Replied: Fri, 02 Feb 2001 04:42:13 -0700
Replied: "Tatu Ylonen <ylo@ssh.com> Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>,
Replied: provos@openbsd.org"
Delivery-Date: Thu Feb  1 12:10:24 2001
Date: Thu, 1 Feb 2001 21:09:35 +0200 (EET)
From: Tatu Ylonen <ylo@ssh.com>
To: Theo de Raadt <deraadt@cvs.openbsd.org>
cc: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>,
   provos@openbsd.org
Subject: Re: OpenSSH & the SSH trademark 
In-Reply-To: <200102011103.f11B3Xb03520@cvs.openbsd.org>
Message-ID: <Pine.LNX.4.10.10102011821380.12083-100000@mystery.acr.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit

> Well, I pretty much expected this.  As a result, I have tried to be
> careful about this.

I would like you to try to put yourself in my shoes.  I wrote the program,
and introduced the name.  I then started the company around it, naming 
it after the program I created.  By that time, I was already getting 150
support requests per day, and I just couldn't cope with it alone, and
I didn't want to be spending the rest of my life just supporting it.

The software couldn't have spread as much as it has without a company to
push it, given the reluctance of many commercial organizations to use free
software and the obstacles created by e.g. export control regulations at
the time.

I have worked extremely hard to make the SSH phenomenon happen, and for
the past couple of years have been working equally hard trying to make
similar things happen with IPSEC and PKI, and in Internet security in
general.  Overall, this work is still at an early phase.

I have multiple reasons for wanting to advance the widespread use of
security and cryptography.  They are critical for building a stable,
dependable infrastructure for the information society, one where the
very core of it cannot be subverted by criminals, intelligence agencies,
or anyone else.  I just don't think that an information society with poor
security in the infrastructure would be a pleasant place to live, and I
don't think a society where all electronic communication gets monitored is
stable - someone will eventually abuse the intelligence data.

My way to achieve the goal of making the Internet secure is to do it
though a successful company.  That is the only way I can get sufficient
resources to work on the issue.  That is the only way I can get the right
distribution channels and infrastructure vendors to trust the technology
(to be able to depend on it, to bet their future on it).  While free
software is often good, it is usually not acceptable in the
commercial world for critical systems (and I don't think that is going to
change for many years).

Protecting the SSH trademark is critical to me in this context.  It is
about much more than just the Secure Shell application.  By damaging the
SSH trademark, you are making my goal of making the Internet secure harder
to achieve.  Not to mention the financial and other damage it is causing
me, the company, its investors, and others.

I am thus asking you to change the name of OpenSSH to something that is
less confusing and non-infringing.  Please.

I have no desire to start fighting about this with you or with anyone
else.  However, the issue is too important for me to let it be.  Thus, I
will do what is necessary to resolve the matter.  I hope that it doesn't
have to be escalated into court, but if it has to, it will.

> Is this how you would you like to proceed?

I believe we are both trying to do good things in our own ways; however,
what you are doing with the trademark is damaging me, my company, and the
things I am trying to achieve.

What I am asking is for you to change the name OpenSSH to something else
that doesn't infringe the SSH or Secure Shell trademarks, basically
something that is clearly different and doesn't cause confusion.

I don't think this is an unreasonable thing to ask.  Most people do it 
without asking - for example, Van Dyke's SecureCRT or Niels Möller's
LSH/PSST.  Normally people try not to use confusing or infringing
names when they start doing something.  If for nothing else, for
courtesy.

By the way, my understanding is that one of the reasons why you and others
originally started the OpenSSH project was the restrictive license at that
time.  Have you recently looked at the current SSH2 license at all?  It is
completely free for any use on Linux, OpenBSD, FreeBSD, NetBSD, as well as
for any use by universities, charity institutions, or private individuals
for their recreational/hobby use (distribution, with license, is
available from ftp://ftp.ssh.com/pub/ssh). Thus, I believe many of the
reasons why OpenSSH was originally created no longer exists.  (Perhaps one
day we can talk over a mug of beer about all the things that happened
behind the scenes during the years...)

> Tatu: I greatly respect what you created.  SSH is the protocol the
> internet needs to solve it's problems.  But is this really the
> direction where we need to go?

I have no objections to third party implementations of the protocol.  That
is why I started the working group at the IETF.  I wish to encourage the
spread of the protocol.  I will be very happy if the protocol I and
others created for the product becomes a standard, and eventually
ubiquitous.

I don't think it is too much if I ask people to name their products
in a way that doesn't create confusion (basically, asking them not to
infringe the SSH and Secure Shell trademarks).  If you respect what I have
done in creating Secure Shell and what I am trying to do in other areas
related to securing the Internet infrastructure, you will use a name that
doesn't create unnecessary confusion.

    Tatu