Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comodo Attempting to Register 'Let's Encrypt' Trademarks, And That's Not Right (letsencrypt.org)

Posted by msmash on from the calling-dibs-with-money-power dept.

Let's Encrypt is a nonprofit aimed at encrypting the entire web. It provides free certificates, and its service is backed by EFF, Mozilla, Cisco, Akamai and others. Despite it being around for years, security firm Comodo, which as of 2015, was the largest issuer of SSL certificates with a 33.6% market share on 6.6% of all web domains, last year in October filed for the trademark Let's Encrypt. The team at Let's Encrypt wrote in a blog post today that they have asked Comodo to abandon its "Let's Encrypt" applications, directly but it has refused to do so. The blog post adds: We've forged relationships with millions of websites and users under the name Let's Encrypt, furthering our mission to make encryption free, easy, and accessible to everyone. We've also worked hard to build our unique identity within the community and to make that identity a reliable indicator of quality. We take it very seriously when we see the potential for our users to be confused, or worse, the potential for a third party to damage the trust our users have placed in us by intentionally creating such confusion. By attempting to register trademarks for our name, Comodo is actively attempting to do just that. Update: 06/23 22:25 GMT by M :Comodo CEO has addressed the issue on company's forum (screenshot).

80 of 120 comments (clear)

  1. Why the Hell didn't Let's Encrypt register it?! by mrchaotica · · Score: 4, Insightful

    If you don't want somebody else to use a trademark, register it for yourself!

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    1. Re:Why the Hell didn't Let's Encrypt register it?! by K.+S.+Kyosuke · · Score: 4, Funny

      Well, they can still register the Yrg'f Rapelcg! trademark...

      --
      Ezekiel 23:20
    2. Re:Why the Hell didn't Let's Encrypt register it?! by Anonymous Coward · · Score: 1

      They don't want the burden of enforcing it, though now they are basically required to do so anyway.

      Thanks Comodoodoo!

    3. Re:Why the Hell didn't Let's Encrypt register it?! by zuckie13 · · Score: 5, Interesting

      Well, for one, they don't have to to be the owner of it. In the US, it's first to use, not first to register. It's pretty clear they have been using it well before this application was submitted - an application that says it's not in use by that company yet. I'd love to hope that the trademark office will just reject it, but they'll probably drag this out.

    4. Re:Why the Hell didn't Let's Encrypt register it?! by Junta · · Score: 1

      I am not a lawyer but I did google for a few seconds...

      It looks like to register a *Trade* Mark, you have to be using it in commerce. Let's encrypt not having any financial anything going on can't say their stuff is in commerce, even if they want to.

      Secondly, in "Let's Encrypt", it only had value in the first place if it had taken off. If it hadn't taken off, then there would have been no point in 'defending' the name (also, no one would really want it). It did take off, and as such it is so well known *specifically* in this area that their application should be rejected, as 'common law' recognizes unregistered marks if they are relevant and prominent.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    5. Re:Why the Hell didn't Let's Encrypt register it?! by PCM2 · · Score: 3, Interesting

      That "burden" can be as onerous as having a lawyer write a letter, which it sounds like they had to do anyway. If Comodo went ahead with using their mark after receiving said letter, they would then be in the exact situation they are in now -- only they would have legal standing to enforce their mark, which presently they don't.

      "Nonprofit" shouldn't mean you can't afford to pay for basic necessities like registering your business license, paying your fire insurance, and protecting your most basic and fundamental IP (your name).

      --
      Breakfast served all day!
    6. Re:Why the Hell didn't Let's Encrypt register it?! by evolutionary · · Score: 4, Insightful

      It's a leverage game. The courts would favor Let'sEncrypt trademark (as they basically paid the government for it first). It could also be shown that in using it on such a scale it's purpose is to use Let'sEncrypt's name and in the end the group could get damages for Comodo. but first it has to pay for the lawyers to get. So it's not a matter of who is in the right, but who can use their purse strings to draw this out long enough. Our justice isn't really based on a sense of fair play, rather than whose got bling to play. Kinda like Net Neutrality. :D Hopefully Comodo decides the bad PR and litigation isn't worth it. but they might. I have little doubt they'll suggest a number (in essence blackmail) to get the domain at a "minimal fee". While it's true ideally one would register the web domain but domain != trademark. trademark wins, but only if the money exists to drag in out in court.

      --
      "Imagination is more important than knowledge" - Einstein
    7. Re:Why the Hell didn't Let's Encrypt register it?! by zuckie13 · · Score: 3, Informative

      The definition of use in commerce (my emphasis added) - right from the USPTO: For applications filed under the use-in-commerce basis, you must be using the mark in the sale or transport of goods or the rendering of services in “interstate” commerce between more than one state or U.S. territory, or in commerce between the U.S. and another country. For goods, the mark must appear on the goods (e.g., tags or labels), the container for the goods, or displays associated with the goods. For services, the mark must be used in the sale or advertising of the services.

    8. Re:Why the Hell didn't Let's Encrypt register it?! by Frobnicator · · Score: 1

      Based on the links in the story, the trademarks are still in the examination stage and have not yet been issued.

      If that is the case, Let's Encrypt can still send in forms and notify the USPTO of the conflict. They don't have much time, but if they passed along that information on their site to the patent examiner that should be enough to trigger additional investigation.

      --
      //TODO: Think of witty sig statement
    9. Re:Why the Hell didn't Let's Encrypt register it?! by phantomfive · · Score: 1

      Linux is trademarked. Plenty of non-profits have trademarks. Because of all that, I don't think you need to be having "financial things" going on in order to get a trademark.

      --
      "First they came for the slanderers and i said nothing."
    10. Re:Why the Hell didn't Let's Encrypt register it?! by tlhIngan · · Score: 3, Informative

      Based on the links in the story, the trademarks are still in the examination stage and have not yet been issued.

      If that is the case, Let's Encrypt can still send in forms and notify the USPTO of the conflict. They don't have much time, but if they passed along that information on their site to the patent examiner that should be enough to trigger additional investigation.

      Exactly - why aren't they sending a challenge to the USPTO yesterday?

      Trademarks are registered all the time. In fact, it's a public process - every new application is posted so opposition to registration can be recorded. If the Lets Encrypt folks aren't filing an opposition, (and not done so ages ago), then they're basically letting the ball drop.

      It happens all the time - plenty of companies apply for trademarks only to have them opposed during application.

      In fact, the thornier side of trademarks are marks not necessarily used in commerce - Microsoft, for example, owns two trademarks they don't use on products (NorthWinds and Contoso, I believe). Instead, they're registered so Microsoft can use them in demos and other things freely without running into any trademark issues.

    11. Re:Why the Hell didn't Let's Encrypt register it?! by mysidia · · Score: 1

      Any party who is harmed can potentially file a Lanham Act Opposition

      The problem is, You probably have to appear in person, or pay somebody to appear in person.

      Because the next step after filing opposition is a Proceeding at USPTO to resolve the Dispute between parties

      I don't know about you..... but for me travelling all the way to the USPTO in Washington D.C. would be quite a hardship.

      Not to mention all the time I couldn't be working in my job or working on improving my business or service.......

    12. Re:Why the Hell didn't Let's Encrypt register it?! by taustin · · Score: 1

      If their goal is to not have someone else trademark it out from under them, then they register it, and fail to enforce it, thus placing it in the public domain.

      If their goal is to keep anyone else from using it, then they need to register it and enforce it.

    13. Re:Why the Hell didn't Let's Encrypt register it?! by AchilleTalon · · Score: 1

      Nonetheless, it is utterly stupid to have not registered the trademark in first place given what it will cost them to oppose to Comodo in court.

      --
      Achille Talon
      Hop!
    14. Re:Why the Hell didn't Let's Encrypt register it?! by techno-vampire · · Score: 1

      Well, for one, they don't have to to be the owner of it. In the US, it's first to use, not first to register.

      I don't think so. Back in the '80s I did tech support for a small startup (long gone by now) marketing specialized software to law firms. The owner of the firm was a lawyer and he trademarked the program's name after doing a proper trademark search. About a year after we started selling, we got a Cease and Desist letter from somebody who'd been marketing a completely different, unrelated program under the same name for about ten years, but never trademarked the name. My boss replied, pointing out that they'd never bothered to trademark the name and he had, meaning that he owned the name and they didn't. He also told them that he'd allow them to continue using the name as long as they stopped bothering him and made sure that their customers knew that this was a different program. We never heard from them again.

      --
      Good, inexpensive web hosting
    15. Re:Why the Hell didn't Let's Encrypt register it?! by linuxgeek64 · · Score: 1

      NEVER use Google Translate with Latin. You'll get complete garbage almost all of the time (e.g. It used to provide "lacus non leo" for "merry Christmas," which actually means "the lake isn't a lion" and seems to come from lorem ipsum).

      Let me help you:
      Rotae iustitiae volvunt lente, sed ruminant optime.

    16. Re:Why the Hell didn't Let's Encrypt register it?! by Swave+An+deBwoner · · Score: 1

      Perhaps that's what Comodo wants to happen. They will get free endorsement of the "Let's Encrypt" term from the "Let's Encrypt" nonprofit and also from "EFF, Mozilla, Cisco, Akamai and others" who currently "back the service".

      So the Comodo product can then use the term to refer to their product(s) and ride on the coattails of the nonprofit service's good name; but no other company will be able to use that term "In Trade". Profit!

    17. Re:Why the Hell didn't Let's Encrypt register it?! by DutchUncle · · Score: 1

      Then how could various charities have trademarks? Google "nonprofit trademark" and find lots of references.

    18. Re:Why the Hell didn't Let's Encrypt register it?! by Anonymous Coward · · Score: 1

      Linux wasn't trade marked at the start. The a con-man named William Della Croce Jr. registered it as a trademark and started demanding money from distros, book publishers, etc. Despite the fact that the names is just Linus with an x at the end replacing the s, it still took about a year to get the trademark away from the slimeball in court.

    19. Re:Why the Hell didn't Let's Encrypt register it?! by Aighearach · · Score: 1

      Your theory that non-profits don't receive trademark protection is novel, and already refuted by existing precedent. Yes, public activities can be "trade" even when the underlying purpose is not profit! Wowsers, Pres., you went loco on that one.

    20. Re:Why the Hell didn't Let's Encrypt register it?! by Aighearach · · Score: 1

      All they have to do is use the mark at some point when asking for donations. If they use it in conjunction with soliciting donations, that is trade. Because of the way the activities of non-profits are defined, this means pretty much if they ever use the term, they're using it in trade.

      Technicalities might be more technical than just supposing.

    21. Re:Why the Hell didn't Let's Encrypt register it?! by ragahast · · Score: 1

      Yeah, exactly, if you don't seek government-enforced monopolies you're actually the bad guy.

      --
      .:Semper Absurda:.
    22. Re:Why the Hell didn't Let's Encrypt register it?! by ragahast · · Score: 1

      Not to mention all the time I couldn't be working in my job or working on improving my business or service...

      Exactly, it's a transparently anti-competitive operation. The CEO's forum post tacitly admits as such. I don't get what's with all these people here saying that if you haven't sought to have the government enforce monopolies on your behalf, you're actually the bad guy.

      --
      .:Semper Absurda:.
    23. Re:Why the Hell didn't Let's Encrypt register it?! by mysidia · · Score: 1

      What's even more bizarre is seeing executives of Comodo claiming LetsEncrypt Stole their business model.

      Apparently Comodo was the first to issue 90-day Free SSL Certificates, So any future CA who does that is stealing Comodo's business model.

      Doesn't make sense to me. a Key difference with LetsEncrypt, is the 90-Day certificates can be Renewed Indefinitely.

      With Comodo, the 90-Day issuance is an Evaluation/Trial per Domain name, and you cannot renew after the 90 days without paying.

  2. Remove Comodo CA by Anonymous Coward · · Score: 5, Insightful

    Comodo proved themselves that are not trustwordy.

    1. Re:Remove Comodo CA by Anonymous Coward · · Score: 3, Insightful

      Comodo proved themselves that are not trustwordy.

      If they are untrustworthy in this respect, can they be trusted to perform due diligence when issuing certificates? After all a CA is supposed to be a "Trusted Third Party". If a CA shows itself not to be trustworthy, then maybe the browser suppliers should remove them from the (default) list of trusted CAs.

    2. Re:Remove Comodo CA by HiThere · · Score: 1

      If I understand what I'm seeing correctly, Firefox doesn't mark them as trusted, but it's not clear to me why they are grouped together with AddTrust, which is trusted. And a simple search says it is "powered by Comodo". Does this mean that they should also be untrusted?

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    3. Re:Remove Comodo CA by flopsquad · · Score: 4, Insightful

      Read their CEO's asinine post. I will never use a Comodo product. Asshats are one thing, but asshats who abuse the IP system and counter-blame the victims of their asshattery really grind my gears.

      --
      Nothing posted to /. has ever been legal advice, including this.
    4. Re:Remove Comodo CA by iggie · · Score: 1

      Yeah, that's a lot of punctuation. Why do they have a pre-teen for a CEO?

    5. Re:Remove Comodo CA by lucm · · Score: 1

      I buy certificates from them for $5/year. It's hardly blood-sucking. The competition sells the same thing for 10x more.

      --
      lucm, indeed.
    6. Re:Remove Comodo CA by lucm · · Score: 1

      But you're ok with Apple, who sent the swat to break into a reporter's home after he gave them back the new iPhone an Apple employee left in a bar?

      --
      lucm, indeed.
    7. Re:Remove Comodo CA by apraetor · · Score: 1

      That's more a problem with the police than with Apple though, isn't it? Not that Apple was right in requesting such action, but the police never should have consented, regardless. Hitmen still get charged with murder, AFAIK.

    8. Re:Remove Comodo CA by flopsquad · · Score: 1

      1) Apple does not have the power to send a SWAT team to do anything. Even with hundreds of billions in net worth, they are not a paramilitary force, and are not in the chain of command of any law enforcement organization that would have jurisdiction over that reporter's house. Apple asked law enforcement to investigate someone with photographic evidence of, and admitted $5000 payment for, an unreleased prototype device that they ought not to have. A judge issued a warrant (which may or may not have been overbroad, considering 1A protections for journalists), and law enforcement took that warrant and acted on it, effecting a judicially authorized search and seizure.

      2) I vehemently disagree with the militarization of police departments nationwide, and the misuse SWAT forces. I can't state strongly enough that military equipment and tactics are far overused by police, and that this overuse in concert with a warzone/enemy combatant mentality is an existential threat to our free and democratic way of life.

      That said, sending SWAT to investigate Jason Chen's house would seem to be unnecessary and over the top, when a few detectives would've sufficed. However:

      a) I went back through a bunch of articles from that era and can't verify that SWAT was even present.

      b) Let's assume SWAT was there. Because nobody answered the door (Chen wasn't home), the cops had to break the door down to perform their search. Leaving aside the necessity of breaking down doors in the first place (I suppose we could tell cops to just keep coming back again and again, and maybe someday be able to serve their warrant if the suspect isn't purposely staying away or staying silent when they come knocking), I presume it's common practice when forcibly entering a dwelling to have the right people and equipment for the job, meaning SWAT. People in their homes who are faced with a sudden and violent incursion are liable to shoot at you. So it makes sense to have the team with the body armor, battering ram, and breach training do the entry, rather than have Barney Fife and Ponch kick the door down and maybe get themselves and the inhabitant killed.**

      If you have evidence that Apple illegally influenced or even encouraged the investigating REACT unit to use more force than was necessary, as a way of "scaring" Chen or other journalists, please provide. That would absolutely qualify as "asshattery", at a minimum...

      3) I was specifically talking about abuse of the intellectual property system. Not that I would overlook if a company was using blood diamonds to fund terrorist activities in their illegal toxic waste dump. But what you're talking about is not misusing IP protections. It's investigating suspected theft of a physical item and related felonies. Police usually go and check those kinds of things out, even when the person returning the item says, "I bought it from a guy who found it in a bar, honest!"

      tl;dr - Apple is certainly not above criticism, and has surely engaged in some IP shenanegans (instances of trademark enforcement overreach come to mind), but your example is inapt.

      ** Yes, SWAT has been known to kill people and their pets, which makes me furious. IIRC most of that stems from no-knock, middle of the night raids. I would be in favor of extreme limitations on those kinds of raids, reductions in the use of SWAT generally, and elimination of military equipment like M-79s and MRAPs. But I don't think there's any way to get around it: police will from time to time need to force entry into a building, and SWAT is the correct choice to do it.

      --
      Nothing posted to /. has ever been legal advice, including this.
    9. Re:Remove Comodo CA by thegarbz · · Score: 1

      Apple don't send SWAT anywhere.

    10. Re:Remove Comodo CA by david_thornley · · Score: 1

      The reporter had admitted, in a public document, to selling expensive stuff that wasn't his. That's a pretty serious crime. Have you ever tried committing a serious crime and publicizing it widely? I wouldn't be surprised if the police paid you a visit.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    11. Re:Remove Comodo CA by lucm · · Score: 1

      It was not the regular police, it was a special task force funded in part by big IT companies, including Apple.

      --
      lucm, indeed.
    12. Re:Remove Comodo CA by lucm · · Score: 1

      http://www.zdnet.com/article/g...

      It's called the REACT team.

      --
      lucm, indeed.
  3. Re:US gun ban by ledow · · Score: 1, Offtopic

    And antivirus stops all viruses.

    And medicines cures all illnesses.

    How many MASS shootings? Much less.
    How many shootings in general? Much less.

    Go learn statistics, some HUNDREDS of times more shootings in the US.

  4. Given history, Comodo should use "Let's Infect!" by BenJeremy · · Score: 5, Interesting

    PrivDog, Chomodo, hacks, and issuing certs to malware, Comodo is one company I'd steer clear from in any case.

  5. Re:Given history, Comodo should use "Let's Infect! by PatientZero · · Score: 4, Interesting

    Who is authorized to certify the Certification Authorities, and what would it take to finally have Comodo's cert revoked?

    --
    Freedom to fear. Freedom from thought. Freedom to kill.
    I guess the War on Terror really is about freedom!
  6. Drop Comodo CA by Anonymous Coward · · Score: 3, Insightful

    With everything Comodo has done, or not done, that should have gotten them removed, maybe we should push to have the Comodo CA certs dropped from the products and platforms of sponsors "EFF, Mozilla, Cisco, Akamai and others".

  7. Social media backlash by nut · · Score: 1

    Comodo have facebook pages, twitter, accounts, contact forms on their website and email addresses. Go and tell them what you think of this.

    --
    Never trust a man in a blue trench coat, Never drive a car when you're dead
    1. Re:Social media backlash by Frobnicator · · Score: 1

      Nothing like a steady stream of 1-star reviews on social media to bring to action.

      --
      //TODO: Think of witty sig statement
    2. Re:Social media backlash by Esteanil · · Score: 1

      Nothing there yet.

      Here, let me make it easy for you guys:

      https://www.facebook.com/ComodoHome/?fref=nf

      --
      I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
  8. Re:Comodo Shady Ass Sales by gmack · · Score: 2

    Not surprising coming from a company that trolls other SSL Certificate Authorities and tries to steal their customers. Everytime my GoDaddy certs are up for renewal, these bitches from Comodo start calling and telling me how much money they can save me.

    That's nothing, they called me and tried to get me to switch away from their own resellers.

  9. Re: Given history, Comodo should use "Let's Infect by Anonymous Coward · · Score: 1

    Web browser makers "authorize" certificate authorities by accepting money from the CA to include their public keys in the web browser.

    OS makers also can authorize CAs for code signing by including their public keys in the OS.
    (I believe Java, being platform agnostic, has its own code signing methods separate from the OS it can run on)

    So just convince Google (chrome), Mozilla (Firefox), and Microsoft (IE/Edge) to stop accepting Comodo's tens of thousands of dollars each year and no longer include their CA public key.

    Good luck :P

  10. Can't trademark if the mark is already used by LetterRip · · Score: 3, Informative

    In the US if you use a trademark, you own the the trademark even if you haven't registered it. Since it is already being used in commerce for that mark, the application shouldn't be successful and can be challenged in the courts if it is granted.

    1. Re:Can't trademark if the mark is already used by mysidia · · Score: 1

      They can't exclude LetsEncrypt from Using it, BUT They might be able to stop LestEncrypt from trademarking it.

      Their planned disruption could be not to get the Trademark, but to start using the name for something disreputable.

      Stop LE from getting their mark AND dilute the name by intentionally abusing it.

    2. Re:Can't trademark if the mark is already used by Sax+Russell+5449D29A · · Score: 3, Interesting

      They're most likely just trying to prevent Let's Encrypt from entering the commercial arena of issuing TLS certificates by creating legal barriers. Let's Encrypt's popularity is soaring and they're quickly capturing the low-end markets with minimal trust and identification requirements. They might see a possibility that Let's Encrypt might some day become a big player and thus a major competitor to COMODO.

      --
      -SR
    3. Re:Can't trademark if the mark is already used by taustin · · Score: 1

      Have they consistently - every time - claimed a trademark on it? And enforced that claim consistently? If not, then they have no enforceable claim to it.

      They do, however, have an enforceable right to keep using it if they were before the application from slimebags was filed.

  11. Let's Stop Trusting Comodo by mysidia · · Score: 1

    How does that tagline sound?

    1. Re:Let's Stop Trusting Comodo by GioMac · · Score: 1

      That's a good idea and easy to do, I won't buy anything from Comodo from on now.

      --
      "It feels like I'm at the Zoo when reading this thread - I'm frightened, but it's interesting" (c)
    2. Re:Let's Stop Trusting Comodo by mysidia · · Score: 1

      I was thinking more along the lines of requesting that Browsers drop their CAs' from the Trust store for reasons along the line of Bad Faith behavior / Attempting to fraudulently or deceptively appropriate the names of other organizations in a manner unbecoming of a Trusted Authority or ID certification agency.

  12. Seen this so many times by Sax+Russell+5449D29A · · Score: 1

    This is like the Linux trade mark wars all over again. There's always some sleazy company trying to benefit from people's good will.

    --
    -SR
  13. Software providers by DrYak · · Score: 1

    Who is authorized to certify the Certification Authorities,

    The software provider that provided the list of root certificate that your browser uses.
    Depending on your setup, it's either your OS provider...
    (e.g.:
    - Windows has a list of root certificates that are considered legit.
    - Most Linux distribution also pack such a list some where in /etc/ssl/certs or /var/lib/ca-certificates/pem) ...or your browser's provider.
    (e.g.:
    - Firefox comes with its own list of root certificates)

    and what would it take to finally have Comodo's cert revoked?

    If the software provider decides that Comodo is not trustworthy, all of the above players can push an update and not include its certificate in the new updated list.
    (e.g.: Microsoft periodically pushes a security update called "Root Certificates".
    And sometimes, on some new versions, Firefox ships with a new modified list)
    This has happened already with some of China's certificate which were used in MITM attack to spy on their citizens.

    Firefox has also a faster way to directly issue warnings and potential revocation without even waiting for an update. (OneCRL)
    I have no idea about edge.
    I suspect that chrome has some similar approach, which probably require you to pipe every single visited URL to some cloud processing server to attest if safe or not.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  14. Hence the trademark by DrYak · · Score: 5, Insightful

    Someone needs to show paying Comodo customers how to use Let's Encrypt to renew their certs for free.

    I think that's the reason why Comodo is trying to own the Let's Encrypt name....

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  15. Re:US gun ban by NoImNotNineVolt · · Score: 1

    Is knifing four or more people in one incident worse than knifing one person in each of four incidents? If so, why? If not, why do you draw a distinction?

    --
    Chuuch. Preach. Tabernacle.
  16. Comodo carved by Moxie Marlinspike by epine · · Score: 2

    Moxie Marlinspike tells a story about Comodo at BlackHat 2011

    The bit at 8m22 is priceless.

    Comodo founder:

    This [attack] was extremely sophisticated and critically executed. It was a very well orchestrated, very clinical attack, and the attacker knew exactly what they needed to do and how fast they had to operate.

    The hacker turns out to be a script-kiddie who got the technique from an introductory hacking video.

    Comodo continues to embarrass themselves as the story unfolds, with their CEO finally complaining that all this wouldn't be a problem if man-in-the-middle wasn't possible. Huh? Aren't you in the business of selling the solution to the MITM problem?

    What happened to Comodo? Nothing. Their business didn't suffer, they didn't lose customers. In fact, the only thing that happened was that their CEO was named "entrepreneur of the year" at RSA 2011.

  17. Why does Comodo even still exist? by ilsaloving · · Score: 3, Interesting

    How is it that they haven't had their issuer's license revoked already? They've already been found wanting as a cert provider, since they seem to have no qualms about issuing fraudulent certificates.

    And now they're trying to fraudulently use someone else's trademark?

    How much more fraud will they be allowed to perform before someone gives them a serious slap?

    Oh, wait, what am I thinking... This is the US. As long as their shareholders are happy they could rape, pillage and burn entire towns and no one would care.

    1. Re:Why does Comodo even still exist? by QuietLagoon · · Score: 1

      ...They've already been found wanting as a cert provider,...

      I've seen Comodo certs on sites like Comcast's site login.comcast.net. It appears that Comodo has gotten its fingers deep into our infrastructure.

    2. Re:Why does Comodo even still exist? by mtrachtenberg · · Score: 1

      After reading their CEO's reply in the update, I'd suggest they try to register the trademark "90." It's their business model. Or maybe they should trademark "FREE!"

  18. I stopped using Comodo by QuietLagoon · · Score: 1
    I stopped using Comodo for my SSL certs when I read about their MitM attacks using SSL certs. To me, it appears that they are not a suitable vendor for anything security related.

    .
    This Let's Encrypt fiasco is just another example of how low Comodo's business practices really are.

  19. Re:US gun ban by lordholm · · Score: 2

    Yes, it would likely stop a lot of shootings, but obviously not all of them.

    Murder rate US: 3.9 / 100k
    There is only one place worse in the EU: Lithuania with a whopping 5.5 / 100k, on average the EU is a lot less than the US.

    Taking the listed countries you end up with the following.
    Austria: 0.5
    Belgium: 1.8
    France 1.2
    UK 1.0
    Germany: 0.9

    All which are significantly lower than the average of the US.

    --
    "Civis Europaeus sum!"
  20. Don't do business with orgs that treat us badly. by jbn-o · · Score: 1

    Given how unprincipled /. moderators are (see any thread about whether a /. moderator will pay to see the next Star Wars movie and keep in mind Disney's behavior on DRM and copyright term extension, for instance), I'd say you're sadly in the minority. Cases like this are ample reason to refuse to do business with organizations that treat us badly, but /. moderators became far more concerned with convenience at any price.

    --
    Digital Citizen
  21. Horrible statement by Wuhao · · Score: 4, Informative

    I actually didn't really want to read too deeply into this when the article first came up. I figured it could be a thorny issue and that maybe Comodo had previously used "Let's Encrypt" in marketing somewhere prior to the free campaign. Then I read their CEO's statement, and it's pretty clear that he just plain feels threatened and he acts as if he invented the concept of a 90-day free trial. I can certainly see where he could be losing money; but I guess as an onlooker, if someone can come along and take your money that way, your position was pretty weak in the first place.

    So I guess I'd say I now feel that attempting to register this trademark seems pretty abusive, and the person who convinced me of that was Comodo's CEO in his post on his company's forums.

    1. Re:Horrible statement by CronoCloud · · Score: 1

      Ditto. After reading his comment I was thinking:

      "You and your company are being jerks....stop it."

      Though the only Comodo product I use is their free s/mime e-mail cert. I used to get them from thawte, but they stopped doing it.

    2. Re:Horrible statement by deniable · · Score: 1

      It's funny that he treats "Let's Encrypt" as a legitimate business. His lawyers just face-palmed.

    3. Re:Horrible statement by Waccoon · · Score: 1

      he acts as if he invented the concept of a 90-day free trial

      He apparently thinks of it in the same way as a design patent:

      "Of course it's a new invention! We invented the 90-day free trial... for an ssl."

    4. Re:Horrible statement by KiloByte · · Score: 1

      as if he invented the concept of a 90-day free trial

      There's a bit of difference between an one-time evaluation that can't be extended, and an automated repeated process that continually renews certs.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  22. 90 by mjtrac95570 · · Score: 1

    After reading the post by Comodo's "leader," I'd suggest that Comodo abandon "Let's Encrypt" before a court shames them. If the jackass wants a trademark, I'd suggest he try to register "90."

    1. Re:90 by Zaelath · · Score: 1

      That guy is a embarrassment.

      The very idea that a CEO would respond in an online forum about this kind of thing is ridiculous. To make such a poor argument, on top of the poor judgement to even comment, is inexcusable.

      Gavin Belson would be the only "person" I'd expect to do this.

  23. Re:Given history, Comodo should use "Let's Infect! by bill_mcgonigle · · Score: 2

    PrivDog, Chomodo, hacks, and issuing certs to malware, Comodo is one company I'd steer clear from in any case.

    Shit, Namecheap still uses them for their resold SSL certs. If Namecheap doesn't have another option next time I need to renew one, I'm going elsewhere. That would be a pain, but I'm officially done with Comodo after this - seven strikes and I'm stupid for not calling you out on three.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  24. Let's Encrypt by strstr · · Score: 1

    Its like a piece of art. Let's Encrypt made their art, put it out there, and then came along the bully trying to steal the art of the project Let's Encrypt. The question here is, if someone else made the art and Comodo had nothing to do with it, how could they come in and claim ownership of some part of the art? Under the 1st amendment someone else made that art. Should we not honor the ownership and creator of that art? Should we not have a mechanism to stop Comodo from attempting to steal ownership of the art?

    Now the CEO had a funny comment about how Lets Encrypt was copying Comodo's business model of 90 day free certs but, really that's not the case. When you create a product you tend to try to make one that is comparable or better to existing products in this case they matched their competitors product so as to avoid not creating a deliberately inferior product people wouldn't want.

    obamasweapon.com

  25. Re:Given history, Comodo should use "Let's Infect! by Fnord666 · · Score: 1

    Who is authorized to certify the Certification Authorities, and what would it take to finally have Comodo's cert revoked?

    In your software and/or browsers, you are the ultimate authority. Don't like Comodo? Remove their root cert from your trust store.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  26. Comodo is dropping it now by InvisiBill · · Score: 4, Informative
    In the linked forum thread, from robinalden (Comodo Staff):

    With LE now being an operational business, we were never going to take the these trademark applications any further. Josh posted a link to the application and as of February 8th it was already in a state where it will lapse.
    Josh was wrong when he said we’d “refused to abandon our applications”. We just hadn’t told LE we would leave them to lapse.
    We have now communicated this to LE.

  27. Re: Given history, Comodo should use "Let's Infect by roca · · Score: 1

    Browser vendors don't get paid by CAs. If you have evidence that they get tens of thousands of dollars a year from Comodo, present it.

  28. Voting with my feet by hyades1 · · Score: 1

    I've used Comodo's firewall for years. I have now removed it from all but one computer, which I don't use all that much anymore. When I am assured that Comodo has, in fact, abandoned its efforts to steal "Let's Encrypt", I'll go back. I like their firewall, and it will hurt to go through all the little adjustments that get the replacement (Kaspersky Internet Security) working exactly the way I like.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  29. Why didn't Comodo go with Free SSL trademark? by mimino · · Score: 1

    Some stats from the CEO's first post:
    Free SSL: mentioned 9 times, 7 of them in one paragraph;
    Comodo: only 3 times

    Seems they should leave Let's Encrypt alone and go with Free SSL instead.

  30. Re:Comodo Shady Ass Sales by Zaphon · · Score: 1

    Agreed, they just called one of my employees 2 days ago. He was like "Comodo is calling about XYZ.com's cert expiring, we need to renew it" and I was like "That's cute, we buy our certs from GoDaddy." Then he was like yeah, but they are cheaper, 5 years for $499 and I was like "That's interesting, 39 months is the max time a cert can be issued for since 2015, tell them to go pound sand." Seriously, Comodo can go die in a fire. They even tried to tell him that we are getting our GoDaddy certs from Microsoft (as if it's a bad thing, we're an Azure shop using Microsoft technologies for everything we do, despite as far as I know it being a completely false statement). *shrugs*

  31. Mozilla doesn't get paid, but the auditor does by tepples · · Score: 1

    Browser vendors don't get paid by CAs.

    I just read Mozilla's CA inclusion policy, and you appear correct. The browser maker doesn't get paid; the auditing firm "with access to the details of the subordinate CA’s internal operations" gets paid.