SSH trademarks and the OpenSSH product name

[Matthew Weigel]

> As you know, I have been using the SSH trademark as the brand name of
> my SSH (Secure Shell) secure remote login product and related
> technology ever since I released the first version in July 1995.  I
> have explicitly claimed them as trademarks at least from early 1996.

Didn't know that, since I've never seen it credited.  See
http://www.fsecure.com/products/ssh/client/index.html as an example; no
mention I can find that "F-Secure SSH Client" is in any way related to
a trademarked name.  

Curious that a business doesn't seem to be getting pushed about it,
when they could actually pay licensing fees.

> The SSH mark is a significant asset of SSH Communications Security and
> the company strives to protect its valuable rights in the SSH name
> and mark.  SSH Communications Security has made a substantial
> investment in time and money in its SSH mark, such that end users have
> come to recognize that the mark represents SSH Communications Security
> as the source of the high quality products offered under the mark.

Nah- I've come to recognize SSH Communications Security as the purveyor
of commercial security software that, generally speaking, can't keep up
with free stuff.  Just out of curiosity, when the bug in RSAREF was
discovered, was SSHCS's ssh-1 software vulnerable?  Was OpenSSH?

> We have also been distributing free versions of SSH Secure Shell under
> the SSH brand since 1995.  The latest version, ssh-2.4.0, is free for
> any use on the Linux, FreeBSD, NetBSD, and OpenBSD operating systems,
> as well as for universities and charity organizations, and for
> personal hobby/recreational use by individuals.

Does that mean to imply that you have significant good will towards
free software/open source software?  Clearly it isn't the case here, if
you're leaning on OpenSSH but not F-Secure.

As of this moment, I'm writing this thanks to the free ssh client,
Nifty Telnet SSH.  No mention on the web page of the guy who added SSH
support (http://www.lysator.liu.se/~jonasw/freeware/niftyssh/) that
you're giving *him* trouble, nor any mention of the trademark you're
claiming.  Why is it that you're apparently not going after him?

> Many of you are (and the initiators of the OpenSSH group certainly
> should have been) well aware of the existence of the trademark.  Some
> of the OpenBSD/OpenSSH developers/sponsors have also received a formal
> legal notice about the infringement earlier.

Is it legal infringement when the license is clear that if the derived
work is "incompatible with the protocol description in the RFC file, it
must be called by a name other than "ssh" or "Secure Shell""?  I don't
have a copy of that RFC file, but I'm willing to bet OpenSSH is
compatible with it.

> Shell trademarks.  I have also been informed of several recent press
> articles and outright advertisements that are further confusing the
> origin and meaning of the trademark.

Blame stupid media.

> The confusion is made even worse by the fact that OpenSSH is also a
> derivative of my original SSH Secure Shell product, and it still looks
> very much like my product (without my approval for any of it, by the
> way).

Yeah, well, that's what happens when you make something nice available
for free (thank you by the way) and then try to restrict it.  People
take that free release and run with it.

> The use of the SSH trademark by OpenSSH is in violation of my
> company's intellectual property rights, and is causing me, my company,
> our licensees, and our products considerable financial and other
> damage.

Oh please.  Because OpenSSH is better?  Well, OK, that makes sense. 
But not because people are confused; just because they prefer a free,
quality product to a not-free, not-so-quality product.

> I would thus like to ask you to change the name OpenSSH to something
> else that doesn't infringe the SSH or Secure Shell trademarks,
> basically to something that is clearly different and doesn't cause
> confusion.

Yeah.  OpenSSH is open, but it's based on SSH.  SSH is, well, SSH.  I
fail to see the confusion.

> Also, please understand that I have nothing against independent
> implementations of the SSH Secure Shell protocols.

No, but it sounds like you have a problem, from your above comments and
related facts, that you've got something against implementations based
on your own code.  Which, frankly, doesn't make sense, since you gave
us the code in the first place.

>                                                     I started and
> fully support the IETF SECSH working group in its standardization
> efforts, and we have offered certain licenses to use the SSH mark to
> refer to the protocol and to indicate that a product complies with the
> standard.  Anyone can implement the IETF SECSH working group standard
> without requiring any special licenses from us.  It is the use of the
> "SSH" and "Secure Shell" trademarks in product names or in otherwise
> confusing manner that we wish to prevent.

Does that mean we can't even use ssh for the binary name?  Yeesh.

> Please also try to look at this from my viewpoint.  I developed SSH
> (Secure Shell), started using the name for it, established a company
> using the name, all of our products are marketed using the SSH brand,
> and we have created a fairly widely known global brand using the name.

Oh?  I didn't even know about the company for quite some time after I
first started using it -- all I knew about was this hacker who'd
realized telnet wasn't enough.

> Unauthorized use of the SSH mark by the OpenSSH group is threathening
> to destroy everything I have built on it during the last several
> years.  I want to be able to continue using the SSH and Secure Shell
> names as identifying my own and my company's products and
> technologies, which the unlawful use of the SSH name by OpenSSH is
> making very hard.

Ummm... but OpenSSH *does* identify your (the singular, Tatu Ylonen
form of you) product: it's based on your code, given unto the Internet
community.  Just because other people own copyright to some of the
code, since they've added it, doesn't seem so bad, does it?

Why you're not chasing after other people's products, just your own, is
strange.

> Therefore, I am asking you to please choose another name for the
> OpenSSH product and stop using the SSH mark in your product name and
> in otherwise confusing manner.

I like the name OpenSSH.  Short, simple, to the point.

There are more worthy causes for the money I have to donate (like
helping battered women) than OpenSSH, don't make me spend it -- and
encourage other people to spend theirs -- to give all the help we can
to OpenSSH.
-- 
 Matthew Weigel
 Research Systems Programmer
 mcweigel+ at cs.cmu.edu