What's in a Name?

The history of the SSH protocol is long and checkered. Originally, around July of 1995 Tatu Ylonen released the first version. Just over half a year later version 1.2.13 was released. 1.2.13 was a major release. It signaled the start of a new era, with SSH Communications signing agreements with F-Secure. Interestingly enough, at that time versions 1.2.0 to 1.2.12 were removed from the FTP site (and since then copies have been very hard to find).

The original licenses (they change over time) on Tatu's SSH software allowed for modification and distribution of the code. As time went on, however, the license on SSH become increasingly restrictive, with a fully commercial license in version 1.2.28, by which time SSH had become a very popular standard.

Enter OpenSSH. Created as a free alternative to SSH Communications' product, the OpenBSD team forked an earlier version of Tatu's SSH code, which had a less restrictive license than later versions. OpenSSH's source code was tidied up and then released, and protocol 2 support was added in, making it fully compatible with the commercial SSH implementation.

More recently, the IETF (Internet Engineering Task Force) has been working on making the SSH protocol a standard. During the latter parts of this process SSH Communications has begun trying to enforce the term "SSH" as a trademark it claims to own.

This is where things get messy. For SSH Communications to claim that "SSH" is a trademark, they must meet several conditions. The most obvious is that they must register "SSH" as a trademark; this has been done.

Secondly, they must defend their trademark, and as far as I know this is the first time they have chosen to enforce their trademark. After several years of no enforcement, several dozen software packages exist that use the word "SSH" in their titles. Additionally, SSH Communications has contacted only the OpenSSH project; the only other contact was an attempt to send an email to Bugtraq regarding ScanSSH's use of the word SSH, sent by Tatu Ylonen (which is odd, since the contact information for the authors of ScanSSH is not hard to find).

Also, various rights were granted in earlier versions of Tatu's SSH license, and once rights are granted they cannot be taken away. (There are other issues with the license as well, regarding the use of GPL code, for example.) All in all this is a very messy situation.

Tatu Ylonen of SSH Communications seems to want his major competitor, OpenSSH, to change its name and stop using the word "SSH." He also has written that he is willing to grant the IETF usage of the trademark "SSH," but will later revoke that permission. The complete non-enforcement of the "SSH" trademark for several years, followed by extremely selective enforcement (OpenSSH.com was contacted, while OpenSSH.org was not) seems rather strange until you consider several facts:

• The SSH protocol is about to become an official Internet standard. It is already hugely popular and important. (Theo de Raadt rates the three most important protocols on the Internet as BGP, DNS and SSH.)
• Despite commercial SSH products being "free" for Linux and Free/Net/OpenBSD users, there are no Linux/BSD vendors shipping Commercial SSH with their operating systems. In fact, the vast majority have chosen OpenSSH (with one minor exception using older versions of Tatu's SSH that are still free).
• The stock price of F-Secure (distributor for SSH) has tumbled 90% in the last few months. SSH Communications' stock price, since going public in December of 2000, has fallen 50%.

Moreover, the actual registered trademark at http://tess.uspto.gov/bin/showfield?f=doc&state=muin9a.3.1 and http://tess.uspto.gov/bin/showfield?f=doc&state=muin9a.3.2 seems to cover only the logo itself. In any event, Fairchild Industries, Inc. seems to think it owns the trademark already.

I managed to interview three of the principal people involved in this: Tatu Ylonen (SSH Communications), Theo de Raadt (OpenBSD/OpenSSH) and Bill Sommerfeld (IETF SSH working group). Interviews were done via email. Hopefully this dispute will be resolved. To quote Bill Sommerfeld:

Needless to say, added delay in the standards process does not help the end user.

SSH Communications

Kurt Seifried: What prompted you to write SSH originally?

Tatu Ylonen: There was a hacker attack at the university network in Finland. It was a password sniffing attack, and when it was discovered, the attacker had several thousand username-password pairs in its database, including some from my company at the time.

I basically wanted to build something that I can use to log into my company's and university servers without having to worry about someone stealing my password. I also wanted to advance the widespread deployment of strong cryptography, because I think it is important both from a network security standpoint and for the stability of the society at large, since the networks are very much the backbone that the information society build on. They must be secure.

The software filled a wide need that was just beginning to be recognized. It did the right thing at the right time, and for the first time made encrypting login sessions easy for the users. I released the first version in July 1995, and started SSH Communications Security Corp when I could no longer deal with the support requests I was receiving (150 mails per day by the end of 1995).

Kurt Seifried: Why are you asking OpenSSH to change the name of their project?

Tatu Ylonen: Because their product name and their unauthorized use of the SSH trademark has caused significant confusion as to the meaning and origin of the SSH brand. I've also received quite a few e-mails where people have confused OpenSSH as my product.

Kurt Seifried: What is the best thing about SSH currently? What is the worst?

Tatu Ylonen: I think one of the cooler things with SSH Secure Shell is the fully integrated secure file transfers that you get on Windows with SSH Secure Shell for Workstations (evaluation version available ftp://ftp.ssh.com/pub/ssh). It makes using corporate files from one's laptop extremely easy, even for novice users who have never used a Unix machine. I think it is very important to make things easy for users, so that they get widely deployed.

I guess this trademark incident is the worst. We have no other alternative but to protect the trademark. For this reason, I've asked the OpenSSH group to please change the name of their product. Our trademark policy has been well known to them for a long time, e.g. through the IETF working group.

Kurt Seifried: If you could do three things to SSH, ignoring backward compatibility, etc., what would they be?

Tatu Ylonen: I'm quite happy with version 2 of the protocol. The version 1 protocol is flawed (it doesn't properly authenticate the key exchange, and additionally it uses message authentication code that is cryptographically way too weak). These bugs open an endless stream of possible security flaws, which we will undoubtedly see emerging time after time in the public. If I could change one thing, it would be the version 1 key exchange. On the other hand, it is already solved in the version 2 protocol.

Kurt Seifried: Why do you think SSH Protocol 1 should be depreciated? All the attacks listed at your site (http://www.ssh.com/products/ssh/cert/vulnerability.html) involve either encryption being turned off, or the use of RC4.

Tatu Ylonen: All of these problems are just individual symptoms of a much deeper, fundamental problem in the protocol, which we will encounter time after time as people find ways to circumvent the kludges that are being used to work around previous instances of the problem.

OpenSSH

Kurt Seifried: What prompted you to start the OpenSSH project originally?

Theo de Raadt: I think that after BGP and DNS, the SSH protocol is the most important thing that people need to maintain reliability of the internet. Since a free one did not exist, we started [our] project as soon as we found out about the licensing terms on ssh-1.2.12. These terms permitted completely free use of the software, and the names "ssh" and "Secure Shell" as long as the protocol matched the supplied RFC document. So we maintained compatibility.

Kurt Seifried: About how many people are working on the OpenSSH project (full- or part-time)?

Theo de Raadt: Open source developers are funny; they work harder part-time than most people work full-time. I think that there are perhaps 5 really serious OpenSSH developers. By far, the most serious one is Markus Friedl.

Kurt Seifried: Why do you think you are now being asked to change the name of the project?

Theo de Raadt: Probably because ssh.com sees us as competition and wants to create confusion.

Kurt Seifried: What is the best thing about SSH/OpenSSH currently? What is the worst?

Theo de Raadt: The best thing is that it can be freely incorporated in any system anyone wants to. Any operating system group, vendor of a switch or router, of a firewall appliance, can just pop it in and have a secure channel into their product. The security of our international network infrastructure is going to happen because they can add secure network connection technology to it for $0.

Since it is free, there is no worst. If you don't like it, you are free to use something else!

Kurt Seifried: Do you think the SSH 1 protocol should be depreciated? All the attacks listed at your site (http://www.ssh.com/products/ssh/cert/vulnerability.html) either involve encryption being turned off, or the use of RC4.

Theo de Raadt: Most of those issues listed are old attacks, predating all but the most aged SSH protocol users. More recently, we have encouraged groups such as CORE-SDI to find new flaws (I visited Buenos Aires and dared them to find something). Some other implementation flaws have also come to light, and luckily we already had them fixed. Honestly, there are some other theoretical attacks against SSH1 protocol (and to some extent against SSH2 protocol as well), but we will continue [work] on repairing them. Note that SSH1-only servers account for 70% of all servers. Of the remaining, roughly 8% do SSH2 protocol only. For now, supporting both makes sense, supporting only protocol 1 is future-insensitive, but supporting only protocol 2 is stupid. I think that ssh.com wants SSH1 protocol dead because it makes them no money.

http://ssh-research.ucs.ualberta.ca/ssh-stats.html

Kurt Seifried: According to http://www.ssh.com/about/press/2000/release15082000.html: "Users of Linux, FreeBSD, NetBSD, and OpenBSD operating systems may now use SSH Secure Shell 2.3 free of charge, regardless of use." Also, developers (vendors) such as Red Hat, FreeBSD, etc. can ship commercial SSH with their distributions, and the license for 2.3 allows much greater non-commercial use and single-user usage. As far as I know, none of these vendors ship commercial SSH with their operating systems. Why do you think this is?

Theo de Raadt: They choose OpenSSH because it is a 100%-equivalent solution which supports both SSH1 and SSH2, and it is completely free. I think this is something which the Open Source community understands well enough that I don't need to explain it.

IETF

Kurt Seifried: Why do you (IETF) feel that the SSH protocol is so important?

Bill Sommerfeld: The original ssh1 protocol is widely used as an alternative to flagrantly insecure protocols and as such is a major improvement; however, it has a number of significant cryptographic flaws which are addressed in the protocol being developed by the IETF's Secure Shell working group.

See http://www.securityfocus.com/archive/1/161150 (one which was recently announced).

Also, the use of CRC32 for an "authentication" check is also highly suspect; the 'crc compensation attack detector' is at best a bandaid for the problem.

Kurt Seifried: Do you (IETF) worry about a vendor controlling part of the standards process so directly? (That is, SSH granting the use of the word SSH to the IETF under certain conditions?)

Bill Sommerfeld: The IETF has standardized protocols with trademarked names in the past. Kerberos (rfc1510) is a trademark of MIT, and PGP (rfc2440 among others) is a trademark of NAI. IETF working groups have also renamed protocols to avoid trademark issues. S/Key was standardized as "OTP" to avoid conflict with the Bellcore trademark on the original implementation (see http://www.ietf.org/html.charters/otp-charter.html).

Bill Sommerfeld: The IETF as a whole does not take a position on the validity of intellectual property claims -- see RFC2026, "The Internet Standards Process" (http://www.ietf.org/rfc/rfc2026.txt), and the IETF's page of IPR notices (http://www.ietf.org/ipr.html).

The IETF has dozens of working groups. One of them is the Secure Shell (SECSH) working group, which was chartered in 1997 or so to define an internet standard based on Tatu Ylonen's SSH. (As an aside, the working group wasn't given the "SSH" abbreviation because, at the time, the IETF already had a "Site Security Handbook" working group which had grabbed the SSH abbreviation. Had the other SSH not been there, the working group would have been abbreviated as "SSH".)

The original working group chair stepped down over the summer, and I was asked to take over as working group chair at that time. Since then the working group has been making steady progress and we appeared to be very close to getting a set of documents ready to hand up to the IESG for review -- we were in the middle of the working group's "Last Call" period on the core Secure Shell protocol documents when I first received word of the dispute.

In practice, IETF working groups tend to "engineer around" troublesome IPR issues; for instance, the SSH version 2 protocol was changed to use DSS instead of RSA to avoid the (now expired) RSA patent. I can't predict how the working group will react to this -- I only know that it will slow things down.

Reference links

SSH Shares February
http://cdpixel6.teledata.de/informer2/cdcharttcl?symm=XXH.
BER&hist=2&dbrushwidth=&charttype=&gd1=&gd2=&bench
mark=&infos=&indtype1=&indtype2=&volumen=

F-Secure Oyj Shares March to December
http://cdpixel5.teledata.de/informer2/cdcharttcl?symm=FSO
YF.NAP&hist=4&dbrushwid\th=&charttype=&gd1=&gd2=&b
enchmark=&infos=&indtype1=&indtype2=&volumen=

SSH trademarks and the OpenSSH product name
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=
98212056713751&w=2

Secure Shell: Ärger um das Markenzeichen "SSH"
http://www.heise.de/newsticker/data/pab-14.02.01-000/