Updated 6:56 p.m. EST -
Tatu YlÃ¶nen, who's asked OpenSSH to change its name because he claims to own the trademark to SSH, says he's making the demand now because the project has "only become more visible during the last months."
YlÃ¶nen, chairman and CTO of SSH Communications Security Corp., says his actions are prompted by recent confusion over the difference between his company's product and OpenSSH. (See part one of the story. Also, YlÃ¶nen released a statement and proposal Friday morning.)
"I have recently seen a significant increase in e-mails confusing the meaning of the SSH mark," YlÃ¶nen wrote early Thursday. "...have also come to suspect if some of
the OpenSSH people may have been intentionally trying to confuse and misrepresent the meaning of the SSH mark."
Theo de Raadt, one of the leaders of the 2-year-old OpenSSH project, said the team isn't attempting to blur the lines at all; it's simply touting its work as a high-quality SSH implementation.
Update: The OpenSSH project received legal papers from SSH Communications Security's lawyers Thursday.
In addition, Bill Sommerfield, chairman of the Internet Engineering Task Force Secure Shell working group attempting to produce an open standard for SSH, said a name change for OpenSSH would slow the group's work, although he couldn't predict how the working group would respond to the trademark controversy.
"The working group has been making steady progress and ... we were in the middle of the working group's 'last call' period on the core Secure Shell protocol documents when I first received word of the dispute," he said. "Needless to say, added delay in the standards process does not help the end user."
de Raadt's team based OpenSSH on a 1995 license written by YlÃ¶nen that says in part, "the code I have written for this software can be used freely for any purpose." de Raadt argues that this is the first time YlÃ¶nen's company has pressed its trademark since receiving it in 1996. The OpenSSH Web site lists more than a half dozen other versions of SSH that he says haven't heard from YlÃ¶nen.
Two authors of other popular SSH products posted messages at securepoint.com Wednesday, saying YlÃ¶nen hasn't moved to halt their use of the SSH name.
Ian Goldberg, author of Top Gun ssh for the Palm Pilot, wrote that he exchanged email with YlÃ¶nen and others at SSH Communications Security in the summer of 1997. "Tatu even asked me if I'd be willing to do an implementation of the 2.0 protocol," Goldberg wrote. "No one ever asked me to not use the 'ssh' name in the program title."
Robert O'Callahan, who released Teraterm SSH for Windows in 1998, wrote that several universities have distributed his product to their students, and it's been distributed on CD software collections, including with the book "Unix Secure Shell." He said he's never heard from SSH Communications Security about a trademark violation.
But YlÃ¶nen insists that his company has consistently claimed SSH as a trade mark since early 1996, saying companies such as Van Dyke and F-Secure SSH have acknowledged the trademark. F-Secure SSH, a value-added reseller of SSH Communications Security pays a royalty for use of the name, he said.
"All this time our policy has been that the trademarks cannot be used by others without a proper acknowledgment, and cannot be used in product names without a special license from us," he said.
"We have enforced it against all significant players in the field," he added. "We have not felt it appropriate to go after every random web page or the various non-commercial student projects done at universities."
de Raadt cites U.S. trademark law that requires owners of trademarks to notify violators immediately. A trademark lawyer said U.S. law goes so far as to require trademark holders to check regularly for violators, or risk their trademarks becoming "genericized," and de Raadt argues that YlÃ¶nen would have to be living under a rock not to be aware of OpenSSH before now. OpenSSH, released in December 1999 and in use before that, was used by more than 17 percent of all SSH users earlier this month, according to a study published on the University of Alberta Web site.
"Trademarks may not be attacked on a popularity basis," de Raadt said. "All must be vigorously attacked at the first sign of existence."
In addition to contacting OpenSSH this week, YlÃ¶nen says he sent an open letter to Niels Provos, an OpenSSH contributor and author of ScanSSH, through bugtraq list at securityfocus.com. Provos said he didn't see that letter until it was published on NewsForge, but it may have been moderated off the list as being off topic.
Provos says he named his program ScanSSH, a protocol scanner that's been around since last summer, because that's what it does, scan for versions of SSH used on a machine.
Provos guesses that YlÃ¶nen is getting pressure from stockholders after SSH Communications Security went public in Finland within the last three months. "OpenSSH has become very popular, which we like, because we put lots of work into it," he said. "I think it seems to them that OpenSSH is a threat to the profits."
YlÃ¶nen didn't respond to a question about pressure from stockholders.
Provos said he had hoped the two sides could find a resolution behind the scenes, to prevent YlÃ¶nen from losing face, before the corporate executive posted a letter to the the OpenSSH developers list Wednesday. "Many people do not have that much respect for Tatu anymore now that they've seen his motivation."
The OpenSSH team also questions whether the trademark on the SSH name is actually valid in the United States, saying the trademark actually refers to a picture containing the letters "ssh," not a series of letters "ssh." YlÃ¶nen contends that the trademark on the name is valid.
YlÃ¶nen said he's not sure of his next step if the OpenSSH team doesn't back down. "I have tried to be polite, stick to facts, and reason with everyone," he said. "I hope that we can find a solution that will cause minimal disruption in the network security community and will also allow us to protect our trademark rights. It would be shame if this issue escalated to something that damages everyone."
NewsForge editors read and respond to comments
posted on our discussion