Tatu Ylonen's message to the OpenSSH developers

[James Oden]

> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
>  I personally applaud Tatu Ylonen's restraint and tact in his message
>  to the OpenSSH developers list.  I think it's long overdue.
>
Even though I privately answered him as an irate customer, I will give
him that he expressed his intentions in an appropriate professional manner
despite the fact that I believe his intentions were inappropriate and 
unprofessional.

>  It's a pity that SSH(TM) isn't completely free.  It's a pity that
>  Tatu hasn't found a revenue model that would allow him to release
>  under the GPL or BSD licenses, or to create a DFSG compliant license.
>  Obviously, revenue models are a hard problem for free software -- and
>  some people do need to live off their programming labors.  I can't
>  begrudge Tatu (or others) that.
>
No one that I know of has faulted Tatu and his company for making his 
product closed source.  That is not the argument.  The argument is against:

	a) His claim of ssh as trademark.
	b) His claiming that ssh used within another word sullies his 
	   trademark.
	c) Claiming the use of this trademark causes confusion and thus pain
	   to his company.

Concerning a) I must say that I find it amazing for many reasons that
any legal system would allow him the trademark:

	a) It is in common use and has been in use for years as a description of 
	   a protocol not a companies product.
	b) The term ssh was actually used by borne type shell before "ssh" as we
	   know it came arround.

Concerning point b) and c), it is clear beyond a shadow of doubt that OpenSSH and
some of the other SSH's out there are not Yatu's product, and it is certainly not
the intent of any project developing ssh protocols (that's what they are called in 
the RFC's) to make users believe that they are Tatu's product.  Their only wish is 
to develop efficient secure applications that are complient with the RFC's 
concerning the protocol SSH.

You will also note as he has decided to call his product the same as the protocol it
conforms to, he falls into the same situation as the countless companies that produce
telnet and ftp programs that do the telent and ftp protocols.  Long ago I was a tech
at Serial Comm. Company, and I can assure you that I got emails and phone calls for
xmodem, ymodem, and zmodem implementations that we did not produce.  Its the nature
of the business.

>  Unfortunately I think that Tatu will be castigated for his message
>  and I'd like to go on record as saying that all the complainers
>  should stuff it!  Go help Martin Hamilton and the rest of the psst
>  team if you insist a fullly GPL version of an ssh(TM) compatible
>  package.  (Or help get InterNIC to adopt a secure DNS version of BIND
>  *and* to publish keys and sign their top level zone data --- and
>  otherwise help us realize IPSec).
> 
Of course he should unless he changes his mind.  First of all if he wants to 
differentiate himself from the rest, it is the area of service that he will be
able to do so.  If he wants to differentiate his products from other products
that do the SSH protocol, than provide the easiest, most documented, most feature
rich product that does SSH protocol.  Provide solutions for business, not
a trademark (not that a business should not have a trademark).

>  Meanwhile the OpenSSH [sic] team should probably consider renaming
>  their package OpenSecsh (possibly to be pronounced like a drunk
>  commenting on "promiscuous sex").  I suspect that Tatu would have no
>  complaint about their use of the IETF name for the protocol --- and
>  he hasn't even asked them/us to change the name of the binary.
>
I am not a member of the team, but I sincerely hope they do not unless
forced to do so.  This definately a case of straining gnats and swallowing
camels whole...james