Comodo Attempting to Register 'Let's Encrypt' Trademarks, And That's Not Right

Let's Encrypt is a nonprofit aimed at encrypting the entire web. It provides free certificates, and its service is backed by EFF, Mozilla, Cisco, Akamai and others. Despite it being around for years, security firm Comodo, which as of 2015, was the largest issuer of SSL certificates with a 33.6% market share on 6.6% of all web domains, last year in October filed for the trademark Let's Encrypt. The team at Let's Encrypt wrote in a blog post today that they have asked Comodo to abandon its "Let's Encrypt" applications, directly but it has refused to do so. The blog post adds: We've forged relationships with millions of websites and users under the name Let's Encrypt, furthering our mission to make encryption free, easy, and accessible to everyone. We've also worked hard to build our unique identity within the community and to make that identity a reliable indicator of quality. We take it very seriously when we see the potential for our users to be confused, or worse, the potential for a third party to damage the trust our users have placed in us by intentionally creating such confusion. By attempting to register trademarks for our name, Comodo is actively attempting to do just that. Update: 06/23 22:25 GMT by M :Comodo CEO has addressed the issue on company's forum (screenshot).

Why the Hell didn't Let's Encrypt register it?!

[mrchaotica]

If you don't want somebody else to use a trademark, register it for yourself!

Re:Why the Hell didn't Let's Encrypt register it?!

[K.+S.+Kyosuke]

Well, they can still register the Yrg'f Rapelcg! trademark...

Re:Why the Hell didn't Let's Encrypt register it?!

They don't want the burden of enforcing it, though now they are basically required to do so anyway.

Thanks Comodoodoo!

Re:Why the Hell didn't Let's Encrypt register it?!

[zuckie13]

Well, for one, they don't have to to be the owner of it. In the US, it's first to use, not first to register. It's pretty clear they have been using it well before this application was submitted - an application that says it's not in use by that company yet. I'd love to hope that the trademark office will just reject it, but they'll probably drag this out.

Re:Why the Hell didn't Let's Encrypt register it?!

[Junta]

I am not a lawyer but I did google for a few seconds...

It looks like to register a *Trade* Mark, you have to be using it in commerce. Let's encrypt not having any financial anything going on can't say their stuff is in commerce, even if they want to.

Secondly, in "Let's Encrypt", it only had value in the first place if it had taken off. If it hadn't taken off, then there would have been no point in 'defending' the name (also, no one would really want it). It did take off, and as such it is so well known *specifically* in this area that their application should be rejected, as 'common law' recognizes unregistered marks if they are relevant and prominent.

Re:Why the Hell didn't Let's Encrypt register it?!

[PCM2]

That "burden" can be as onerous as having a lawyer write a letter, which it sounds like they had to do anyway. If Comodo went ahead with using their mark after receiving said letter, they would then be in the exact situation they are in now -- only they would have legal standing to enforce their mark, which presently they don't.

"Nonprofit" shouldn't mean you can't afford to pay for basic necessities like registering your business license, paying your fire insurance, and protecting your most basic and fundamental IP (your name).

Re:Why the Hell didn't Let's Encrypt register it?!

So, if they made an offering of a "premium account" for $1 that comes with a free bumper sticker, that would be considered commercial use of the trademark?

Re:Why the Hell didn't Let's Encrypt register it?!

[evolutionary]

It's a leverage game. The courts would favor Let'sEncrypt trademark (as they basically paid the government for it first). It could also be shown that in using it on such a scale it's purpose is to use Let'sEncrypt's name and in the end the group could get damages for Comodo. but first it has to pay for the lawyers to get. So it's not a matter of who is in the right, but who can use their purse strings to draw this out long enough. Our justice isn't really based on a sense of fair play, rather than whose got bling to play. Kinda like Net Neutrality. :D Hopefully Comodo decides the bad PR and litigation isn't worth it. but they might. I have little doubt they'll suggest a number (in essence blackmail) to get the domain at a "minimal fee". While it's true ideally one would register the web domain but domain != trademark. trademark wins, but only if the money exists to drag in out in court.

Re:Why the Hell didn't Let's Encrypt register it?!

[zuckie13]

The definition of use in commerce (my emphasis added) - right from the USPTO: For applications filed under the use-in-commerce basis, you must be using the mark in the sale or transport of goods or the rendering of services in “interstate” commerce between more than one state or U.S. territory, or in commerce between the U.S. and another country. For goods, the mark must appear on the goods (e.g., tags or labels), the container for the goods, or displays associated with the goods. For services, the mark must be used in the sale or advertising of the services.

Re:Why the Hell didn't Let's Encrypt register it?!

You don't need to register a trademark to obtain it, it's more important to use the mark in trade.

Let's Encrypt already has. They need to apply to register for the mark themselves.

Re:Why the Hell didn't Let's Encrypt register it?!

"common-law trademark protection" would apply here. It doesn't allow collecting damages, but it does allow a defense against others registering the trademark (in US copyright law, anyhow).

Re:Why the Hell didn't Let's Encrypt register it?!

[Frobnicator]

Based on the links in the story, the trademarks are still in the examination stage and have not yet been issued.

If that is the case, Let's Encrypt can still send in forms and notify the USPTO of the conflict. They don't have much time, but if they passed along that information on their site to the patent examiner that should be enough to trigger additional investigation.

Re:Why the Hell didn't Let's Encrypt register it?!

[epine]

If you don't want somebody else to use a trademark, register it for yourself!

That's one perspective. See red tape, eat red tape. What could possible go wrong?

Here's another perspective. Have you heard of the Age of Aquarius? How about the Age of Panopticonus?

I don't know precisely when the age of Panopticonus began. We can bracket this down to sometime between the first transparent-pixel web bug, of which the oldest mention I can find on Google is 15 July 1995, and the Snowden revelations of 5 June 2013, when Panopticonus suffered a very public Icarus moment.

In the Age of Panopticonus, if a company wants to assert a property claim to some name it can reliably find out whether such a name is already in use.

There's no point in forcing every to run off to an arbitrary red-tape registrar of record in the Age of Panopticonus. Before the AoP, it was sometimes a royal PITA to find out what was going on in the world of commerce. Back then it actually made sense to shift the burden of discovery to proactive paperwork.

If the web bug is older than you are, isn't this all beyond transparent?

Or perhaps we should make an exception for the Comodo Group, who couldn't possibly have discovered Google search by now (how would they look?), what with their membership in the very traditional UUBT (Underworld Union of Bridge Trolls).

The UUBT slogan is something along the lines of et justitiam in rota volvi lente, et ruminat multa nimis, but as they have not yet discovered the internet, I was unable to find the authoritative version on line.

—

My little adventure with Google translate from English to Latin went like this.

First I had to simplify the input. "Turn" was not recognized. And "grind" lead to bizarre outputs.

        The wheels of justice revolve slowly, but chew exceedingly fine.

This following output looks not too bad.

        Et justitiam in rota volvi paulatim, et ruminat multa nimis.

Back-translating for verification:

        And justice in the wheel, by degrees, and cheweth the cud, very much cattle.

Close enough.

Re:Why the Hell didn't Let's Encrypt register it?!

That's the exact opposite of the way trademark law works: If you don't want somebody else to register a trademark, use it for yourself (but you must be using it before them, to a sufficiently significant extent, and in the same general context).

You don't need to register a trademark to receive trademark protection, and trademark protection prevents other people from registering it (within a certain domain. For example, Apple Music couldn't stop you from naming your company Apple Computers).

As it stands, Let's Encrypt is a trademark for an organisation that provides certificates for the purpose of encryption and verification. Comodo is trying to register that same trademark for a completely different organisation that provides certificates for the purpose of encryption and verification. Comodo is very unlikely to succeed (but there's still a danger that they will, if they play their legal shenanigans right)

Re:Why the Hell didn't Let's Encrypt register it?!

[phantomfive]

Linux is trademarked. Plenty of non-profits have trademarks. Because of all that, I don't think you need to be having "financial things" going on in order to get a trademark.

Re:Why the Hell didn't Let's Encrypt register it?!

Are you going to give them the $1000+ to file properly with an attorney?

Think, type. Not the other way around.

Re:Why the Hell didn't Let's Encrypt register it?!

[tlhIngan]

Based on the links in the story, the trademarks are still in the examination stage and have not yet been issued.

If that is the case, Let's Encrypt can still send in forms and notify the USPTO of the conflict. They don't have much time, but if they passed along that information on their site to the patent examiner that should be enough to trigger additional investigation.

Exactly - why aren't they sending a challenge to the USPTO yesterday?

Trademarks are registered all the time. In fact, it's a public process - every new application is posted so opposition to registration can be recorded. If the Lets Encrypt folks aren't filing an opposition, (and not done so ages ago), then they're basically letting the ball drop.

It happens all the time - plenty of companies apply for trademarks only to have them opposed during application.

In fact, the thornier side of trademarks are marks not necessarily used in commerce - Microsoft, for example, owns two trademarks they don't use on products (NorthWinds and Contoso, I believe). Instead, they're registered so Microsoft can use them in demos and other things freely without running into any trademark issues.

Re:Why the Hell didn't Let's Encrypt register it?!

[mysidia]

Any party who is harmed can potentially file a Lanham Act Opposition

The problem is, You probably have to appear in person, or pay somebody to appear in person.

Because the next step after filing opposition is a Proceeding at USPTO to resolve the Dispute between parties

I don't know about you..... but for me travelling all the way to the USPTO in Washington D.C. would be quite a hardship.

Not to mention all the time I couldn't be working in my job or working on improving my business or service.......

Re:Why the Hell didn't Let's Encrypt register it?!

[presidenteloco]

Correction: You can't trademark if the mark is already used "IN TRADE".

The foundation is a non-profit organization providing free certificates under that name. That is not "TRADE" (i.e. business, i.e. involving exchange of money for value).

However, by the same token, the seemingly slimy corporation seeking the trademark should be hard pressed to stop the non-profit's use of the mark for a free service, since that is not competing TRADE since it is not TRADE.

Besides, if it ever came to a case where they tried to prove that the non-profit was causing confusion about Comodo's trademark, it should be easy at that point to argue in court that the non-profit was openly and widely using the mark for their activity prior to Comodo's use of the mark in the conduct of trade. Therefore it was in fact Comodo that caused whatever confusion may have arisen among Comodo's potential customer base. Case dismissed.

Warning: IANAL and tend to hope naively that natural justice will prevail in the justice system, despite all evidence to the contrary.

Re:Why the Hell didn't Let's Encrypt register it?!

[taustin]

If their goal is to not have someone else trademark it out from under them, then they register it, and fail to enforce it, thus placing it in the public domain.

If their goal is to keep anyone else from using it, then they need to register it and enforce it.

Re:Why the Hell didn't Let's Encrypt register it?!

Good advice because apparently Let's screw it! could be subject to a suit from Richard Branson for being too similar to his book entitled: Screw it, let's do it: Lessons in life.

Re:Why the Hell didn't Let's Encrypt register it?!

[AchilleTalon]

Nonetheless, it is utterly stupid to have not registered the trademark in first place given what it will cost them to oppose to Comodo in court.

Re:Why the Hell didn't Let's Encrypt register it?!

[techno-vampire]

Well, for one, they don't have to to be the owner of it. In the US, it's first to use, not first to register.

I don't think so. Back in the '80s I did tech support for a small startup (long gone by now) marketing specialized software to law firms. The owner of the firm was a lawyer and he trademarked the program's name after doing a proper trademark search. About a year after we started selling, we got a Cease and Desist letter from somebody who'd been marketing a completely different, unrelated program under the same name for about ten years, but never trademarked the name. My boss replied, pointing out that they'd never bothered to trademark the name and he had, meaning that he owned the name and they didn't. He also told them that he'd allow them to continue using the name as long as they stopped bothering him and made sure that their customers knew that this was a different program. We never heard from them again.

Re:Why the Hell didn't Let's Encrypt register it?!

[linuxgeek64]

NEVER use Google Translate with Latin. You'll get complete garbage almost all of the time (e.g. It used to provide "lacus non leo" for "merry Christmas," which actually means "the lake isn't a lion" and seems to come from lorem ipsum).

Let me help you:
Rotae iustitiae volvunt lente, sed ruminant optime.

Re:Why the Hell didn't Let's Encrypt register it?!

[Swave+An+deBwoner]

Perhaps that's what Comodo wants to happen. They will get free endorsement of the "Let's Encrypt" term from the "Let's Encrypt" nonprofit and also from "EFF, Mozilla, Cisco, Akamai and others" who currently "back the service".

So the Comodo product can then use the term to refer to their product(s) and ride on the coattails of the nonprofit service's good name; but no other company will be able to use that term "In Trade". Profit!

Re:Why the Hell didn't Let's Encrypt register it?!

[DutchUncle]

Then how could various charities have trademarks? Google "nonprofit trademark" and find lots of references.

Re:Why the Hell didn't Let's Encrypt register it?!

Linux wasn't trade marked at the start. The a con-man named William Della Croce Jr. registered it as a trademark and started demanding money from distros, book publishers, etc. Despite the fact that the names is just Linus with an x at the end replacing the s, it still took about a year to get the trademark away from the slimeball in court.

Re:Why the Hell didn't Let's Encrypt register it?!

[Aighearach]

Your theory that non-profits don't receive trademark protection is novel, and already refuted by existing precedent. Yes, public activities can be "trade" even when the underlying purpose is not profit! Wowsers, Pres., you went loco on that one.

Re:Why the Hell didn't Let's Encrypt register it?!

[Aighearach]

All they have to do is use the mark at some point when asking for donations. If they use it in conjunction with soliciting donations, that is trade. Because of the way the activities of non-profits are defined, this means pretty much if they ever use the term, they're using it in trade.

Technicalities might be more technical than just supposing.

Re:Why the Hell didn't Let's Encrypt register it?!

[ragahast]

Yeah, exactly, if you don't seek government-enforced monopolies you're actually the bad guy.

Re:Why the Hell didn't Let's Encrypt register it?!

[ragahast]

Not to mention all the time I couldn't be working in my job or working on improving my business or service...

Exactly, it's a transparently anti-competitive operation. The CEO's forum post tacitly admits as such. I don't get what's with all these people here saying that if you haven't sought to have the government enforce monopolies on your behalf, you're actually the bad guy.

Re:Why the Hell didn't Let's Encrypt register it?!

[mysidia]

What's even more bizarre is seeing executives of Comodo claiming LetsEncrypt Stole their business model.

Apparently Comodo was the first to issue 90-day Free SSL Certificates, So any future CA who does that is stealing Comodo's business model.

Doesn't make sense to me. a Key difference with LetsEncrypt, is the 90-Day certificates can be Renewed Indefinitely.

With Comodo, the 90-Day issuance is an Evaluation/Trial per Domain name, and you cannot renew after the 90 days without paying.

Remove Comodo CA

Comodo proved themselves that are not trustwordy.

Re:Remove Comodo CA

You can always use their report malware email address to report a company trying to steal from others.

Report malware signed with a code signing certificate signedmalwarealert@comodo.com

Re:Remove Comodo CA

Comodo proved themselves that are not trustwordy.

I almost made the egregious error of buying an SSL certificate for my domain. Fortunately, I waited until Let's Encrypt, the free certificate authority, appeared on-scene and registered for a certificate from Let's Encrypt via a third-party kloudesec.com. Comodo is a blood-sucking leach and should be barred from issuing any SSL certificates.

Re:Remove Comodo CA

Comodo proved themselves that are not trustwordy.

If they are untrustworthy in this respect, can they be trusted to perform due diligence when issuing certificates? After all a CA is supposed to be a "Trusted Third Party". If a CA shows itself not to be trustworthy, then maybe the browser suppliers should remove them from the (default) list of trusted CAs.

Re:Remove Comodo CA

[HiThere]

If I understand what I'm seeing correctly, Firefox doesn't mark them as trusted, but it's not clear to me why they are grouped together with AddTrust, which is trusted. And a simple search says it is "powered by Comodo". Does this mean that they should also be untrusted?

Re:Remove Comodo CA

[flopsquad]

Read their CEO's asinine post. I will never use a Comodo product. Asshats are one thing, but asshats who abuse the IP system and counter-blame the victims of their asshattery really grind my gears.

Re:Remove Comodo CA

[iggie]

Yeah, that's a lot of punctuation. Why do they have a pre-teen for a CEO?

Re:Remove Comodo CA

A CA certificate, which is the root key which gets burned into your OS / web browser whatever, in this case Firefox, is something they can't alter after they create it. So the name on the certificate doesn't magically change to reflect changes in the name or ownership of the business. This auto-generated report shows what's currently trusted by NSS (the component of Mozilla's software that drives this stuff in Firefox) and thus by most operating systems other than Windows and OS X.

https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReport

The left column is the actual entity that controls this key today, the next few columns are facts about the certificate, even if they _look_ like names of businesses you've heard of such as "Verisign" it's the name on the LEFT that is the actual organisation controlling these keys today.

Re:Remove Comodo CA

[lucm]

I buy certificates from them for $5/year. It's hardly blood-sucking. The competition sells the same thing for 10x more.

Re:Remove Comodo CA

[lucm]

But you're ok with Apple, who sent the swat to break into a reporter's home after he gave them back the new iPhone an Apple employee left in a bar?

Re:Remove Comodo CA

[apraetor]

That's more a problem with the police than with Apple though, isn't it? Not that Apple was right in requesting such action, but the police never should have consented, regardless. Hitmen still get charged with murder, AFAIK.

Re:Remove Comodo CA

[flopsquad]

1) Apple does not have the power to send a SWAT team to do anything. Even with hundreds of billions in net worth, they are not a paramilitary force, and are not in the chain of command of any law enforcement organization that would have jurisdiction over that reporter's house. Apple asked law enforcement to investigate someone with photographic evidence of, and admitted $5000 payment for, an unreleased prototype device that they ought not to have. A judge issued a warrant (which may or may not have been overbroad, considering 1A protections for journalists), and law enforcement took that warrant and acted on it, effecting a judicially authorized search and seizure.

2) I vehemently disagree with the militarization of police departments nationwide, and the misuse SWAT forces. I can't state strongly enough that military equipment and tactics are far overused by police, and that this overuse in concert with a warzone/enemy combatant mentality is an existential threat to our free and democratic way of life.

That said, sending SWAT to investigate Jason Chen's house would seem to be unnecessary and over the top, when a few detectives would've sufficed. However:

a) I went back through a bunch of articles from that era and can't verify that SWAT was even present.

b) Let's assume SWAT was there. Because nobody answered the door (Chen wasn't home), the cops had to break the door down to perform their search. Leaving aside the necessity of breaking down doors in the first place (I suppose we could tell cops to just keep coming back again and again, and maybe someday be able to serve their warrant if the suspect isn't purposely staying away or staying silent when they come knocking), I presume it's common practice when forcibly entering a dwelling to have the right people and equipment for the job, meaning SWAT. People in their homes who are faced with a sudden and violent incursion are liable to shoot at you. So it makes sense to have the team with the body armor, battering ram, and breach training do the entry, rather than have Barney Fife and Ponch kick the door down and maybe get themselves and the inhabitant killed.**

If you have evidence that Apple illegally influenced or even encouraged the investigating REACT unit to use more force than was necessary, as a way of "scaring" Chen or other journalists, please provide. That would absolutely qualify as "asshattery", at a minimum...

3) I was specifically talking about abuse of the intellectual property system. Not that I would overlook if a company was using blood diamonds to fund terrorist activities in their illegal toxic waste dump. But what you're talking about is not misusing IP protections. It's investigating suspected theft of a physical item and related felonies. Police usually go and check those kinds of things out, even when the person returning the item says, "I bought it from a guy who found it in a bar, honest!"

tl;dr - Apple is certainly not above criticism, and has surely engaged in some IP shenanegans (instances of trademark enforcement overreach come to mind), but your example is inapt.

** Yes, SWAT has been known to kill people and their pets, which makes me furious. IIRC most of that stems from no-knock, middle of the night raids. I would be in favor of extreme limitations on those kinds of raids, reductions in the use of SWAT generally, and elimination of military equipment like M-79s and MRAPs. But I don't think there's any way to get around it: police will from time to time need to force entry into a building, and SWAT is the correct choice to do it.

Re:Remove Comodo CA

[thegarbz]

Apple don't send SWAT anywhere.

Re:Remove Comodo CA

[david_thornley]

The reporter had admitted, in a public document, to selling expensive stuff that wasn't his. That's a pretty serious crime. Have you ever tried committing a serious crime and publicizing it widely? I wouldn't be surprised if the police paid you a visit.

Re:Remove Comodo CA

[lucm]

It was not the regular police, it was a special task force funded in part by big IT companies, including Apple.

Re:Remove Comodo CA

[lucm]

http://www.zdnet.com/article/g...

It's called the REACT team.

f*ck comodo

'Nuff said.

Re:US gun ban

[ledow]

And antivirus stops all viruses.

And medicines cures all illnesses.

How many MASS shootings? Much less.
How many shootings in general? Much less.

Go learn statistics, some HUNDREDS of times more shootings in the US.

I made a small donation to LE

Just to let them be able to defend against this attack.

Given history, Comodo should use "Let's Infect!"

[BenJeremy]

PrivDog, Chomodo, hacks, and issuing certs to malware, Comodo is one company I'd steer clear from in any case.

Comodo Shady Ass Sales

Not surprising coming from a company that trolls other SSL Certificate Authorities and tries to steal their customers. Everytime my GoDaddy certs are up for renewal, these bitches from Comodo start calling and telling me how much money they can save me.

Re:Comodo Shady Ass Sales

[gmack]

Not surprising coming from a company that trolls other SSL Certificate Authorities and tries to steal their customers. Everytime my GoDaddy certs are up for renewal, these bitches from Comodo start calling and telling me how much money they can save me.

That's nothing, they called me and tried to get me to switch away from their own resellers.

Re:Comodo Shady Ass Sales

[Zaphon]

Agreed, they just called one of my employees 2 days ago. He was like "Comodo is calling about XYZ.com's cert expiring, we need to renew it" and I was like "That's cute, we buy our certs from GoDaddy." Then he was like yeah, but they are cheaper, 5 years for $499 and I was like "That's interesting, 39 months is the max time a cert can be issued for since 2015, tell them to go pound sand." Seriously, Comodo can go die in a fire. They even tried to tell him that we are getting our GoDaddy certs from Microsoft (as if it's a bad thing, we're an Azure shop using Microsoft technologies for everything we do, despite as far as I know it being a completely false statement). *shrugs*

Re:Given history, Comodo should use "Let's Infect!

[PatientZero]

Who is authorized to certify the Certification Authorities, and what would it take to finally have Comodo's cert revoked?

Dick move

Add another company to the "do not use" list...

Drop Comodo CA

With everything Comodo has done, or not done, that should have gotten them removed, maybe we should push to have the Comodo CA certs dropped from the products and platforms of sponsors "EFF, Mozilla, Cisco, Akamai and others".

Re:Drop Comodo CA

Someone needs to show paying Comodo customers how to use Let's Encrypt to renew their certs for free.

Social media backlash

[nut]

Comodo have facebook pages, twitter, accounts, contact forms on their website and email addresses. Go and tell them what you think of this.

Re:Social media backlash

[Frobnicator]

Nothing like a steady stream of 1-star reviews on social media to bring to action.

Re:Social media backlash

[Esteanil]

Nothing there yet.

Here, let me make it easy for you guys:

https://www.facebook.com/ComodoHome/?fref=nf

Prior knowledge!

A lawyer could argue that Comodo did have knowledge of this mark being in use elsewhere due to this link:
http://forums.comodo.com/general-security-questions-and-comments/the-eff-to-launch-lets-encrypt-certificate-authority-t108054.0.html

Surely their lawyers know that the granted mark will be invalidated within the first 30 days, so why persist? To maliciously drain money from a .org out of spite.

Drop the application. Earn a little goodwill.

Re:US gun ban

And antivirus stops all viruses.

And medicines cures all illnesses.

How many MASS shootings? Much less.
How many shootings in general? Much less.

Go learn statistics, some HUNDREDS of times more shootings in the US.

More people are killed in the US by knives, as in being stabbed by a knife-wielding criminal.

Re: Given history, Comodo should use "Let's Infect

Web browser makers "authorize" certificate authorities by accepting money from the CA to include their public keys in the web browser.

OS makers also can authorize CAs for code signing by including their public keys in the OS.
(I believe Java, being platform agnostic, has its own code signing methods separate from the OS it can run on)

So just convince Google (chrome), Mozilla (Firefox), and Microsoft (IE/Edge) to stop accepting Comodo's tens of thousands of dollars each year and no longer include their CA public key.

Good luck :P

They produce malware

Comodo only makes fake AV and malware software. Stay far, FAR away!

Can't trademark if the mark is already used

[LetterRip]

In the US if you use a trademark, you own the the trademark even if you haven't registered it. Since it is already being used in commerce for that mark, the application shouldn't be successful and can be challenged in the courts if it is granted.

Re:Can't trademark if the mark is already used

[mysidia]

They can't exclude LetsEncrypt from Using it, BUT They might be able to stop LestEncrypt from trademarking it.

Their planned disruption could be not to get the Trademark, but to start using the name for something disreputable.

Stop LE from getting their mark AND dilute the name by intentionally abusing it.

Re:Can't trademark if the mark is already used

[Sax+Russell+5449D29A]

They're most likely just trying to prevent Let's Encrypt from entering the commercial arena of issuing TLS certificates by creating legal barriers. Let's Encrypt's popularity is soaring and they're quickly capturing the low-end markets with minimal trust and identification requirements. They might see a possibility that Let's Encrypt might some day become a big player and thus a major competitor to COMODO.

Re:Can't trademark if the mark is already used

[taustin]

Have they consistently - every time - claimed a trademark on it? And enforced that claim consistently? If not, then they have no enforceable claim to it.

They do, however, have an enforceable right to keep using it if they were before the application from slimebags was filed.

Let's Stop Trusting Comodo

[mysidia]

How does that tagline sound?

Re:Let's Stop Trusting Comodo

[GioMac]

That's a good idea and easy to do, I won't buy anything from Comodo from on now.

Re:Let's Stop Trusting Comodo

[mysidia]

I was thinking more along the lines of requesting that Browsers drop their CAs' from the Trust store for reasons along the line of Bad Faith behavior / Attempting to fraudulently or deceptively appropriate the names of other organizations in a manner unbecoming of a Trusted Authority or ID certification agency.

Re:Given history, Comodo should use "Let's Infect!

Browser and OS vendors decide which CAs they trust enough to honour.

Seen this so many times

[Sax+Russell+5449D29A]

This is like the Linux trade mark wars all over again. There's always some sleazy company trying to benefit from people's good will.

Re:US gun ban

[PatientZero]

More people are killed in the US by knives, as in being stabbed by a knife-wielding criminal.

How many of those cases were considered mass knifings where four or more people selected indiscriminately, not including the perpetrator, were killed?

Software providers

[DrYak]

Who is authorized to certify the Certification Authorities,

The software provider that provided the list of root certificate that your browser uses.
Depending on your setup, it's either your OS provider...
(e.g.:
- Windows has a list of root certificates that are considered legit.
- Most Linux distribution also pack such a list some where in /etc/ssl/certs or /var/lib/ca-certificates/pem) ...or your browser's provider.
(e.g.:
- Firefox comes with its own list of root certificates)

and what would it take to finally have Comodo's cert revoked?

If the software provider decides that Comodo is not trustworthy, all of the above players can push an update and not include its certificate in the new updated list.
(e.g.: Microsoft periodically pushes a security update called "Root Certificates".
And sometimes, on some new versions, Firefox ships with a new modified list)
This has happened already with some of China's certificate which were used in MITM attack to spy on their citizens.

Firefox has also a faster way to directly issue warnings and potential revocation without even waiting for an update. (OneCRL)
I have no idea about edge.
I suspect that chrome has some similar approach, which probably require you to pipe every single visited URL to some cloud processing server to attest if safe or not.

Hence the trademark

[DrYak]

Someone needs to show paying Comodo customers how to use Let's Encrypt to renew their certs for free.

I think that's the reason why Comodo is trying to own the Let's Encrypt name....

Re:US gun ban

[NoImNotNineVolt]

Is knifing four or more people in one incident worse than knifing one person in each of four incidents? If so, why? If not, why do you draw a distinction?

Comodo carved by Moxie Marlinspike

[epine]

Moxie Marlinspike tells a story about Comodo at BlackHat 2011

The bit at 8m22 is priceless.

Comodo founder:

This [attack] was extremely sophisticated and critically executed. It was a very well orchestrated, very clinical attack, and the attacker knew exactly what they needed to do and how fast they had to operate.

The hacker turns out to be a script-kiddie who got the technique from an introductory hacking video.

Comodo continues to embarrass themselves as the story unfolds, with their CEO finally complaining that all this wouldn't be a problem if man-in-the-middle wasn't possible. Huh? Aren't you in the business of selling the solution to the MITM problem?

What happened to Comodo? Nothing. Their business didn't suffer, they didn't lose customers. In fact, the only thing that happened was that their CEO was named "entrepreneur of the year" at RSA 2011.

Re:Given history, Comodo should use "Let's Infect!

Who is authorized to certify the Certification Authorities

You. You have (probably by default) configured your computer to trust them. Look in /etc/ssl/certs. You trust everything in there.

rm /etc/ssl/certs/Comodo*.pem to fix the problem.

Re: US gun ban

It can't be reasoned with, it doesn't feel pity, or remorse, or empahty. And it absolutely will not stop, ever, until your natural right to self defense is dead.

Why does Comodo even still exist?

[ilsaloving]

How is it that they haven't had their issuer's license revoked already? They've already been found wanting as a cert provider, since they seem to have no qualms about issuing fraudulent certificates.

And now they're trying to fraudulently use someone else's trademark?

How much more fraud will they be allowed to perform before someone gives them a serious slap?

Oh, wait, what am I thinking... This is the US. As long as their shareholders are happy they could rape, pillage and burn entire towns and no one would care.

Re:Why does Comodo even still exist?

[QuietLagoon]

...They've already been found wanting as a cert provider,...

I've seen Comodo certs on sites like Comcast's site login.comcast.net. It appears that Comodo has gotten its fingers deep into our infrastructure.

Re:Why does Comodo even still exist?

[mtrachtenberg]

After reading their CEO's reply in the update, I'd suggest they try to register the trademark "90." It's their business model. Or maybe they should trademark "FREE!"

I stopped using Comodo

[QuietLagoon]

I stopped using Comodo for my SSL certs when I read about their MitM attacks using SSL certs. To me, it appears that they are not a suitable vendor for anything security related.

.
This Let's Encrypt fiasco is just another example of how low Comodo's business practices really are.

How many nerds does it take to remove a root cert?

How much is a Comodo certificate worth if enough people ban the Comodo root certificate from their computers? You want to play hard ball, Comodo? Careful what you wish for.

The Comodo CEO doesn't know ...

... the difference between a trademark and a copyright. They obviously speak and write English as a second language, and they are obsessed with the number 90 as if 90 days has never been used by anyone before as an approximation for three calendar months or one quarter year in any business context.

Drop Comodo CA from Firefox

Drop Comodo CA from Firefox should be a very strong deterrent.

Re:Given history, Comodo should use "Let's Infect!

They're shipped by various software makers. All that has to happen is that people choose other certs. You can remove Comodo from your own systems in most software, though you may have to look at many places (Windows cert store, Mozilla's cert store, Java's cert store, etc.) at the cost of breaking a lot of things.

There is a 'death penalty' that could be invoked. It's not something they use lightly, though, but at this point, I'm sort of surprised Comodo is still trusted...

Re:US gun ban

[lordholm]

Yes, it would likely stop a lot of shootings, but obviously not all of them.

Murder rate US: 3.9 / 100k
There is only one place worse in the EU: Lithuania with a whopping 5.5 / 100k, on average the EU is a lot less than the US.

Taking the listed countries you end up with the following.
Austria: 0.5
Belgium: 1.8
France 1.2
UK 1.0
Germany: 0.9

All which are significantly lower than the average of the US.

Don't do business with orgs that treat us badly.

[jbn-o]

Given how unprincipled /. moderators are (see any thread about whether a /. moderator will pay to see the next Star Wars movie and keep in mind Disney's behavior on DRM and copyright term extension, for instance), I'd say you're sadly in the minority. Cases like this are ample reason to refuse to do business with organizations that treat us badly, but /. moderators became far more concerned with convenience at any price.

Ummm...

Can Comodo register a trademark on a phrase that the non-profit "Let's Encrypt!" has copyrighted?

Horrible statement

[Wuhao]

I actually didn't really want to read too deeply into this when the article first came up. I figured it could be a thorny issue and that maybe Comodo had previously used "Let's Encrypt" in marketing somewhere prior to the free campaign. Then I read their CEO's statement, and it's pretty clear that he just plain feels threatened and he acts as if he invented the concept of a 90-day free trial. I can certainly see where he could be losing money; but I guess as an onlooker, if someone can come along and take your money that way, your position was pretty weak in the first place.

So I guess I'd say I now feel that attempting to register this trademark seems pretty abusive, and the person who convinced me of that was Comodo's CEO in his post on his company's forums.

Re:Horrible statement

[CronoCloud]

Ditto. After reading his comment I was thinking:

"You and your company are being jerks....stop it."

Though the only Comodo product I use is their free s/mime e-mail cert. I used to get them from thawte, but they stopped doing it.

Re:Horrible statement

I had the same reaction with the:

"Lets encrypt could have chosen 57 days, 30 days or any other number for the lifetime of their certificates. But they chose to use Comodo's 90 day Free SSL model that we established in the market place for over 9 years!!! We invented the 90 day free ssl. Why are they copying our business model of 90 day free ssl is the question! [...] ...copying our model of giving certificates for 90 days for free is not ethical. "

This is an argument of Shkrelian proportions. One of those statements that you can't help but imagine the smirk on his face he must have had when he typed it.

Obviously, Comodo's business model is threatened by the free certs, and this is their unprofessional smart-ass response.

Re:Horrible statement

[deniable]

It's funny that he treats "Let's Encrypt" as a legitimate business. His lawyers just face-palmed.

Re:Horrible statement

[Waccoon]

he acts as if he invented the concept of a 90-day free trial

He apparently thinks of it in the same way as a design patent:

"Of course it's a new invention! We invented the 90-day free trial... for an ssl."

Re:Horrible statement

[KiloByte]

as if he invented the concept of a 90-day free trial

There's a bit of difference between an one-time evaluation that can't be extended, and an automated repeated process that continually renews certs.

90

[mjtrac95570]

After reading the post by Comodo's "leader," I'd suggest that Comodo abandon "Let's Encrypt" before a court shames them. If the jackass wants a trademark, I'd suggest he try to register "90."

Re:90

[Zaelath]

That guy is a embarrassment.

The very idea that a CEO would respond in an online forum about this kind of thing is ridiculous. To make such a poor argument, on top of the poor judgement to even comment, is inexcusable.

Gavin Belson would be the only "person" I'd expect to do this.

Re:Given history, Comodo should use "Let's Infect!

[bill_mcgonigle]

PrivDog, Chomodo, hacks, and issuing certs to malware, Comodo is one company I'd steer clear from in any case.

Shit, Namecheap still uses them for their resold SSL certs. If Namecheap doesn't have another option next time I need to renew one, I'm going elsewhere. That would be a pain, but I'm officially done with Comodo after this - seven strikes and I'm stupid for not calling you out on three.

Re: US gun ban

First time you've tried alcohol?

ISRG can still file its own trademark application

ISRG can file its own application for the trademark, as well as submit a complaint to the USPTO that Comodo's request should not be granted.

Let's Encrypt

[strstr]

Its like a piece of art. Let's Encrypt made their art, put it out there, and then came along the bully trying to steal the art of the project Let's Encrypt. The question here is, if someone else made the art and Comodo had nothing to do with it, how could they come in and claim ownership of some part of the art? Under the 1st amendment someone else made that art. Should we not honor the ownership and creator of that art? Should we not have a mechanism to stop Comodo from attempting to steal ownership of the art?

Now the CEO had a funny comment about how Lets Encrypt was copying Comodo's business model of 90 day free certs but, really that's not the case. When you create a product you tend to try to make one that is comparable or better to existing products in this case they matched their competitors product so as to avoid not creating a deliberately inferior product people wouldn't want.

obamasweapon.com

Re:Given history, Comodo should use "Let's Infect!

[Fnord666]

Who is authorized to certify the Certification Authorities, and what would it take to finally have Comodo's cert revoked?

In your software and/or browsers, you are the ultimate authority. Don't like Comodo? Remove their root cert from your trust store.

Comodo is dropping it now

[InvisiBill]

In the linked forum thread, from robinalden (Comodo Staff):

With LE now being an operational business, we were never going to take the these trademark applications any further. Josh posted a link to the application and as of February 8th it was already in a state where it will lapse.
Josh was wrong when he said we’d “refused to abandon our applications”. We just hadn’t told LE we would leave them to lapse.
We have now communicated this to LE.

Trademark Comodo's Private Key Sequence

Where are the hackers when you need them? The ultimate payback would be to file a trademark for the private key sequence of Comodo's root signing certificate.

Re: Given history, Comodo should use "Let's Infect

[roca]

Browser vendors don't get paid by CAs. If you have evidence that they get tens of thousands of dollars a year from Comodo, present it.

Voting with my feet

[hyades1]

I've used Comodo's firewall for years. I have now removed it from all but one computer, which I don't use all that much anymore. When I am assured that Comodo has, in fact, abandoned its efforts to steal "Let's Encrypt", I'll go back. I like their firewall, and it will hurt to go through all the little adjustments that get the replacement (Kaspersky Internet Security) working exactly the way I like.

Comodo, NEVER EVER AGAIN.

Have been using Comodo, but NEVER EVER AGAIN.

Why didn't Comodo go with Free SSL trademark?

[mimino]

Some stats from the CEO's first post:
Free SSL: mentioned 9 times, 7 of them in one paragraph;
Comodo: only 3 times

Seems they should leave Let's Encrypt alone and go with Free SSL instead.

Remove them as a CA

If you dont like Comodo, remove their CA certs from your machine.

I'm doing it just to see how it goes:

root:/etc/ssl/certs # tar zcvf douches.tgz `ls | grep -i comodo` && rm `ls | grep -i comodo`
Comodo_AAA_Services_root.pem
COMODO_Certification_Authority.pem
COMODO_ECC_Certification_Authority.pem
COMODO_RSA_Certification_Authority.pem
Comodo_Secure_Services_root.pem
Comodo_Trusted_Services_root.pem

Actually, I'm just tarring them up in case for some reason I do need them back.

Mozilla doesn't get paid, but the auditor does

[tepples]

Browser vendors don't get paid by CAs.

I just read Mozilla's CA inclusion policy, and you appear correct. The browser maker doesn't get paid; the auditing firm "with access to the details of the subordinate CA’s internal operations" gets paid.

King.com?

Before they sold to Activision, King.com tried to register trademarks on the words CANDY and SAGA. So not only is this, wrong, it's copycat.

Re: Why the Hell didn't Let's Encrypt register it?

Originally (by Sextus Empiricus, translated from Greek): Est mola tarda dei, verum molit illa minutim. "Is millstone late God's, but grinds she finely."