Comodo Attempting to Register 'Let's Encrypt' Trademarks, And That's Not Right (letsencrypt.org) 120
Let's Encrypt is a nonprofit aimed at encrypting the entire web. It provides free certificates, and its service is backed by EFF, Mozilla, Cisco, Akamai and others. Despite it being around for years, security firm Comodo, which as of 2015, was the largest issuer of SSL certificates with a 33.6% market share on 6.6% of all web domains, last year in October filed for the trademark Let's Encrypt. The team at Let's Encrypt wrote in a blog post today that they have asked Comodo to abandon its "Let's Encrypt" applications, directly but it has refused to do so. The blog post adds: We've forged relationships with millions of websites and users under the name Let's Encrypt, furthering our mission to make encryption free, easy, and accessible to everyone. We've also worked hard to build our unique identity within the community and to make that identity a reliable indicator of quality. We take it very seriously when we see the potential for our users to be confused, or worse, the potential for a third party to damage the trust our users have placed in us by intentionally creating such confusion. By attempting to register trademarks for our name, Comodo is actively attempting to do just that. Update: 06/23 22:25 GMT by M :Comodo CEO has addressed the issue on company's forum (screenshot).
Why the Hell didn't Let's Encrypt register it?! (Score:5, Insightful)
If you don't want somebody else to use a trademark, register it for yourself!
Re:Why the Hell didn't Let's Encrypt register it?! (Score:5, Funny)
Re: (Score:1)
They don't want the burden of enforcing it, though now they are basically required to do so anyway.
Thanks Comodoodoo!
Re:Why the Hell didn't Let's Encrypt register it?! (Score:4, Interesting)
That "burden" can be as onerous as having a lawyer write a letter, which it sounds like they had to do anyway. If Comodo went ahead with using their mark after receiving said letter, they would then be in the exact situation they are in now -- only they would have legal standing to enforce their mark, which presently they don't.
"Nonprofit" shouldn't mean you can't afford to pay for basic necessities like registering your business license, paying your fire insurance, and protecting your most basic and fundamental IP (your name).
Re: (Score:1)
Re: (Score:2)
If their goal is to not have someone else trademark it out from under them, then they register it, and fail to enforce it, thus placing it in the public domain.
If their goal is to keep anyone else from using it, then they need to register it and enforce it.
Re:Why the Hell didn't Let's Encrypt register it?! (Score:5, Interesting)
Re:Why the Hell didn't Let's Encrypt register it?! (Score:5, Insightful)
Re: (Score:2)
Based on the links in the story, the trademarks are still in the examination stage and have not yet been issued.
If that is the case, Let's Encrypt can still send in forms and notify the USPTO of the conflict. They don't have much time, but if they passed along that information on their site to the patent examiner that should be enough to trigger additional investigation.
Re:Why the Hell didn't Let's Encrypt register it?! (Score:4, Informative)
Exactly - why aren't they sending a challenge to the USPTO yesterday?
Trademarks are registered all the time. In fact, it's a public process - every new application is posted so opposition to registration can be recorded. If the Lets Encrypt folks aren't filing an opposition, (and not done so ages ago), then they're basically letting the ball drop.
It happens all the time - plenty of companies apply for trademarks only to have them opposed during application.
In fact, the thornier side of trademarks are marks not necessarily used in commerce - Microsoft, for example, owns two trademarks they don't use on products (NorthWinds and Contoso, I believe). Instead, they're registered so Microsoft can use them in demos and other things freely without running into any trademark issues.
Re: (Score:2)
Any party who is harmed can potentially file a Lanham Act Opposition [nolo.com]
The problem is, You probably have to appear in person, or pay somebody to appear in person.
Because the next step after filing opposition is a Proceeding at USPTO to resolve the Dispute between parties
I don't know about you..... but for me travelling all the way to the USPTO in Washington D.C. would be quite a hardship.
Not to mention all the time I couldn't be working in my job or working on improving my business or service.....
Re: (Score:1)
Not to mention all the time I couldn't be working in my job or working on improving my business or service...
Exactly, it's a transparently anti-competitive operation. The CEO's forum post tacitly admits as such. I don't get what's with all these people here saying that if you haven't sought to have the government enforce monopolies on your behalf, you're actually the bad guy.
Re: (Score:2)
What's even more bizarre is seeing executives of Comodo claiming LetsEncrypt Stole their business model [comodo.com].
Apparently Comodo was the first to issue 90-day Free SSL Certificates, So any future CA who does that is stealing Comodo's business model.
Doesn't make sense to me. a Key difference with LetsEncrypt, is the 90-Day certificates can be Renewed Indefinitely.
With Comodo, the 90-Day issuance is an Evaluation/Trial per Domain name, and you cannot renew after the 90 days without paying.
Re: (Score:1)
Correction: You can't trademark if the mark is already used "IN TRADE".
The foundation is a non-profit organization providing free certificates under that name. That is not "TRADE" (i.e. business, i.e. involving exchange of money for value).
However, by the same token, the seemingly slimy corporation seeking the trademark should be hard pressed to stop the non-profit's use of the mark for a free service, since that is not competing TRADE since it is not TRADE.
Besides, if it ever came to a case where they trie
Re: (Score:2)
Re: (Score:2)
So the Comodo product can then use the term to refer to their product(s) and ride on the coattails of the nonprofit service's good name; but no other company will be able to use that term "In Trade". Profit!
Re: (Score:2)
Your theory that non-profits don't receive trademark protection is novel, and already refuted by existing precedent. Yes, public activities can be "trade" even when the underlying purpose is not profit! Wowsers, Pres., you went loco on that one.
Re: (Score:2)
I don't think so. Back in the '80s I did tech support for a small startup (long gone by now) marketing specialized software to law firms. The owner of the firm was a lawyer and he trademarked the program's name after doing a proper trademark search. About a year after we started selling, we got a Cease and Desist letter from somebody who'd been marketing a completely different, unrelated progra
Re: (Score:2)
I am not a lawyer but I did google for a few seconds...
It looks like to register a *Trade* Mark, you have to be using it in commerce. Let's encrypt not having any financial anything going on can't say their stuff is in commerce, even if they want to.
Secondly, in "Let's Encrypt", it only had value in the first place if it had taken off. If it hadn't taken off, then there would have been no point in 'defending' the name (also, no one would really want it). It did take off, and as such it is so well known *
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:1)
Linux wasn't trade marked at the start. The a con-man named William Della Croce Jr. registered it as a trademark and started demanding money from distros, book publishers, etc. Despite the fact that the names is just Linus with an x at the end replacing the s, it still took about a year to get the trademark away from the slimeball in court.
Re: (Score:2)
Re: (Score:2)
All they have to do is use the mark at some point when asking for donations. If they use it in conjunction with soliciting donations, that is trade. Because of the way the activities of non-profits are defined, this means pretty much if they ever use the term, they're using it in trade.
Technicalities might be more technical than just supposing.
Re: (Score:1)
That's one perspective. See red tape, eat red tape. What could possible go wrong?
Here's another perspective. Have you heard of the Age of Aquarius? How about the Age of Panopticonus?
I don't know precisely when the age of Panopticonus began. We can bracket this down to sometime between the first transparent-pixel web bug, of which the oldest mention I can find on Google is 15 July 1995, and the Snowden revelations of 5 June 201
Re: (Score:1)
Let me help you:
Rotae iustitiae volvunt lente, sed ruminant optime.
Remove Comodo CA (Score:5, Insightful)
Comodo proved themselves that are not trustwordy.
Re: (Score:2)
I buy certificates from them for $5/year. It's hardly blood-sucking. The competition sells the same thing for 10x more.
Re: (Score:3, Insightful)
Comodo proved themselves that are not trustwordy.
If they are untrustworthy in this respect, can they be trusted to perform due diligence when issuing certificates? After all a CA is supposed to be a "Trusted Third Party". If a CA shows itself not to be trustworthy, then maybe the browser suppliers should remove them from the (default) list of trusted CAs.
Re: (Score:2)
If I understand what I'm seeing correctly, Firefox doesn't mark them as trusted, but it's not clear to me why they are grouped together with AddTrust, which is trusted. And a simple search says it is "powered by Comodo". Does this mean that they should also be untrusted?
Re:Remove Comodo CA (Score:5, Insightful)
Re: (Score:1)
Yeah, that's a lot of punctuation. Why do they have a pre-teen for a CEO?
Re: (Score:2)
But you're ok with Apple, who sent the swat to break into a reporter's home after he gave them back the new iPhone an Apple employee left in a bar?
Re: (Score:2)
Re: (Score:2)
It was not the regular police, it was a special task force funded in part by big IT companies, including Apple.
Re: (Score:2)
Re: (Score:2)
http://www.zdnet.com/article/g... [zdnet.com]
It's called the REACT team.
Re: (Score:2)
Apple don't send SWAT anywhere.
Re: (Score:2)
The reporter had admitted, in a public document, to selling expensive stuff that wasn't his. That's a pretty serious crime. Have you ever tried committing a serious crime and publicizing it widely? I wouldn't be surprised if the police paid you a visit.
Given history, Comodo should use "Let's Infect!" (Score:5, Interesting)
PrivDog, Chomodo, hacks, and issuing certs to malware, Comodo is one company I'd steer clear from in any case.
Re:Given history, Comodo should use "Let's Infect! (Score:5, Interesting)
Re: Given history, Comodo should use "Let's Infect (Score:1)
Web browser makers "authorize" certificate authorities by accepting money from the CA to include their public keys in the web browser.
OS makers also can authorize CAs for code signing by including their public keys in the OS.
(I believe Java, being platform agnostic, has its own code signing methods separate from the OS it can run on)
So just convince Google (chrome), Mozilla (Firefox), and Microsoft (IE/Edge) to stop accepting Comodo's tens of thousands of dollars each year and no longer include their CA pub
Re: (Score:2)
Browser vendors don't get paid by CAs. If you have evidence that they get tens of thousands of dollars a year from Comodo, present it.
Mozilla doesn't get paid, but the auditor does (Score:2)
Browser vendors don't get paid by CAs.
I just read Mozilla's CA inclusion policy [mozilla.org], and you appear correct. The browser maker doesn't get paid; the auditing firm "with access to the details of the subordinate CA’s internal operations" gets paid.
Software providers (Score:2)
Who is authorized to certify the Certification Authorities,
The software provider that provided the list of root certificate that your browser uses. /etc/ssl/certs or /var/lib/ca-certificates/pem) ...or your browser's provider.
Depending on your setup, it's either your OS provider...
(e.g.:
- Windows has a list of root certificates that are considered legit.
- Most Linux distribution also pack such a list some where in
(e.g.:
- Firefox comes with its own list of root certificates)
and what would it take to finally have Comodo's cert revoked?
If the software provider decides that Comodo is not trustworthy, all of the above players can
Re: (Score:2)
Who is authorized to certify the Certification Authorities, and what would it take to finally have Comodo's cert revoked?
In your software and/or browsers, you are the ultimate authority. Don't like Comodo? Remove their root cert from your trust store.
Re: (Score:3)
PrivDog, Chomodo, hacks, and issuing certs to malware, Comodo is one company I'd steer clear from in any case.
Shit, Namecheap still uses them for their resold SSL certs. If Namecheap doesn't have another option next time I need to renew one, I'm going elsewhere. That would be a pain, but I'm officially done with Comodo after this - seven strikes and I'm stupid for not calling you out on three.
Re: (Score:3)
Not surprising coming from a company that trolls other SSL Certificate Authorities and tries to steal their customers. Everytime my GoDaddy certs are up for renewal, these bitches from Comodo start calling and telling me how much money they can save me.
That's nothing, they called me and tried to get me to switch away from their own resellers.
Re: (Score:1)
Agreed, they just called one of my employees 2 days ago. He was like "Comodo is calling about XYZ.com's cert expiring, we need to renew it" and I was like "That's cute, we buy our certs from GoDaddy." Then he was like yeah, but they are cheaper, 5 years for $499 and I was like "That's interesting, 39 months is the max time a cert can be issued for since 2015, tell them to go pound sand." Seriously, Comodo can go die in a fire. They even tried to tell him that we are getting our GoDaddy certs from Micros
Drop Comodo CA (Score:3, Insightful)
With everything Comodo has done, or not done, that should have gotten them removed, maybe we should push to have the Comodo CA certs dropped from the products and platforms of sponsors "EFF, Mozilla, Cisco, Akamai and others".
Hence the trademark (Score:5, Insightful)
Someone needs to show paying Comodo customers how to use Let's Encrypt to renew their certs for free.
I think that's the reason why Comodo is trying to own the Let's Encrypt name....
Social media backlash (Score:2)
Re: (Score:2)
Re: (Score:2)
Nothing there yet.
Here, let me make it easy for you guys:
https://www.facebook.com/ComodoHome/?fref=nf [facebook.com]
Can't trademark if the mark is already used (Score:4, Informative)
In the US if you use a trademark, you own the the trademark even if you haven't registered it. Since it is already being used in commerce for that mark, the application shouldn't be successful and can be challenged in the courts if it is granted.
Re: (Score:2)
They can't exclude LetsEncrypt from Using it, BUT They might be able to stop LestEncrypt from trademarking it.
Their planned disruption could be not to get the Trademark, but to start using the name for something disreputable.
Stop LE from getting their mark AND dilute the name by intentionally abusing it.
Re:Can't trademark if the mark is already used (Score:4, Interesting)
They're most likely just trying to prevent Let's Encrypt from entering the commercial arena of issuing TLS certificates by creating legal barriers. Let's Encrypt's popularity is soaring and they're quickly capturing the low-end markets with minimal trust and identification requirements. They might see a possibility that Let's Encrypt might some day become a big player and thus a major competitor to COMODO.
Re: (Score:2)
Have they consistently - every time - claimed a trademark on it? And enforced that claim consistently? If not, then they have no enforceable claim to it.
They do, however, have an enforceable right to keep using it if they were before the application from slimebags was filed.
Let's Stop Trusting Comodo (Score:2)
How does that tagline sound?
Re: (Score:1)
That's a good idea and easy to do, I won't buy anything from Comodo from on now.
Re: (Score:2)
I was thinking more along the lines of requesting that Browsers drop their CAs' from the Trust store for reasons along the line of Bad Faith behavior / Attempting to fraudulently or deceptively appropriate the names of other organizations in a manner unbecoming of a Trusted Authority or ID certification agency.
Seen this so many times (Score:2)
This is like the Linux trade mark wars [wikipedia.org] all over again. There's always some sleazy company trying to benefit from people's good will.
Comodo carved by Moxie Marlinspike (Score:3)
Moxie Marlinspike tells a story about Comodo at BlackHat 2011 [youtu.be]
The bit at 8m22 is priceless.
Comodo founder:
The hacker turns out to be a script-kiddie who got the technique from an introductory hacking video.
Comodo continues to embarrass themselves as the story unfolds, with their CEO finally complaining that all this wouldn't be a problem if man-in-the-middle wasn't possible. Huh? Aren't you in the business of selling the solution to the MITM problem?
Why does Comodo even still exist? (Score:4, Interesting)
How is it that they haven't had their issuer's license revoked already? They've already been found wanting as a cert provider, since they seem to have no qualms about issuing fraudulent certificates.
And now they're trying to fraudulently use someone else's trademark?
How much more fraud will they be allowed to perform before someone gives them a serious slap?
Oh, wait, what am I thinking... This is the US. As long as their shareholders are happy they could rape, pillage and burn entire towns and no one would care.
Re: (Score:2)
...They've already been found wanting as a cert provider,...
I've seen Comodo certs on sites like Comcast's site login.comcast.net. It appears that Comodo has gotten its fingers deep into our infrastructure.
Re: (Score:2)
After reading their CEO's reply in the update, I'd suggest they try to register the trademark "90." It's their business model. Or maybe they should trademark "FREE!"
I stopped using Comodo (Score:2)
.
This Let's Encrypt fiasco is just another example of how low Comodo's business practices really are.
Don't do business with orgs that treat us badly. (Score:2)
Horrible statement (Score:5, Informative)
I actually didn't really want to read too deeply into this when the article first came up. I figured it could be a thorny issue and that maybe Comodo had previously used "Let's Encrypt" in marketing somewhere prior to the free campaign. Then I read their CEO's statement, and it's pretty clear that he just plain feels threatened and he acts as if he invented the concept of a 90-day free trial. I can certainly see where he could be losing money; but I guess as an onlooker, if someone can come along and take your money that way, your position was pretty weak in the first place.
So I guess I'd say I now feel that attempting to register this trademark seems pretty abusive, and the person who convinced me of that was Comodo's CEO in his post on his company's forums.
Re: (Score:2)
Ditto. After reading his comment I was thinking:
"You and your company are being jerks....stop it."
Though the only Comodo product I use is their free s/mime e-mail cert. I used to get them from thawte, but they stopped doing it.
Re: (Score:2)
Re: (Score:2)
he acts as if he invented the concept of a 90-day free trial
He apparently thinks of it in the same way as a design patent:
"Of course it's a new invention! We invented the 90-day free trial... for an ssl."
Re: (Score:2)
as if he invented the concept of a 90-day free trial
There's a bit of difference between an one-time evaluation that can't be extended, and an automated repeated process that continually renews certs.
90 (Score:1)
Re: (Score:2)
That guy is a embarrassment.
The very idea that a CEO would respond in an online forum about this kind of thing is ridiculous. To make such a poor argument, on top of the poor judgement to even comment, is inexcusable.
Gavin Belson would be the only "person" I'd expect to do this.
Let's Encrypt (Score:1)
Its like a piece of art. Let's Encrypt made their art, put it out there, and then came along the bully trying to steal the art of the project Let's Encrypt. The question here is, if someone else made the art and Comodo had nothing to do with it, how could they come in and claim ownership of some part of the art? Under the 1st amendment someone else made that art. Should we not honor the ownership and creator of that art? Should we not have a mechanism to stop Comodo from attempting to steal ownership of the
Comodo is dropping it now (Score:5, Informative)
Voting with my feet (Score:2)
I've used Comodo's firewall for years. I have now removed it from all but one computer, which I don't use all that much anymore. When I am assured that Comodo has, in fact, abandoned its efforts to steal "Let's Encrypt", I'll go back. I like their firewall, and it will hurt to go through all the little adjustments that get the replacement (Kaspersky Internet Security) working exactly the way I like.
Why didn't Comodo go with Free SSL trademark? (Score:1)
Some stats from the CEO's first post:
Free SSL: mentioned 9 times, 7 of them in one paragraph;
Comodo: only 3 times
Seems they should leave Let's Encrypt alone and go with Free SSL instead.
Re: (Score:2, Offtopic)
And antivirus stops all viruses.
And medicines cures all illnesses.
How many MASS shootings? Much less.
How many shootings in general? Much less.
Go learn statistics, some HUNDREDS of times more shootings in the US.
Re: (Score:1)
More people are killed in the US by knives, as in being stabbed by a knife-wielding criminal.
How many of those cases were considered mass knifings where four or more people selected indiscriminately, not including the perpetrator, were killed?
Re: (Score:2)
Re: (Score:2)
Yes, it would likely stop a lot of shootings, but obviously not all of them.
Murder rate US: 3.9 / 100k
There is only one place worse in the EU: Lithuania with a whopping 5.5 / 100k, on average the EU is a lot less than the US.
Taking the listed countries you end up with the following.
Austria: 0.5
Belgium: 1.8
France 1.2
UK 1.0
Germany: 0.9
All which are significantly lower than the average of the US.