ssh(R) trademark issues: comments and proposal

Michael H. Warfield mhw at wittsend.com
Sat Feb 17 03:13:56 EST 2001


On Fri, Feb 16, 2001 at 12:51:06PM +0200, Tatu Ylonen wrote:
> I'd like to address several issues raised by people in relation to my
> notice of the ssh(R) trademark to the OpenSSH group.  Also, I would
> like to make a proposal to the community for resolving this issue
> (included at the end).

> First, I'll answer a number of questions and arguments presented in
> the discussion.

> > "the SSH Corp trademark registration in the US is for a logo only"

> It is for the lowercase word "ssh" (I was mistaken earlier in saying
> that it was for the uppercase word "SSH").  As many people obviously
> know, trademark registrations in the USA are a matter of public record
> and it is open to anyone to review the details of SSH Corp's trademark
> portfolio.

> Under US law, a trademark registration entitles the owner to exclusive
> use of the trademark as it is registered, in relation to the goods
> and/or services for which it is registered. Trademark infringement
> occurs when another person uses the same, or a substantially identical
> mark, for the same or related goods or services, in a manner which is
> likely to cause consumer confusion.  Consequently, use of the
> uppercase word "SSH" or a name containing the "ssh" or "SSH" mark will
> likely amount to trademark infringement under US law, if it is in
> relation to goods or services within the same field of use covered by
> our ssh(R) trademark.  Of course, there are many possible
> non-infringing uses of "SSH", for example, anyone might have a brand
> of chocolade called "SSH".

	Counter point...  Containing a sequence of letters within another
word does not necessarily constitute trademark infringement or Microsoft
would have been all over the X Consortium for violating their trademark
for "Windows" by the term "X-Windows".  I think they would have a MUCH
stronger leg to stand on than OpenSSH vs ssh.  I think I remember some
of the controversy over that, years ago, and the arguments regarding
trademarking of common terms and whether the actual trademark is for
MS-Windows or Windows.  Someone else can research the details on that
one if they really like.

	You, yourself, have now even contradicted yourself.  In the
paragraphs above, you have confirmed that the trademark is for the
lower case "ssh" and NOT for the uppercase "SSH".  Therefore OpenSSH
does not incorporate your trademark (lowercase ssh).  I will leave to
others  the arguement of the style and design of the lowercase ssh, but
you made it clear right here: "I was mistaken earlier in saying that it
was for the uppercase word "SSH"".  That should close that issue, but
you go on to put forth the non-sequitar that "Consequently, use of the
uppercase word "SSH" or a name containing the "ssh" or "SSH" mark will
likely amount to trademark infringement under US law..."  That directly
contradicts your statement that "SSH" is not part of the registration
as a trademark.

	The question is whether "OpenSSH" as opposed to "ssh" is
substantially different enough to distinguish between the two.
IMHO, the very term "Open"SSH establishes a boundry of distinction
that it is separate and unique and that it is set apart from "SSH(r)".

	[Skipping the license point]

	[Skipping the notification point]

> > "how about the 'ssh' command name under Unix/Linux?"

> This relates to the proposal I want to make.

> Basically, I am willing to work out a way that will allow anyone to use
> the "ssh" command name on Unix/Linux.  It appears that there are
> ways to do it without exposing our trademarks to unnecessary risk.

> The arrangement I am proposing would be as follows.

>   - We (SSH Corp) would allow the use of "ssh" (and sshd, etc) as a  
>     command name on Unix/Linux under the following restrictions:

>       - Any product where the command name "ssh" is used must only be
>         licensed under a valid license (i.e., must not be in the
>         public domain).  E.g. BSD license, GPL, and normal commercial
>         licenses would all be ok.

	I don't see how you could possibly enforce that.  Quite frankly,
that doesn't even seem to make sense.  If someone puts something into
public domain, anyone can rename it to anything they want.  But that's
totally non-relevant to this discussion anyways, since OpenSSH is not
"public domain".

>       - An acknowledgement of our ownership of the ssh(R) and Secure
>         Shell(TM) trademarks must be included in the software (help
>         text, documentation, license).  It would not need to be
>         printed out every time the program is normally run, but would
>         need to be included in e.g. in an appropriate place on man
>         pages and in help texts.

	Just for the name of the command?  Can you quote some precedence
for that?

	I can certainly see adding some changes to the acknowledgements THAT
ALREADY EXIST:

] AUTHORS
]    OpenSSH is a derivative of the original and free ssh 1.2.12 release by
]    Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
]    de Raadt and Dug Song removed many bugs, re-added newer features and cre­
]    ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
]    versions 1.5 and 2.0.

	Fine...  I could see placing a trademark acknowledgement in there.
That would seem perfectly reasonable and appropriate.  By "help texts" I
assume you mean things like Windows help files and info files and READMEs.
Seems like they already acknowledge authorship and acknowledging trade mark
on "lower case ssh" sounds reasonable as well.  I would vote for that.

>       - The SSH Corp trademarks cannot be used in product names
>         without a separate trademark license from us (which we would
>         not normally grant, unless we see a valid business case for
>         it, and then only for products using a compatible protocol).

	Not sure were the relevance of this is.  That would be between
you and those other parties.  No connection with OpenSSH under discussion
now.

>   - A new unencumbered name is created for the protocol, which can be
>     used by any vendor without creating confusion.  The IETF standard
>     would be renamed to use the new protocol name, and the community
>     would work to cease using "SSH" as a protocol name and would
>     instead start using the new name.  The new name would need to be
>     unencumbered, and the xx.com, xx.net, and xx.org domain names
>     would be made to permanently point to e.g. the IETF main page.  My
>     own proposal would be to change the name to SECSH, provided that
>     Van Dyke is willing to contribute their currently unused secsh.com
>     domain name for this purpose.  We would be willing to contribute
>     our secsh.org and secsh.net domains on the same basis.

	You pushed this effort within the IETF and you obtained the
registration from IANA.  Now maybe you realize your mistake and you want
to tell everybody you just want to take it back.  Your credibility with
the IETF is certain shot to hell from the sounds of the comments on
that list.

	IANAL...  Considering that the comoditization of your term "ssh"
is largely the result of your efforts with IANA and IETF and your promotion
of other implimentation as required by the IETF (what, you only expected
non-commercial implimentations?), I can't see where you have a position
you can even bring to court.  This was a self inflicted injury on your part.

	IMPO...  The use of ssh as the protocol name vs the use of ssh as
the command name vs the use of "SSH" encapsulated as a substring within
another string are three totally separate issues.

	Right now, it looks like the IETF is pulling back their draft for
a rework as a direct result of YOUR SCREWUP.  They are rightfully and
justifyably pissed at the under handed double dealing you've just pulled.
IANA is another matter.  IANA still says that port 22/tcp is registered
to "ssh" (all lower case).  I have never heard of ANY single instance
where a port allocation was changed due to a trademark infringement, and
there are LOTS of trademarks in the port-numbers document.  Just search
for "Oracle" or "SQL*NET" (sql*net) or SNA.  Say!  SNA is a good one,
isn't that an IBM trademark?  We've got all kinds of Cisco stuff and Unisys
stuff in there.  We (where I work) have implimented code which utilizes
the "sql*net" protocol without infrinding on trademarks and there is even
open source code for a lot of these protocols.  A significant percentage of
that document seems to be trademark stuff.  I don't think you've got any
justification for renaming the port or protocol.

	Changing the name of the protocol is also outside the scope of
this mailing list as well.  If you convince IANA and IETF to change the
name and then magically get all the /etc/services files updated and get
everyone else to agree to the new symbolic name for the protocol, then
OpenSSH would have no choice but to follow.  So OpenSSH can't change it
on their own and, if the other bodies change it, OpenSSH would have to
change it.  That makes the decision here neither necessary nor sufficient.

>   - We would submit an official statement to the IETF that we will make no
>     trademark claims about the "bits on the wire" in the protocol (e.g.,
>     the protocol version strings or the various names used in the
>     protocol).

	To avoid them totally shooting you out the tubes and telling
everyone to just go home because it was just one big mistake.  Yes,
that would be nice and a minimum just to protect your own investment
in that process.

>   - We would need to reach agreement with the OpenSSH group to change
>     their product name and to otherwise cease using the SSH
>     trademarks inappropriately.  We appreciate that some people have
>     brought the non-commercial university group use to our attention.
>     We are carefully reviewing this situation.

	So far, with OpenSSH you've only got the name of the project
(but that's not using your lower case "ssh"), the name of the protocol
(which there is no precedence or justification for changing the name and
plenty of precedence for not), and references in the documentation.  I
would vote for adding appropriate remarks to the documentation but the
command name and the already non-infringing project name, not.

	How far are you going to take the name thing.  Would HSS conflict
(in the great XINU tradition - XINU is not UNIX)?  What about S-S-H?
or "Security-Shell".  At what point do you stop dangling a sword over
everyone's head or can we expect more noise like the same before every
stockholder's meeting?

> Let's discuss the exact terms if I get a preliminary "ok, looks fine,
> let's try to get this resolved along those lines" from the community
> and the relevant parties.

	IMPO...  The acknowledgements are reasonable and should be done
as soon as possible in any case.  Changing the name of the protocol has
no precedence and there are plenty of registered protocols carrying names
which are also trademark names, so that's not a reasonable requirement.
Updating the IETF draft to clarify the trademark status, is reasonable
and taking place now.  By your own statement about the wording of your
trademark registration, OpenSSH, the name, is not literally conflicting
with the trademark "ssh", so I don't see that as reasonable either, but
the choice of the project name is best left up to the project team.

> Please let us know what you think.

> Best regards,

>     Tatu Ylonen
>     Chairman and CTO, SSH Communications Security Corp

> PS.  For reference, if someone hasn't seen it yet, I'll include my
> original e-mail to the OpenSSH mailing list.

	[Skipping original letter]

> Regards,

>     Tatu Ylonen

> SSH Communications Security           http://www.ssh.com/
> SSH IPSEC Toolkit                     http://www.ipsec.com/
> SSH(R) Secure Shell(TM)               http://www.ssh.com/products/ssh

	Interesting...  You just told us that the trademark is only
for "ssh" and not "SSH".  Now you are trying to convince us that "SSH"
is also a registered trademark in direct contradiction of your earlier
statements.

	I think it's also significant to note that this is a recent trend
(less than a year) of yours.  I have mail from you going back years.  Here's
your signature from one back in late 1998:

] --
] SSH Communications Security           http://www.ssh.fi/
] SSH IPSEC Toolkit                     http://www.ipsec.com/
] Free Unix SSH                         http://www.ssh.fi/sshprotocols2/

	Hmmm...  No claims of trademark there...

	Here it is from 4/14/2000 on the ssh mailing list:

] SSH Secure Shell                      http://www.ssh.com/
] - The real and the original SSH, directly from the people who invented
]    the SSH protocol.

	Later that very day, your current signature with the (R) and (TM)
claims appeared.

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!






More information about the openssh-unix-dev mailing list