SSH trademarks and the OpenSSH product name

Steve VanDevender stevev at darkwing.uoregon.edu
Wed Feb 14 13:40:16 EST 2001


Tatu Ylonen writes:
 > The confusion is made even worse by the fact that OpenSSH is also a
 > derivative of my original SSH Secure Shell product, and it still looks
 > very much like my product (without my approval for any of it, by the
 > way).  The old SSH1 protocol and implementation are known to have
 > fundamental security problems, some of which have been described in
 > recent CERT vulnerability notices and various conference papers.
 > OpenSSH is doing a disservice to the whole Internet security community
 > by lengthing the life cycle of the fundamentally broken SSH1
 > protocols.

OpenSSH makes it quite clear that it's a derivative of your code by
including your original READMEs and license information, as indicated by
this excerpt from the LICENCE file distributed with it:

     * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
     *                    All rights reserved
     *
     * As far as I am concerned, the code I have written for this software
     * can be used freely for any purpose.  Any derived versions of this
     * software must be clearly marked as such, and if the derived work is
     * incompatible with the protocol description in the RFC file, it must be
     * called by a name other than "ssh" or "Secure Shell".

Apparently you've forgotten the original licensing terms under which you
distributed SSH, and the rights you specifically granted to those who
would derive works from it.  It's too late for you to call those back
now.

While I definitely agree that people should be encouraged to migrate
away from SSH 1, even your company continues to distribute an SSH 1
client and server and continues to allow for fallback support in your
SSH 2 server.  OpenSSH is no more promoting the "fundamentally broken"
SSH 1 protocol than your company is.





More information about the openssh-unix-dev mailing list