "Secure Shell".

    The only thing he says about the name is that if you're not compatible, then you can't use the name. Which leaves the only possible interpretation to be that if you are compatible, you can use the name.

    I think that it would be a nice gesture on OpenSSH's part to give up the name. But I don't think it is, by any means, required. And if OpenSSH wishes to protect their identity, using a publically available name, that's entirely up to them. Theo could be more nice about it, but I don't think he'd be in the wrong to keep the name.

  • I profoundly disagree. OpenSSH will be tainted for the rest of its life if it doesn't change its name.

    I have been confused between openssh and ssh numerous time. Both commmands are named 'ssh', and I think it is an error.

    Anyway, the request seems pretty stupid, as OpenSSH is doing a lot of good to ssh corp. If OpenSSH renamed the command to something less related to ssh, like pinss (pins is not secure shell) or yass (yet another secure shell), then ssh corp will loose a lot of mindshare.

    Making the issue into "we can legally keep the name" is plain wrong. They want the name ? Give them. The name is just a name. The free alternative is better, so will succeed under any kind of name (and, people will alias ssh to wosin [whatever open ssh is named] anyway, so the pratical impact will be zero).

    Cheers,

    --fred

  • by SnatMandu (15204) on Thursday February 15, 2001 @05:38PM (#428274) Homepage

    This story [segfault.org] makes a nice point.

  • Good thing nobody is enforcing a trademark on "telnet," eh?

    Well, then, there's the solution: just rename OpenSSH to OpenSTN (Secure TelNet).

    Sure, name changes are hard, but in Quake, when a rocket is barreling towards you, what do you do? Strafe to the side, right! And this is the legal equivalent of that.

  • I think SSHCS's claims have no standing, and their decision to ``defend their trademark'' against only a single product sheds a poor light on Tatu Ylonen.

    Nonetheless, the letter is much, much friendlier than what I've seen in similar cases -- i.e., cease and desist yesterday.

    IMO, it looks like SSHCS is following good and proper form as they do this entirely questionable act :-/

  • by Zico (14255) on Thursday February 15, 2001 @08:55PM (#428280)

    It's Pizza and OS/2 from now on.

    Sorry, but you better get rid of OS/2, also. I think RMS and the FSF have had a trademark on the term "half an OS" for about the last 5 years of HURD's development. :)


    Cheers,

  • Just because it's law, doesn't mean it's best. I was hoping to encourage some discussion of where the line should be drawn.

    Also, unless Tatu is lying outright, he says (in the paragraph that I quoted) that OpenSSH is NOT the first to be "attacked".
    --

  • by coyote-san (38515) on Thursday February 15, 2001 @06:42PM (#428285)
    Asking the question that everyone else seems to be missing, was OpenSSH named after SSH-the-application or SSH-the-protocol?

    For countless reasons, I'm sure it's the latter. But that begs the question of why SSH-the-company was so incredibly incompetent that they named SSH-the-protocol after SSH-the-application even though virtually all servers and clients try to incorporate their protocol into the name. TELNET, FTP, FINGER, PING, HTTP(D), etc. Sendmail and bind are two notable exceptions, and of course this can't apply to multiprotocol clients (e.g., Mosaic, Navigator/Commuicator).

    OpenSSH, to me, says one thing and one thing only - that it's an "open" implementation of the "SSH" protocol. It has absolutely no connection to SSH-the-program or SSH-the-company other than the historical curiosity that the latter originated the protocol and is pushing it on the standards track. (Something which is undoubtably dead in the water until they (SSH, not ISO) pull their head out of their corporate assh.)

    If SSH-the-company wants to keep the identity of SSH-the-program distinct from SSH-the-protocol, they should change the name of SSH-the-program.
  • by sulli (195030) on Thursday February 15, 2001 @06:53PM (#428291) Journal
    for some good alternative names. The best in my opinion was FRESH [slashdot.org]: Free Remote Encrypted Shell. Sounds good to me!
  • ``Under US law, a trademark registration entitles the owner to exclusive use of the trademark as it is registered, in relation to the goods and/or services for which it is registered,'' Tatu Ylonen tells us.

    But that's not true. What the owner obtains are exclusive rights (within one field) to use the trademark in commerce. Read the law:

    • 15 U.S.C. 1114(1)(a) applies only to actions ``in commerce.''
    • 15 U.S.C. 1114(1)(b) applies only to documents ``intended to be used in commerce.''
    • 15 U.S.C. 1125(a)(1) applies only to actions ``in commerce.''
    • The new cybersquatting prohibitions, 15 U.S.C. 1125(d)(1)(a), and 15 U.S.C. 1129(1)(A), apply only to people acting with an ``intent to profit.''
    I doubt that the name OpenSSH is likely to confuse or deceive people. However, even if it is, non-commercial use of the name is legal.

    I recently announced my plans to set up freebugtraq [cr.yp.to], a non-commercial competitor to bugtraq. I was promptly threatened with a trademark lawsuit. Where do trademark owners get the idea that they can control non-commercial activities?

  • > Good job. We have now taken the position to the outside world of being total assholes.

    Saying "If you do that, you'll look like a total asshole" to Theo de Raadt is pushing him to do it. Ask around you "who is the biggest open-source asshole ?". If you remove the goatse.cx (which may not be opensource), most answers will point to Theo.

    He is already the most appreciated asshole of the community.

    Cheers,

    --fred
  • the standard, as I understand it, that openSSH is based on, is described in an open standard named secshell. the closed SSH works off that as well, but has the trademark SSH. I'm inclined to give the Author the right to the name, although its a real pitty he didn't think of enforcing his trademark early on, as now its quite late. However, I'd suggest that openSSH should keep its name and change its tool to sec, or secsh. And please don't make a lame joke about csh worrying about this.

    Clearly the problem is that there are multiple tools that are used the same way and called the same thing. ssh makes a secshell connection to address with terminal emulation. One of these tools has a trademark on ssh; I think its actually in a good possition to make a case that the other tool should use a different name, such as the more descriptive secsh.

    -Daniel

  • by Znork (31774) on Friday February 16, 2001 @04:56AM (#428303)
    However, it is a clear proof that the name ssh was in general use for products complying with the ssh RFC long before the trademark was granted, which basically means the trademark isnt valid, nor has ever been a valid trademark.

    Read USC title 15 section 1115 for the various reasons that a trademark can be contested. There are at least 4 possible separate paragraphs that can be used in this case, including prior use, abandonment, permission and mark functionality.

    All this is is a lesson to other people that legalities like trademark issues, patents and license issues isnt something you play around with and later decide what you really meant (or change your mind about it). SSH has been messy this way from the beginning.
  • The only reason the web page is called "secsh" is that there already exists a page called "ssh" at http://www.ietf.org/ids.by.wg/ssh.html [ietf.org] (the Site Security Handbook, which is NOT a protocol).
  • And maybe when they do that they will end up being just another proprietary unused worthless security-through-obscurity product.

    SSH would be exactly there, had they gone down that route from the beginning.

    The author of SSH was kind enough to release his code and make it public (sorta had to since he had GPL parts in there at the time), we were nice enough to decide ssh was a good idea and use it in a lot of places, creating the market for him. We got a turnaround, license changed, proprietary product that didnt work on all platforms any more and an incompatible shiny new protocol.
  • Well, C is for cookie.
    That's good enough for me!

    John

  • Sendmail and bind are two notable exceptions
    Sendmail isn't really a protocol -- SMTP, UUCP, etc. are protocols. sendmail does have a command-line interface which is widely used. And they've never tried to keep other MTUs from implementing their own sendmail-like wrappers and naming them sendmail. Bind might still be an exception though.

    Am I being obnoxiously picky? Yeah, I suppose so.

  • by Alien54 (180860) on Thursday February 15, 2001 @05:46PM (#428314) Journal
    The Register had a followup on this.

    Theo de Raadt, co-creator of OpenSSH, hopes the community, not the courts, will decide the trademark skirmish. He points to a licensing agreement that allowed independent versions of SSH before Ylönen received a trademark in 1996, and he wonders why Ylönen has taken five years to decide to enforce the trademark.

    He adds: "There are two main clinchers going on here. One is the fact that this licence file predates the trademark, and it grants rights that cannot be removed. And the other is the history of non-enforcement... against anybody else in the entire field using this name, then suddenly enforcing us because we're getting big enough."

    Looks like it is too little too late as far as trade mark enforcement goes. If nothing else, Ylönen may be trying to cash in on the name of OpenSSH.

    Although there is a point that he (Ylönen) has to do something, I suppose, and better late than never. But it is likely too late.

    Oh yeh, IANAL btw

  • Okay, we had quite an argument about SSH vs. OpenSSH just a few days ago, and now we're re-stoking the fire?

    Trademark law is there to protect the consumer. Who can honestly deny that OpenSSH has been hurt SSH's business? The only point in contention is that SSH waited to long to enforce the trademark by being NICE -- by emailing the team over the period of a year, several times, at least from my interpretation of the letter in the last Slashdot piece on SSH.

    Being NICE is something Slashdotters always seem to want corporations to do. And now it make have cost SSH its trademark. But we don't care, because we're so wrapped up in our own superiority and rights to entitlement that we bite back whenever it's something we disagree with, even if it's a double-standard. This attitude is no less evil than an "evil" (tongue-firmly-in-cheek) corporation.

    Let's remember that there's a trademark on LINUX.
  • Just trolling around, but maybe Mr.Bourne (or the author of the orig. shell) should sue them for using SH. C'mon that's pretty confusing. I might think that Mr. Bourne was involved in cryptography. (which is evil, right?) :)
  • by Sloppy (14984) on Thursday February 15, 2001 @09:15PM (#428324) Homepage Journal

    Trademarks are the only thing that prevents confusion in the marketplace. If people are confused and think that OpenSSH is from SSH, then there is a legitamate issue.

    But is this confusion really caused by OpenSSH having a name that is similar to SSH, or is the confusion caused by the fact that Tatu Ylonen chose to overload "SSH" to mean both a product and a protocol?

    If OpenSSH is renamed to "FooShell" but still implements the SSH protocols, confusion is going to remain. The reason there will be confusion is that the word "SSH" (more often than not) will still refer to something that might not be SSH Communication Security's product. Just as when people talk about Cola, they're not always talking about Coke.


    ---
  • by Throw Away Account (240185) on Thursday February 15, 2001 @09:26PM (#428329)
    OpenSSH is doing nothing illegal; they have a non-revocable license to use the name.

    According to the SSH version 1.2.12 license:

    "As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."

    OpenSSH is doing nothing illegal in using the term "ssh", because OpenSSH is a derivative work of ssh 1.2.12 and is compatible with the RFC.

    Now, Mr. Ylönen may regret having given that permission. But the only argument he can make is that the OpenSSH name is not sufficient to mark that the software is a distinct derivative work of ssh. If so, he can object to the OpenSSH name itself, but not the use of "ssh" in the name.

    BTW, Kleenex® and Xerox® (along with Velcro®) are still trademarked (at least in the U.S.) due to the extensive efforts of their legal departments. Partly because their founders had the sense to not issue a license allowing other people to call their products Kleenex, Xerox, and Velcro, unlike Mr. Ylönen.
  • In a very loose sense I'd have to agree with you, and with the various people who have posted in support of Ylonen's right to defend the SSH trademark.

    What I'm having a problem with is that SSH is the acronym for a protocol that has been submitted to standards bodies by the holder of the SSH trademark. By definition anything submitted to the public standards bodies becomes part of the public domain.

    Aside from the use of the term in the standards documents, there has been no apparent attempt to stop anyone other than the open source development team from using SSH in the name of their "product." As someone else has pointed out in these threads, trademark defense has to be consistent to be valid.

    I'm not sure a trademark on the acronym SSH is valid without being more specific about the design of the trademark. Even IBM's trademarks aren't on the three letters IBM, but on specific color combinations and fonts for their famous corporate logo.

    Although I generally don't feel Ylonen is acting in good faith in this matter, I'd rather see us switch to a name like OpenSTN, provided that the documentation submitted to the standards bodies are also updated to use a protocol acronym other than SSH. Whatever acronym is used for the standard is the acronym that should be used by Open???.

    I don't agree with comments in this thread that the open source project should have a page crediting and linking the commercial provider's site. If anything, they should be referencing the site and documentation from the standards bodies describing the protocol. Once a standard has been submitted to ISO, ANSI, W3C, or any other such body, it is the standard that becomes important for determining interoperability, not the identity of the originator. Any historical credit for the standard should be referenced by the standards documentation, not by the open source implementation.

  • My vote is for Cryptonomicon Enabled

    Nobody would object if we put a CE after everything

    telnetCE
    ftpCE
    fooCE
    barCE
    loseCE
  • The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable.
    I dunno, he made some pretty snide FUDy remarks, like "OpenSSH is encouraging insecurity cos it implements SSH1 not SSH2". There was really no need for that attack, which was somewhat incorrect in any case, it wouldn't bolster his legal position and it wasn't phrased in a way to persuade the OpenSSH people.
  • As far as the law is concerned, OpenSSH should probably be able to keep its name. But like the commercial says, just because you have the power to do something, doesn't mean you should.

    OSS should take the high road and just rename itself. If OpenSSH does it now, then they can say they made their own decision and did it because they wanted to. If they wait too long, then stronger words will be used by both sides, and pretty soon emotions take over and you can kiss common sense and cooperation goodbye.

    So, OpenSSH, change your name, not because you have to, but because you can. Be altruistic. I think that's the best outcome that will make everyone feel good about themselves and others.

  • The ssh mark is a significant asset of SSH Communications Security and the company strives to protect its valuable rights in the ssh name and mark.


    This is true. Some might go so far as to say it's their only significant asset, but that's a different matter.

    SSH Communications Security has made a substantial investment in time and money in its ssh mark, such that end users have come to recognize that the mark represents SSH Communications Security as the source of the high quality products offered under the mark.


    Again, this is nothing controversial. SSH has held the mark since 1998, according to the USPTO documents on the site. They've invested money. No one doubts that.

    This resulting goodwill is of vital importance to SSH Communications Security. It wants to make sure that you understand the importance of SSH's mark to it, and, by necessity, its need to protect its trademark against the unauthorized use by others.


    Again, this is nothing controversial. Companies have to defend (or make the appearance of defending) their trademarks, lest they lose them. This is a mere legal formality.

    This part, however, goes too far:

    This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.


    This is prior restraint and flies in the face of the first amendment. SSH Communications Security owns the trademark on "SSH" in the realm of client-server protocols, that does not give it the right to bully openssh about their domain name.

    Take down the offending software, perhaps, but domain names aren't mere marks that distinguish products from each other. They're our very language itself. Owning a trademark in one realm of human communication doesn't give you the right to own it in all others.
  • by Anonymous Coward on Thursday February 15, 2001 @05:53PM (#428342)
    If I remember correctly, some guy [that's how good my memory is ;) ] took M$ to court over the name Internet Explorer. He proved he had used the name Internet Explorer before they did, but Microsoft won because their browser isn't Internet Explorer, it's MICROSOFT Internet Explorer. As long as they preface it with Microsoft, it's not the poor guy's word. Same with Excel, I believe. Likewise, this isn't SSH, it's Openssh. Anyway, I have to go, Matthew Broderick is suing me for having the same first name.

What is wanted is not the will to believe, but the will to find out, which is the exact opposite. -- Bertrand Russell, "Skeptical Essays", 1928

Working...