The ssh vs. OpenSSH Trademark Battle, Next Round 252
My favorite tidbit from the article is this: "[OpenBSD and OpenSSH Developer Theo] de Raadt cites U.S. trademark law that requires owners of trademarks to notify violators immediately ... de Raadt argues that Ylönen would have to be living under a rock not to be aware of OpenSSH before now. OpenSSH, released in December 1999 and in use before that, was used by more than 17% of all SSH users earlier this month, according to a study published on the University of Alberta Web site." Besides that, the story does a great job of listing other people whose products including "SSH" in their names have been left blissfully alone, making it seem that OpenSSH is getting what can only be called special treatment.
Of interest: here is a link to a page at openssh.com showing the legal papers received and scanned by members of the OpenSSH project, including the trademark application in question, showing an entirely lowercased "ssh" as the applied-for mark.
You think this is funny? (Score:2)
How about unfair corporate use? (Score:1)
I'm not sure if such hijacking is legally possible, or worthwhile, but it would really be unfair and damaging to SSHCS, or any company, which is why we have the trademark laws. This may be one reason why they may have to enforce it.
The reaction of SSH Communications Services may thus be quite understandable and acceptable. But that doesn't of course negate the fact that Tatu and SSHCS made a legally fatal mistake in giving the protocol, the free version of the product, the commercial version, and the company the same name.
bad company (Score:1)
Just to show how much more understanding and reasonable all the other big corporations are, I'm going to introduce the products:
OpenKleenex
OpenJello
OpenSPAM
Re:A name... (Score:1)
0p3N55h3Z 4-3v3R!
Re:What about trademarking other things like this? (Score:2)
I think its too late for that... the trademark has already been sufficiently diluted - I started using OpenSSH about 4 months ago, and I had never even heard of the company until this article.
Re:I like Theo, but that was the wrong thing to do (Score:2)
If you're not compatible, you can't use the name.
That doesn't mean you can use the registered mark. When that was done, there was no registered mark. The Mark is owned by a corporation (founded by this gentlemen, not that it's terribly relevant), and can't be appropriated without authorization.
For example, if I write some code, call my program Microsoft, and say in my license that you may use the name Microsoft in referring to my code, you aren't authorized to use it.
That is hardly a license to a Trademark issued two years after that was written.
The author of the original software asked you not to use the name ssh or Secure Shell if they are incompatible. That is a contractual agreement as part of a license.
The company is using the Trademark SSH to refer to their company and software. When you used that license, you contracted to not name is SSH if it is not compatible. That has NO bearing on the trademark.
Re:Et Tu Slashdot (Score:3)
If his permission to use "ssh" is revocable, arguably so are any other parts of his license -- including the permission to use the code in derivative works. Rolling over on the name could be used in court as evidence that the OpenSSH crew agreed that the license is revocable -- in which case he can next eliminate the whole OpenSSH project, whatever its name. Ooops...
Re:Compromise (Score:2)
Well, at least, it shouldn't work that way. Fraunhofer is doing the exact same thing with mp3. The problem is that there needs to be a distinct line drawn between specifications and products. You shouldn't be able to trademark a specification (such as the SSH protocol).
Question (Score:3)
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
What if it were Linux (Score:3)
Encrypted shell (esh)
trusted Shell (tsh)
secure telnet (stn) which btw, is more accurate, as it's not really a shell.
Get involved
FTP and FTQ too! (Score:2)
Re:Et Tu Slashdot (Score:2)
But this part of the law was created for exactly this case... when a trademark owner allows others to invest a large amount of time and/or money into an infringing mark without their knowledge of infringement, and then tries to pull the rug out from everyone at exactly the worst time.
--
SeSH? (Score:3)
The concept of trademarking an application name so close to a standard protocl name is, at best, silly. On the other hand, I don't think that it's worth starting a big fight over. There are far better things to put our energy/ time/ money into.
--
Re:Et Tu Slashdot (Score:2)
I sorta disagree. gcc was not named cc. gnutar was not named tar. They don't have to name their program ssh. RMS would say that they should do things as differently as possible, and provide a --traditional for inter-operability (Btw, I would love hearing what Theo would say if RMS tried to tell himn what to do
Sure gnuls would be ridiculous, so my example isn't worth much. Even apache is named httpd, so...
> By your standards F-Secure is diluting the ssh mark
Frankly, I don't know. I was just saying that *I* often confused ssh and openssh, and that *I* would have zero problem using asfkaos (A Shell Formelly Known As OpenSHH) as it would help me to stay away from ssh(tm) products.
OTOH, maybe you are right, and ssh corp should be told to f*ck themselves...
Cheers,
--fred
It's a suite of products, people! (Score:2)
"ssh" is a secure replacement for rsh, "slogin" is a secure replacement for rlogin, and "scp" for rcp.
rsh was for remote shell, ssh is for secure shell.
That's why, so if you think you're cool and are allowed to speak just because you popped a RedHat CD into your Packard Bell, please reformat, reload windows, and don't come back.
Thank you.
-Nev
He's being "nice", but... (Score:5)
O SSH [pdc.kth.se]
TTSSH [zip.com.au]
NiftySSH [lysator.liu.se]
MacSSH [macssh.com]
Java-SSH [cam.ac.uk]
TGssh [www.ai]
sshCE [movsoftware.com]
An OpenVSM project called just SSH [ohio-state.edu]
SSH-OS2 [nmsu.edu]
...
and, well, you get the point. He's just going after OpenSSH because they're beating him in the market. And not only does he have no legal leg to stand on, but he's being a real slime by only going after the successfull one. Theo would be right to tell hime where to stick his lawyers.
Re:What if it were Linux (Score:2)
he's done that. there was a story on slashdot a while ago about it, but it would be a horrendous pain in the ass about it. basically, linus has no problem with use of the lunix trademark as long as it's done in good faith. but when somebody registered a bunch of linux-related domain names so he could sell them, linus threatened action, and the guy backed down.
note: that's how i remember it. i could be on crack.
Last license I buy from SSH Inc. (Score:2)
opensource project with a very good stance on why it did and should continue to use the name OpenSSH. I was planning on rolling out SSH this summer to over 800 desktops/servers. I guess I will be DEFINATLY going with OpenSSH in light of these developments.
Re:Et Tu Slashdot (Score:2)
A name... (Score:4)
I like Theo, but that was the wrong thing to do... (Score:4)
Good job. We have now taken the position to the outside world of being total assholes.
The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.
Now, this is totally absurd.
He didn't bully, DON'T use that against him. The arguement that he didn't bring it up until confusion happened may be legally correct, but now sets the horrible precedent that Open Source groups will be as shady as possible, and if you give them an inch, they'll take a mile.
Notice something, the original license (if anything tells people not to be nice and release their source code, this is the example, that was hardly a license, more of a nice gesture) allowed you to call your application ssh.
That's irrelevant.
OpenSSH could be renamed, OpenSecSH, which would be an open implementation of the SecSH protocol, which is the name of the working group. The FILE could still be called ssh/sshd.
SAMBA couldn't call itself SMB, confusion reasons, but the applications use SMB (like, smbd).
However, you can be polite, compile as osecsh and osecshd and include a symlink (automatically, but prompted) for ssh and sshd, so if you have both implementations, you can decide which one you want.
However, if the Open Source community insists on fighting on the Trademark grounds, we're in the wrong.
You can dispute the merits of Software Patents.
You can dispute the merits of long copyright terms.
You can dispute the merits of copyrights in general.
You can't dispute the merits of Trademarks.
Trademarks are the only thing that prevents confusion in the marketplace. If people are confused and think that OpenSSH is from SSH, then there is a legitamate issue.
Also, I don't think you're going to win on the enforcement. One year or so is reasonable, given that OpenSSH has minimal press coverage, etc. I think that it would be EASY for SSH to show that they found out about it, saw a problem, and then asked them to fix it.
Theo, you're going to lose, and you're being a bastard. He hasn't demanded that you stop making a version of SSH, just that you not use his product name.
Theo, I'm an OpenBSD user. I love OpenBSD. I love OpenSSH. You're in the wrong here... VERY WRONG.
Alex
Et Tu Slashdot (Score:5)
Now it's open sources' turn. The right thing to do is honor the wishes of the guy who created SSH, the guy who made SSH available to you (albeit with a license you didn't like), and the guy who still tries to make a living from his hard work.
Give up the conflicting name. Not because you have to. Because it's the right thing to do.
Prompt nodification (Score:3)
-Moondog
Re:Et Tu Slashdot (Score:5)
He gave the name away, and now he regrets having done so. Well, too bad. OpenSSH used the name with the entirely justifiable understanding that this was allowed. They took nothing that had not been offered. They built a brand of their own, which the original author now wants to destroy since it is becoming competitive.
That's dirty pool.
Claim your namespace.
Compromise (Score:5)
If he doesn't want it to escalate, then he'd best compromise. I think that there's a broad feeling of indignance in the OpenSSH developer and user community that there's a "submarine trademark" (if I may put it that way) on something which we consider to be the name of a protocol. I think there's going to be a great reluctance to go ahead with a name change, because it would let the nose of the camel into the tent. What next -- remove all mention of "SSH" from the documentation?
If Ylönen demands no less than the removal of "SSH" from the project name, and OpenSSH isn't willing to do this, then he has the choice of either backing down or going ahead and making himself really unpopular by suing a free software project. This whole direction does not strike me as being one that can result in a net win for Ylönen. If he wins his trademark rights he'll establish himself as an enemy of the OpenSSH community; if he loses his trademark he looks like a poor businessman.
Instead, he should cut his losses and suddenly realise that he can license the use of the trademark to the OpenSSH project for free, on condition that they clearly distinguish themselves from his product, and perhaps provide linkage to his web site as a clarifying measure. If the real problem is customer confusion, then let's deal with the confusion without all this ugly legal sabre-rattling nonsense.
Does Ylönen realise that he's setting himself up as an enemy of the Free Software Republic? This isn't sensible.
Re:Too Little, Too Late (Score:3)
All this time our policy has been that the trademarks cannot be used by others without a proper acknowledgment, and cannot be used in product names without a special license from us," he said. "We have enforced it against all significant players in the field," he added. "We have not felt it appropriate to go after every random web page or the various non-commercial student projects done at universities."
So which is it? Do we think it's better for a trademark owner to go after every single petty violation? Or does it seem to be more fair when a trademark owner lets some of the little guys slip through the cracks, but then has to take action if they become larger? You can't have both worlds...
(granted, there was that other clincher, but your particular argument conflicts with other common slashdot sentiment)
--
Re:Have a contest for a new name (Score:2)
M$ probably thinks they own the CE suffix. winCE and all.
so would you rather M$ go after you or that SSH guy? ;-)
--
Re:You thnk ths s funny? (Score:2)
At least there's no (TM)s n your username.
Re:Et Tu Slashdot (Score:2)
The Project History and Credits section of the OpenSSH website would seem to refute your assertion:
The original license contained the following text:
While I can't personally vouch for the veracity of the OpenSSH history, it and the original license not only seem to directly contradict your assertion that "you couldn't use it for commercial purposes", but also seems to imply that if a derived version of the original is compatible with the protocol description, then he has no problem with someone referring to it as "ssh" or "Secure Shell".
Also, The SSH transport and user authentication protocols have been submitted to the IETF [w3.org] by Ylönen himself, which I believe qualifies as "submit[ting] as an open standard". As a matter of fact, it's currently the main focus of the Secure Shell (secsh) IETF working group [ietf.org].
All in all, this parallels the "one click" scenario pretty closely, with the difference being that SSH was far more novel and complex an idea than "one click" shopping. If Mr Ylönen had released it as a commercial product, or even just released it under a more restrictive license, there would be no debate. As it stands, though, it reeks of dodgy business practices brought on by stockholder pressure and OpenSSH's success.
Re:I like Theo, but that was the wrong thing to do (Score:3)
That's what I thought until I read the last bit of his letter to the OpenSSH developers:
This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.
Until I read that, I sympathised with the SSH company - I thought they were doing the right thing by just requesting instead of sending the attack-dog lawyers. However, they made an agressive pre-emptive strike to destroy openssh.com's domain before they even have had a chance to consider changing their name.
If I were in charge of OpenSSH, I would have gladly changed the name of my code has he not pre-emptively tried to destroy my domain before I had a chance to even consider what to rename my product to!
Re:Et Tu Slashdot (Score:3)
Agreed. The SSH chap sounds like a decent, pleasant fellow. Given that by far the hardest thing he's asked the OpenSSH people to do is choose a new name, and that he's contributed significantly to their own success, it would show a lack of common courtesy should they refuse to comply.
I honestly can't see why /. is making such a fuss about this, it smacks of mob hysteria and, as you say, double standards.
Re:What about trademarking other things like this? (Score:2)
-m
Let me get this straight... (Score:4)
Puh-leaze!
Enough with the stupid intellectual propery lawsuits already.
I think Tatu's just pissed that OpenSSH is a better product than his commercial SSH, and that OpenSSH is becoming so widely used that it, and not Tatu's commercial ssh, is what people generally mean when they say, SSH. Shit! Now I've just supported his case.
Re:Compromise (Score:3)
The only thing he can do is modify the name of his product, trademark the new name, and launch an advertisement campaign to make it known.
Re:What if it were Linux (Score:2)
Who is on the side of "trademarks are bad"? We're on the side of "selective enforcement of trademarks are bad, and most likely invalid".
No, it isn't, and had Ylönen requested that the OpenSSH project change its name near the beginning, and been requiring that other SSH impementations that he knew of change their names, I at least wouldn't be objecting to this. By singling out OpenSSH for this treatment, springing this upon them (apparently) more than a year after OpenSSH was started (with much controversy over the domain names, if you will recall - this wasn't a stealth project), and assisting with the development of other SSH implementations without requiring that their names be changed, he created this situation.
Re:lets not have a double standard (Score:2)
There is, there should be, and they did based on what was true at the time.
There is an expiration on the time to prosecute, and their very well should be. Statute of limitations exist for many things. Generally the idea is you have to decide _now_ if something pisses you off enough to sue, not wait until 10 years down the road when your company isn't doing so hot and needs some extra loot. If someone has a trademark, they have to defend it. Waiting until someone else has established their own name and then trying to take them down is not only dirty, it flies in the face of the law.
When OpenSSH started, they believed they were ok to use that name. So they only thing they could have "known better" was to know that once their product started to steal market share from ssh, SSH would turn on them.
And lastly, how exactly would this be SSH getting their name back? Have they been unable to use it in the interim? No. Is OpenSSH the same as SSH? No. Can you attack anyone whose name contains part of yours? Maybe if WIPO is presiding, but not in US law. I can name my application "Something Explorer" without being sued by MS.
Yes, OpenSSH used the ssh name, but only in the sense that the name OpenSSH accurately describes what it is and does. I can see the name and say "ah! an open implementation of ssh. much preferable to that closed source garbage." So the gains made by OpenSSH were as much because of conscious decisions as name similarity. It's not like releasing a soft drink in a red can named Coca-Cola, where people think your product is the same. It's more like releasing a product called "Generic Cola" in a red can -- people can quickly figure out that it is supposed to be like Coke, but is cheaper. If Coke really does taste better than Generic Cola, then people will still buy Coke. If not, then that's Coke's problem, not an invitation for their lawyers to try to shut down Generic Inc.
Side note: if SSH really wanted to have a distinct name to build a brand around, they shouldn't have just used the "single-letter abbreviations for what my shell is, followed by sh" naming convention. If I were to decide, that right there would lead me to rule that their trademark was unenforceable.
Re:FTP and FTQ too! (Score:2)
-Don
Re:What about trademarking other things like this? (Score:2)
rsh is not a shell itself, it provides access to a "remote shell". In the same way, a secure shell would be any shell that you got access to securely.
Which leads to my favorite new name for the open source version: what it does is "opens shell" or, OpensSH. There, everybody happy now?
Re:Prompt nodification (Score:2)
Both trademark and patent laws contain provisions requiring that the owner file claims within a limited period of time. In the case of SSH the trademark holder may already be too late.
MOVE 'ZIG'.
Re:Not only is this dumb... (Score:3)
Nah. Trademark law provides for unrelated products to be sold under the same trademark without infringement.
MOVE 'ZIG'.
Re:Skipping to the meat of the letter: (Score:2)
Bzzzt. Wrong. The main point of law is the question of whether the name domain OpenSSH might cause confusion. In this case, given the identical functionality if the products I think they have a good case.
MOVE 'ZIG'.
Well, here's telnet... (Score:2)
Yet.
Re:Not only is this dumb... (Score:2)
No, this is not always true, see the case of Visa condoms [jenkins-ip.com] being denied, even though it's nothing to do with credit cards.
--
Re:There's the solution! (Score:2)
Maybe they should rename OpenSSH (Score:4)
Butt-Head Cryptographer...
Besides, I can type bcp a smidgeon faster than scp.
Re:Microsoft's Lawyers Fixed this for Openssh (Score:2)
Microsoft DO have some deal with them, but both sides refuse to reveal details of it.
* explorer is a registered trademark of the symicron GmbH
Samba Information HQ
Re:Skipping to the meat of the letter: (Score:2)
Re:lets not have a double standard (Score:2)
Apples and Watermelons. (Score:5)
This is nothing more than a company trying to rescind the actions of it's founder to protect a failing business strategy.
Why? Because people are being drawn to the open-source implementation rather than paying out good money for something they can get for free.
Tatu's also probably peeved that OpenSSH will receive wider distribution (through Linux, BSD, and possibly OS-X sales/downloads) than his company's probably capable of. And thus will be more likely to achieve ubiquity than his proprietary, commercial products.
Sorry, but it doesn't work that way Tatu. You can't fish something out there until it hits name-recognition status, then make them change their name so you can supplant them. The community is NOT your advertising tool.
Chas - The one, the only.
THANK GOD!!!
Re:secshell (Score:2)
Imagine that he did back in 1999 when OpenSSH was first released. What would have been the Slashdot reaction then?
Well, (Score:2)
No, wait, don't sue me! ;)
-Omar
(or SwiSH
or SwaSH
or...
)
Re:Skipping to the meat of the letter: (Score:2)
Actually, when I read the letter, I saw
Are you just trying to stir up the flames?Re:secshell (Score:4)
No, your understanding is wrong. The standard is called "SSH". Look at the IETF SSH Protocol Description [ietf.org]:
Abstract
SSH is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH Connection Protocol. It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encrypted tunnel. The SSH Connection Protocol has been designed to run on top of the SSH transport layer and user authentication protocols.
Re:What about trademarking other things like this? (Score:2)
much like the .arc extension begat .zip (Score:3)
More than a decade ago, we saw this with SEA trying to enforce the
It could happen again.
Re:What about trademarking other things like this? (Score:3)
The major marketing investment done in SSH has been made by Unix system admins who needed a secure and practical (and easily obtainable) way to connect between hosts, and who were later left to fend for themselves as the product went closed and unsupported on a large number of platforms.
And, frankly, having gone through the pains of dealing with the forms of licensing of SSH and having salesmen tell me there is NO version that has ever been free (ok, I know more about the licensing than the salesmen) to the various other stages, it was a true pleasure to dump the commercial branch and go entirely with OpenSSH.
If SSH has any brandname value it is despite SSH Inc, not because of it.
Re:its kinda too bad, but its the rules (Score:2)
Who even knew it was trademarked? Did they ever attempt to let anyone know this before? No.
SSH is the common word for a protocol; everyone knows that. It's already been what trademark law calles, 'diluted'. It's a common name now; once something is common like that, you can't take it back just because it's trademarked. Everyone already has something in their mind when they think of 'ssh', and it's not this guys product in particular, it's merely the protocols involved.
Re:Et Tu Slashdot (Score:5)
"As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."
This would pretty clearly seem to imply that as long as OpenSSH was creating a protocol-complaint product that they were welcome to use the name ssh. Otherwise it would have said something like "SSH is the trademark of SSHC, INC, and may not be used without our permission, period".
Unless I am missing something here, it would seem as if Ylonen pretty clearly authorized other compatible and derived products to use the name 'SSH'. And once that permission was granted, it can never - at least not if we want to 'do the right thing' - be taken back.
Claim your namespace.
Re:FTP and FTQ too! (Score:2)
-Don
ssh... short shiny hair? silly slimy hubris? ... (Score:2)
Re:Skipping to the meat of the letter: (Score:2)
This part, however, goes too far:
This is why we have contacted Corenic.net, your domain registration provider, to cancel all service on the "openssh.com" domain.
Where is that bit? I can't find it. Thanks
Re:Do they have the right to do this? (Score:2)
-Don
Future Projects (Score:2)
Next time, when we start a Free project aiming to be compatible with someone else's code, why don't we *TALK* to them first?
I'm not saying we should ASK for permission to use name or anything, but just to get an idea how they'd interpret their own agreements.
Say, if the OpenSSH team talked to SSHC and said "Now we have your 1.27 license, and it says we can use the name if it is compatible. Can you verify that?"
If they said "Ok you can use that" then they'd better keep their mouths shut at this time. Too bad it wasn't what happened.
Command Names and Trademarks. (Score:2)
This case is worrying, however, because ssh is also the name of the command. The trademark is not only identifying a brand, it is also the thing you type to perform an action. If DEC (or whoever) had patented "dir" they would have made competing OSes less attractive because new OSes would have to invent arbitrary different names for conceptually identical commands. If SSH enforces the trademark, it is only reasonable that they must fight against alternative implementations using the command "ssh".
This would lead to a repeat of the look-and-feel wars of the GUIs, only this time fought over CLIs using trademark law. LnF was about users moving to different platforms/apps and expecting things to work the same. CLI is no different: users expect telnet to do approximately the same thing on all platforms. If command names are choosen to avoid infrigement, we all will lose.
Re:An idea! (Score:2)
Next you'll say "I'll trademark the trademark symbol! Then anyone who trademarks anything will violate my trademark and I'll sue them for trademark infringement." (that idea is trademarked btw. And so are the three letters btw)
Now lets all have a good laugh while our mod points die.
"Me Ted"
Re:Microsoft's Lawyers Fixed this for Openssh (Score:2)
--
What about trademarking other things like this? (Score:5)
However, on the other side of the table is OpenGL and Mesa3D. Now, MesaGL would more accurately describe what Mesa3D emulates, but GL is a trademark of SGI, and they probably wouldn't like it if it was used without their permission. The best solution would be for the designers of OpenSSH to change their name and avoid any more disputes. This would also give open source developers a more moderate reputation, as opposed to the uncompromising one they seem to have nowadays.
what's next (Score:2)
Lawyer: not open and shut, but close (Score:4)
I'm not certain which jurisdiction's law governs here (and am not going to do the hour or two of research unless someone pays
He said that software could be used and modified, and that *incompatible* programs must not use the ssh name. That doesn't *give* permission to call compatible programs ssh, but it certainly implies it. Similarly, finding someone with a smoking gun in his hand over the shot and still bleeding body doesn't *prove* he killed him, but there's a whole lot of 'splainin' to do . . .
I don't see where he can go with this without producing more info. With implied consent and five years of silence, it's a real hard row to hoe . . .
hawk, esq.
Re:A name... (Score:2)
--
wrong view of the candy (Score:2)
Can't he sell support for OpenSSH? (Score:2)
Since his company apparently has problems and lots of people contant it for support for OpenSSH, couldn't he just start supplying it, for a fee? It seems to me they should be capable of that, and they'd be in a great position to point out the advantages of using their own, commercial ssh...
Re:I like Theo, but that was the wrong thing to do (Score:4)
I agree with you on this point. But on the overall argument I disagree. Yes, Tatu is trying to be nice. And yes, Theo is being an asshole. But that being said, I don't see how Theo's going to lose this. With his current attitude, he's in danger of losing the PR battle, but that seems to be it.
Have you seen the license for ssh 1.2.12 (which is what OpenSSH is based off of)? Here is the most salient part (IMHO):
The only thing he says about the name is that if you're not compatible, then you can't use the name. Which leaves the only possible interpretation to be that if you are compatible, you can use the name.
I think that it would be a nice gesture on OpenSSH's part to give up the name. But I don't think it is, by any means, required. And if OpenSSH wishes to protect their identity, using a publically available name, that's entirely up to them. Theo could be more nice about it, but I don't think he'd be in the wrong to keep the name.
Re:Et Tu Slashdot (Score:2)
I have been confused between openssh and ssh numerous time. Both commmands are named 'ssh', and I think it is an error.
Anyway, the request seems pretty stupid, as OpenSSH is doing a lot of good to ssh corp. If OpenSSH renamed the command to something less related to ssh, like pinss (pins is not secure shell) or yass (yet another secure shell), then ssh corp will loose a lot of mindshare.
Making the issue into "we can legally keep the name" is plain wrong. They want the name ? Give them. The name is just a name. The free alternative is better, so will succeed under any kind of name (and, people will alias ssh to wosin [whatever open ssh is named] anyway, so the pratical impact will be zero).
Cheers,
--fred
Nice Take... (Score:3)
This story [segfault.org] makes a nice point.
There's the solution! (Score:2)
Well, then, there's the solution: just rename OpenSSH to OpenSTN (Secure TelNet).
Sure, name changes are hard, but in Quake, when a rocket is barreling towards you, what do you do? Strafe to the side, right! And this is the legal equivalent of that.
I've gotta admit... (Score:2)
I think SSHCS's claims have no standing, and their decision to ``defend their trademark'' against only a single product sheds a poor light on Tatu Ylonen.
Nonetheless, the letter is much, much friendlier than what I've seen in similar cases -- i.e., cease and desist yesterday.
IMO, it looks like SSHCS is following good and proper form as they do this entirely questionable act :-/
Uh-oh, you're screwed (Score:3)
It's Pizza and OS/2 from now on.
Sorry, but you better get rid of OS/2, also. I think RMS and the FSF have had a trademark on the term "half an OS" for about the last 5 years of HURD's development. :)
Cheers,
Re:Too Little, Too Late (Score:2)
Also, unless Tatu is lying outright, he says (in the paragraph that I quoted) that OpenSSH is NOT the first to be "attacked".
--
OpenSSH named after protocol or application? (Score:5)
For countless reasons, I'm sure it's the latter. But that begs the question of why SSH-the-company was so incredibly incompetent that they named SSH-the-protocol after SSH-the-application even though virtually all servers and clients try to incorporate their protocol into the name. TELNET, FTP, FINGER, PING, HTTP(D), etc. Sendmail and bind are two notable exceptions, and of course this can't apply to multiprotocol clients (e.g., Mosaic, Navigator/Commuicator).
OpenSSH, to me, says one thing and one thing only - that it's an "open" implementation of the "SSH" protocol. It has absolutely no connection to SSH-the-program or SSH-the-company other than the historical curiosity that the latter originated the protocol and is pushing it on the standards track. (Something which is undoubtably dead in the water until they (SSH, not ISO) pull their head out of their corporate assh.)
If SSH-the-company wants to keep the identity of SSH-the-program distinct from SSH-the-protocol, they should change the name of SSH-the-program.
Read Yesterday's Article... (Score:3)
Trademark law applies only to commerce (Score:2)
But that's not true. What the owner obtains are exclusive rights (within one field) to use the trademark in commerce. Read the law:
- 15 U.S.C. 1114(1)(a)
applies only to actions ``in commerce.''
- 15 U.S.C. 1114(1)(b)
applies only to documents ``intended to be used in commerce.''
- 15 U.S.C. 1125(a)(1)
applies only to actions ``in commerce.''
- The new cybersquatting prohibitions,
15 U.S.C. 1125(d)(1)(a), and 15 U.S.C. 1129(1)(A),
apply only to people acting with an ``intent to profit.''
I doubt that the name OpenSSH is likely to confuse or deceive people. However, even if it is, non-commercial use of the name is legal.I recently announced my plans to set up freebugtraq [cr.yp.to], a non-commercial competitor to bugtraq. I was promptly threatened with a trademark lawsuit. Where do trademark owners get the idea that they can control non-commercial activities?
Re:I like Theo, but that was the wrong thing to do (Score:2)
Saying "If you do that, you'll look like a total asshole" to Theo de Raadt is pushing him to do it. Ask around you "who is the biggest open-source asshole ?". If you remove the goatse.cx (which may not be opensource), most answers will point to Theo.
He is already the most appreciated asshole of the community.
Cheers,
--fred
secshell (Score:2)
Clearly the problem is that there are multiple tools that are used the same way and called the same thing. ssh makes a secshell connection to address with terminal emulation. One of these tools has a trademark on ssh; I think its actually in a good possition to make a case that the other tool should use a different name, such as the more descriptive secsh.
-Daniel
Re:I like Theo, but that was the wrong thing to do (Score:3)
Read USC title 15 section 1115 for the various reasons that a trademark can be contested. There are at least 4 possible separate paragraphs that can be used in this case, including prior use, abandonment, permission and mark functionality.
All this is is a lesson to other people that legalities like trademark issues, patents and license issues isnt something you play around with and later decide what you really meant (or change your mind about it). SSH has been messy this way from the beginning.
Re:secshell (Score:2)
Re:Maybe next time.. (Score:2)
SSH would be exactly there, had they gone down that route from the beginning.
The author of SSH was kind enough to release his code and make it public (sorta had to since he had GPL parts in there at the time), we were nice enough to decide ssh was a good idea and use it in a lot of places, creating the market for him. We got a turnaround, license changed, proprietary product that didnt work on all platforms any more and an incompatible shiny new protocol.
Re:You think this is funny? (Score:2)
That's good enough for me!
John
Re:OpenSSH named after protocol or application? (Score:2)
Am I being obnoxiously picky? Yeah, I suppose so.
Too Little, Too Late (Score:5)
Theo de Raadt, co-creator of OpenSSH, hopes the community, not the courts, will decide the trademark skirmish. He points to a licensing agreement that allowed independent versions of SSH before Ylönen received a trademark in 1996, and he wonders why Ylönen has taken five years to decide to enforce the trademark.
He adds: "There are two main clinchers going on here. One is the fact that this licence file predates the trademark, and it grants rights that cannot be removed. And the other is the history of non-enforcement... against anybody else in the entire field using this name, then suddenly enforcing us because we're getting big enough."
Looks like it is too little too late as far as trade mark enforcement goes. If nothing else, Ylönen may be trying to cash in on the name of OpenSSH.
Although there is a point that he (Ylönen) has to do something, I suppose, and better late than never. But it is likely too late.
Oh yeh, IANAL btw
Is this a troll? (Score:2)
Trademark law is there to protect the consumer. Who can honestly deny that OpenSSH has been hurt SSH's business? The only point in contention is that SSH waited to long to enforce the trademark by being NICE -- by emailing the team over the period of a year, several times, at least from my interpretation of the letter in the last Slashdot piece on SSH.
Being NICE is something Slashdotters always seem to want corporations to do. And now it make have cost SSH its trademark. But we don't care, because we're so wrapped up in our own superiority and rights to entitlement that we bite back whenever it's something we disagree with, even if it's a double-standard. This attitude is no less evil than an "evil" (tongue-firmly-in-cheek) corporation.
Let's remember that there's a trademark on LINUX.
what about the SH? (Score:2)
Re:I like Theo, but that was the wrong thing to do (Score:3)
But is this confusion really caused by OpenSSH having a name that is similar to SSH, or is the confusion caused by the fact that Tatu Ylonen chose to overload "SSH" to mean both a product and a protocol?
If OpenSSH is renamed to "FooShell" but still implements the SSH protocols, confusion is going to remain. The reason there will be confusion is that the word "SSH" (more often than not) will still refer to something that might not be SSH Communication Security's product. Just as when people talk about Cola, they're not always talking about Coke.
---
Re:What about trademarking other things like this? (Score:3)
According to the SSH version 1.2.12 license:
"As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than 'ssh' or 'Secure Shell'."
OpenSSH is doing nothing illegal in using the term "ssh", because OpenSSH is a derivative work of ssh 1.2.12 and is compatible with the RFC.
Now, Mr. Ylönen may regret having given that permission. But the only argument he can make is that the OpenSSH name is not sufficient to mark that the software is a distinct derivative work of ssh. If so, he can object to the OpenSSH name itself, but not the use of "ssh" in the name.
BTW, Kleenex® and Xerox® (along with Velcro®) are still trademarked (at least in the U.S.) due to the extensive efforts of their legal departments. Partly because their founders had the sense to not issue a license allowing other people to call their products Kleenex, Xerox, and Velcro, unlike Mr. Ylönen.
Re:Et Tu Slashdot (Score:2)
What I'm having a problem with is that SSH is the acronym for a protocol that has been submitted to standards bodies by the holder of the SSH trademark. By definition anything submitted to the public standards bodies becomes part of the public domain.
Aside from the use of the term in the standards documents, there has been no apparent attempt to stop anyone other than the open source development team from using SSH in the name of their "product." As someone else has pointed out in these threads, trademark defense has to be consistent to be valid.
I'm not sure a trademark on the acronym SSH is valid without being more specific about the design of the trademark. Even IBM's trademarks aren't on the three letters IBM, but on specific color combinations and fonts for their famous corporate logo.
Although I generally don't feel Ylonen is acting in good faith in this matter, I'd rather see us switch to a name like OpenSTN, provided that the documentation submitted to the standards bodies are also updated to use a protocol acronym other than SSH. Whatever acronym is used for the standard is the acronym that should be used by Open???.
I don't agree with comments in this thread that the open source project should have a page crediting and linking the commercial provider's site. If anything, they should be referencing the site and documentation from the standards bodies describing the protocol. Once a standard has been submitted to ISO, ANSI, W3C, or any other such body, it is the standard that becomes important for determining interoperability, not the identity of the originator. Any historical credit for the standard should be referenced by the standards documentation, not by the open source implementation.
Have a contest for a new name (Score:2)
My vote is for Cryptonomicon Enabled
Nobody would object if we put a CE after everything
telnetCEftpCE
fooCE
barCE
loseCE
Re:I like Theo, but that was the wrong thing to do (Score:2)
Open Source should take the High Road (Score:2)
OSS should take the high road and just rename itself. If OpenSSH does it now, then they can say they made their own decision and did it because they wanted to. If they wait too long, then stronger words will be used by both sides, and pretty soon emotions take over and you can kiss common sense and cooperation goodbye.
So, OpenSSH, change your name, not because you have to, but because you can. Be altruistic. I think that's the best outcome that will make everyone feel good about themselves and others.
Skipping to the meat of the letter: (Score:2)
Microsoft's Lawyers Fixed this for Openssh (Score:4)