ssh(R) trademark issues: comments and proposal

Garance A Drosihn drosih at rpi.edu
Sat Feb 17 07:50:18 EST 2001


At 12:51 PM +0200 2/16/01, Tatu Ylonen wrote:
>I'd like to address several issues raised by people in relation
>to my notice of the ssh(R) trademark to the OpenSSH group.  Also,
>I would like to make a proposal to the community for resolving
>this issue (included at the end).

I think Tatu has done a great service for the internet community
by creating an encrypted alternative to telnet, one which became
good enough, available widely enough, and promoted well enough
that we can now talk about machines where telnetd is completely
disabled.

Part of the reason it caught on so well was the initial
licensing.  If the code had come out in 1994 with all of
these trademark issues explicitly stated, then people would
have shied away from it, and it would not have caught on as
well.  Witness, for instance, how much more reluctant people
are to install ssh2 than the original ssh, even though everyone
seems to agree that the ssh2 protocol is superior to ssh1's.
The difference is in the licensing.  I state that as fact, not
opinion, because I know why WE (RPI) have not deployed ssh2
anywhere, except for machines which have openssh installed.

While I can appreciate the challenge of running a company on
software, I really don't see how you can retroactively change
the original license.  I find the following excerpt particularly
ludicrous:

>The confusion is made even worse by the fact that OpenSSH is
>also a derivative of my original SSH Secure Shell product,
>and it still looks very much like my product (without my
>approval for any of it, by the way).

The original license EXPLICITLY said:
     As far as I am concerned, the code I have written for this
     software can be used freely for any purpose.  Any derived
     versions of this software must be clearly marked as such,
     and if the derived work is incompatible with the protocol
     description in the RFC file, it must be called by a name
     other than "ssh" or "Secure Shell".

The openssh project took that paragraph literally.  They used
it to create another ssh.  They clearly indicate that their
work is a derivative of yours, because YOU EXPLICITLY ASKED
people to do that.  The result IS compatible with the RFC,
and thus they do NOT have to change the name from 'ssh' and
'secure shell' to comply with the above paragraph.  You
EXPLICITLY said that "this software can be used FREELY for
any purpose", so it's pretty odd that you now imply that
people were supposed to ask for "your approval" before
creating a derivative work.

Part of your proposal states:
    - A new unencumbered name is created for the protocol, which
      can be used by any vendor without creating confusion.  The
      IETF standard would be renamed to use the new protocol name,
      and the community would work to cease using "SSH" as a
      protocol name and would instead start using the new name.
      The new name would need to be unencumbered, and ...

I think this just proves the fact that the name 'ssh' is already
a generic term.  It IS being used generically.  You want to STOP
that generic use, claiming that 'ssh' should be your trademark.
However, it became a generic term BEFORE you had it registered as
a trademark, which to me implies the problem is in the trademark,
and not in its use as a generic term.

So, I'm no lawyer, but I would be interested in hearing how your
current position is legally defensible, given the actual history
of events.  As I say, I appreciate that you're trying to run a
company, and I wish you no ill-will in that endeavor.  However,
I maintain that part of the reason for the success of ssh (the
protocol) was the original licensing, and I don't appreciate that
you are now trying to subvert that original license.

In your message, you also claim:
>The reason OpenSSH was contacted now was that they have only
>become more visible during the last months, and I have recently
>seen a significant increase in e-mails confusing the meaning of
>the SSH trademarks and using them inappropriately.

In your earlier message, you mentioned:
>We have also been distributing free versions of SSH Secure Shell
>under the SSH brand since 1995.  The latest version, ssh-2.4.0,
>is free for any use on the Linux, FreeBSD, NetBSD, and OpenBSD
>operating systems, ...

Funny how ssh2 is available for free for these operating systems,
ALL OF WHICH now ship with openssh (although I guess NetBSD might
soon change).  I must admit that I do not know your current
license, but back when OpenSSH was just starting to appear I
am pretty certain that we could NOT use ssh2 "for any use" on
OpenBSD or FreeBSD.  How is it that you now know these operating
systems well enough to list them in your license, but you were
not aware that OpenSSH was available for all of them?  I think
you will have trouble proving "due diligence" in protecting
your trademark, under these circumstances.

Speaking of "due diligence", you should also note:
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/security/fressh/README.html
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/security/fressh/pkg/DESCR

which talks about "fressh", a clean-room implementation of the
ssh protocols.  You'll need to go after them, too, I would think.

At 12:51 PM +0200 2/16/01, Tatu Ylonen wrote:
>Please also try to look at this from my viewpoint.  I developed
>SSH (Secure Shell), started using the name for it, established
>a company using the name, all of our products are marketed
>using the SSH brand, and we have created a fairly widely known
>global brand using the name.

When did you start using the SSH brand for your company products?

As far as I'm aware, I initially bought your products thru a
company called DataFellows, under a brand name of 'F-Secure'.
(and yes, I did buy Mac clients thru there).  It is only in
the last year or two that I was aware that ssh.com sold clients
of it's own.  By then, openssh and teraterm ssh were well known.
In the Mac world, there's also "MacSSH" and "NiftyTelnet SSH"
(check www.macorchard.com, under the 'Terminal' section).  You
will also need to go after all of those, if you have problems with
OpenSSH infringing on your trademark.

You also wrote:
>  > "the SSH Corp trademark registration in the US is for a logo only"
>
>It is for the lowercase word "ssh" (I was mistaken earlier in
>saying that it was for the uppercase word "SSH").

Note that here you claim it is explicitly for the LOWERCASE
word 'ssh'.

>Under US law, a trademark registration entitles the owner to
>exclusive use of the trademark as it is registered, in relation
>to the goods and/or services for which it is registered. [...]. 
>Consequently, use of the uppercase word "SSH" or a name
>containing the "ssh" or "SSH" mark will likely amount to
>trademark infringement under US law, if it is in relation
>to goods or services within the same field of use covered by
>our ssh(R) trademark.

And here you claim that the uppercase word is also "likely"
covered by it.  Another legal point which seems odd to me.
If the uppercase word is covered, then why wouldn't the
trademark be for "ssh" instead of "the lowercase word 'ssh'".
Perhaps this is one of those nuances of law that I just don't
understand.

Still, if you CAN get the IETF and everyone else to go along
with this, then I don't have much reason to object.  I do think
it is inappropriate, and something of a waste of time.  I know
you think that 'ssh' as a trademark is valuable, but if you do
change the name then you can be pretty sure that everyone that
you have irritated will do their best to put that value into
the new, generic and unencumbered name.  I would think that we
would make sure that 'ssh' is not referenced anywhere, in any
man pages or other documentation.  We would only use generic
names, to make sure we do not ever hear from your lawyers again.

However, it does seem to me that you should need to get IETF
to agree, and to MAKE all the necessary changes, before you
expect the OpenSSH project to consider changing it's name.
Right now, OpenSSH is just an implementation of the generic
protocol known as ssh.  I don't see a problem.

I also wonder how you can guarantee the new name will remain
unencumbered.  I mean, we used 'ssh' because we thought IT was
unencumbered, as long as we made something compatible with the
ssh protocol.  If we use 'secsh', how do we know that Van Dyke
won't pull the same stunt a few years from now, and claim that
we owe THEM something due to copyright infringement?  If we do
pick some new term, then I suggest that we only consider
alternatives which are brought up by someone who we can trust
to leave that term as a generic term.  I'm afraid to say that
I doubt we can trust ssh.com to do that.

Disclaimer: while I happen to have an account at freebsd.org,
please note that all of the above are my own personal thoughts,
and should not be taken as the position of "the freebsd project"
or much of anyone else.

In a separate message, which just came in as I was about to
     hit "send" on this,  Bill Sommerfeld wrote:
>Please do not CC: discussions of the validity of the ssh
>trademark to the IETF Secure Shell protocol working group list
><ietf-ssh at clinet.fi>; they're out of scope for the working group.

I appreciate this, except that Tatu claims the IETF will be asked
to change the protocol name.  If the working group is planning on
a name change, then it is relevant to this debate.  More importantly,
if the working group has NO intention of changing the name, then
it seems to me that openssh is just an implementation of a generic
protocol named 'ssh'.

This message (this one here, the one I am writing) is a reply to
Tatu Ylonen, and it was Tatu who felt this was appropriate for the
ietf-ssh mailing list.  Perhaps that is the wrong list, but I don't
know what else in the ietf would be the correct alternative.  So,
it is not that I'm trying to ignore Bill's request, but I don't
know who else is supposed to clarify IETF's position on this.

-- 
Garance Alistair Drosehn            =   gad at eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad at freebsd.org
Rensselaer Polytechnic Institute    or  drosih at rpi.edu





More information about the openssh-unix-dev mailing list