openssh unix dev - Feb 2001 - Tatu Ylonen's message to the OpenSSH developers

A non-text attachment was scrubbed...
Name: not available
Type: application/pgp
Size: 3562 bytes
Desc: not available
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010214/5489bfec/attachment.bin

On Wed, 14 Feb 2001, Jim Dennis wrote:

[..]
>  However, it's equally a pity that no one has come out with a fully
>  independent protocol compatible re-implementation.  Tatu published
>  his sources, and a full description of the protocols (both versions?)
>  and has actively encouraged (through his participation in the IETF)
>  an independent implementation.  (IETF guidelines strongly suggest,
>  nigh onto *require* multiple independent and interoperable
>  implementations of all new Internet standards).  lsh/psst
>  (http://www.net.lut.ac.uk/psst/) seems to be a moribund project; the
>  fact that it hasn't even become available as a Debian package in
>  unstable is testimony to that.
> 
I'm sorry, but this feels like a massive sales pitch.  And I'm not
buying
the your 'Evil OpenBSD group' story.

First off.. Why are you discounting the other implementations and trying
to 'sell' psst?  What about FreSSH?  Mindterm? The Java(tm) Telnet
Application/Applet? And more.. Just I'm too busy to look them up.  Please
don't attempt to feed people the crap that 'Oh there is only three
implementation and one is not "independent"'.  

Secondly, you can't tell me that all we did was "steal all of
Tatu's
work" and then sat around going "Oh we did a great job.  Oh we are
such
wonderful people."  Markus has spent a lot of hours re-implementing
v2.  Not counting the hours of clean up v1 protocol.  Stripping out the
crude that has accumated over the years.  Allowing the portable group to
carely add in multiple platform support in a sane and auditable way.

Please push your political non-sense somewhere else.  We have development
to actually do.  If you feel psst is so much better (as your email
states) then I suggest you go and help them improve their product and then
let the public decide which one they will trust and use.

- Ben

> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
>  I personally applaud Tatu Ylonen's restraint and tact in his message
>  to the OpenSSH developers list.  I think it's long overdue.
>
Even though I privately answered him as an irate customer, I will give
him that he expressed his intentions in an appropriate professional manner
despite the fact that I believe his intentions were inappropriate and 
unprofessional.
>  It's a pity that SSH(TM) isn't completely free.  It's a pity
that
>  Tatu hasn't found a revenue model that would allow him to release
>  under the GPL or BSD licenses, or to create a DFSG compliant license.
>  Obviously, revenue models are a hard problem for free software -- and
>  some people do need to live off their programming labors.  I can't
>  begrudge Tatu (or others) that.
>
No one that I know of has faulted Tatu and his company for making his 
product closed source.  That is not the argument.  The argument is against:

	a) His claim of ssh as trademark.
	b) His claiming that ssh used within another word sullies his 
	   trademark.
	c) Claiming the use of this trademark causes confusion and thus pain
	   to his company.

Concerning a) I must say that I find it amazing for many reasons that
any legal system would allow him the trademark:

	a) It is in common use and has been in use for years as a description of 
	   a protocol not a companies product.
	b) The term ssh was actually used by borne type shell before "ssh" as
we
	   know it came arround.

Concerning point b) and c), it is clear beyond a shadow of doubt that OpenSSH
and
some of the other SSH's out there are not Yatu's product, and it is
certainly not
the intent of any project developing ssh protocols (that's what they are
called in
the RFC's) to make users believe that they are Tatu's product.  Their
only wish is
to develop efficient secure applications that are complient with the RFC's 
concerning the protocol SSH.

You will also note as he has decided to call his product the same as the
protocol it
conforms to, he falls into the same situation as the countless companies that
produce
telnet and ftp programs that do the telent and ftp protocols.  Long ago I was a
tech
at Serial Comm. Company, and I can assure you that I got emails and phone calls
for
xmodem, ymodem, and zmodem implementations that we did not produce.  Its the
nature
of the business.
>  Unfortunately I think that Tatu will be castigated for his message
>  and I'd like to go on record as saying that all the complainers
>  should stuff it!  Go help Martin Hamilton and the rest of the psst
>  team if you insist a fullly GPL version of an ssh(TM) compatible
>  package.  (Or help get InterNIC to adopt a secure DNS version of BIND
>  *and* to publish keys and sign their top level zone data --- and
>  otherwise help us realize IPSec).
> 
Of course he should unless he changes his mind.  First of all if he wants to 
differentiate himself from the rest, it is the area of service that he will be
able to do so.  If he wants to differentiate his products from other products
that do the SSH protocol, than provide the easiest, most documented, most
feature
rich product that does SSH protocol.  Provide solutions for business, not
a trademark (not that a business should not have a trademark).
>  Meanwhile the OpenSSH [sic] team should probably consider renaming
>  their package OpenSecsh (possibly to be pronounced like a drunk
>  commenting on "promiscuous sex").  I suspect that Tatu would
have no
>  complaint about their use of the IETF name for the protocol --- and
>  he hasn't even asked them/us to change the name of the binary.
>
I am not a member of the team, but I sincerely hope they do not unless
forced to do so.  This definately a case of straining gnats and swallowing
camels whole...james