
Comodo CEO Forum Post on Lets Encrypt Trademark - LukeB_UK
https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/shame-on-you-comodo-t115958.0.html;msg837411#msg837411
======
markbao
I'm cancelling my Comodo certs today. It's scary that this is the largest CA
in the world.

Sibling comments have brought up some good points about the baseless claims in
this post. The CEO also quotes this Let's Encrypt blog post on "Why 90 Days":

> _" Ninety days is nothing new on the Web. According to Firefox Telemetry,
> 29% of TLS transactions use ninety-day certificates. That’s more than any
> other lifetime"_

> _so whose certs are these? Of course Comodo 's!!! So they are admitting they
> are copying our innovation of 90 day free ssl certs!_

So is the CEO saying that 29% of TLS transactions on the web are on sites
which use Comodo's 90-day _free trial SSL certificates_ , probably used on
sites with the least traffic on the web? That at _any one time_ , 29% of TLS
traffic is over an unrenewable 90-day trial cert? Huh, seems implausible for
some reason!

\----

The post right above is also misinformed as well:

> _From a legal standpoint (ISRG) should have trademarked this when they
> started using it publicly in November of 2014. There negligence to have done
> so is why this debate is happening. Then they want to cry foul because of
> their failure to follow the simplest of product protections. Registering
> your trademarks. The one who is in possession of the registered trademark is
> the owner, and that is the law._

Correct me if I'm wrong, but "from a legal standpoint," there has to be
evidence of use in commerce before a trademark can be registered, and it's
crystal clear that Comodo did _not_ use "Let's Encrypt" in commerce, and it's
also crystal clear that ISRG _did_.

~~~
mindcrime
Even more, you gain a trademark simply by using a mark in, well, trade
(commerce). It isn't required to register a trademark in order to have the
trademark, or to be able to protect it. Yes, your case is _stronger_ if it's
registered, but registration is not required.

[http://www.uspto.gov/learning-and-resources/trademark-
faqs#1...](http://www.uspto.gov/learning-and-resources/trademark-faqs#1967)

 _Federal registration is not required to establish rights in a trademark.
Common law rights arise from actual use of a mark and may allow the common law
user to successfully challenge a registration or application._

~~~
ryanobjc
Very good point, trademarks are established by using them. The Comodo CEO
should know this aspect of law.

I bet his general council is screaming at him right now. This could be used as
evidence of malfeasance or general character issues.

------
zackboe
He states "We invented the 90 day free ssl. Why are they copying our business
model of 90 day free ssl is the question! Comodo has provided and built a Free
SSL model that give SSL for free for 90 days since 2007!"

I was curious because I had never heard of anyone providing free SSL other
than StartSSL before Let's Encrypt (and Amazon).

It's a trial. No free renewals, manual or automatic.

"Free SSL certificates are valid for 90 days and are limited to one issuance
per domain."

[https://www.comodo.com/e-commerce/ssl-certificates/free-
ssl-...](https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-
certificate.php)

~~~
eeeeeeeeeeeee
He's either being disingenuous or he's terribly misinformed about how things
work. Either one is unacceptable for the CEO of a major certificate provider.

Also, I feel even better about dropping ALL of my Comodo certs and switching
to Lets Encrypt. I can't wait to never have to go to the Comodo website again.

~~~
jsmeaton
> He's either being disingenuous or he's terribly misinformed

He's trying to register the Lets Encrypt trademark and deflecting with "but
they didn't so we can". I don't think there's a question of being
disingenuous.

------
mythz
> When Lets Encrypt copied Comodo's 90 day free ssl business model, we could
> not protect it. Lets encrypt could have chosen 57 days, 30 days or any other
> number for the lifetime of their certificates. But they chose to use
> Comodo's 90 day Free SSL model that we established in the market place for
> over 9 years!!!

He's being disingenuous and intentionally misleading when he's trying to
suggest LetsEncrypt stole their 90 day free SSL Cert business model as some
kind of justification for his shady behavior of stealing someone else's
trademark.

LetsEncrypt offers free SSL Certs _forever_ , their short 90 days lifetimes is
for added security of short duration of SSL certificates and to encourage
certificate renewal automation. It has absolutely nothing to do with Comodo's
freemium business model as he's trying to imply. I'd imagine he's fully aware
of LetsEncrypt "always free" certificates since he's trying to steal the brand
and goodwill that they've created. So his justification isn't anything more
than a disingenuous PR stunt to cloud the issue behind his attempted brand
theft.

------
kevinsimper
It is hilarious that he has to declare that "Comodo" is the good guys, while
they are trying to trademark a term that they have never used! Oh the irony!

And that the CEO compares 90 days TRIAL to a 90 days unlimited renewals and
thinks it is the same is just a sign on how big of a defeat they are facing!

------
gregmac
Obviously this whole thing is a reaction to the Let's Encrypt threat, which is
that basically all simple certs (which are probably the vast majority of the
market) are going to $0 cost.

What I don't get is what they hope to achieve? At best, if they were to win,
there are two possible outcomes:

1: Let's Encrypt renames itself to something else, and continues issuing
certificates.

2: Let's Encrypt folds, and a dozen clones pop up to take its place.

Either way, the simple certificate market still goes to $0.

Whether they win or not, they've managed to piss off the tech community (as in
the people that obtain and install SSL certificates). We see this petty and
futile move for what it is, and now on top of that, their CEO has shown they
are basically at GoDaddy levels of sleazy, and has only reinforced to anyone
paying attention to this that they do not want to be doing business with this
company.

~~~
golergka
HN, reddit and other places where people're being upset over this is a tiny
portion of the "tech community" and people who're obtaining SSL certificates.
You would be surprised how little a lot of people working in the industry care
about news like this.

~~~
markbao
Why does it matter that few people care about news like this? Even if few do,
it still affects them.

------
mholt
> since we are talking about protecting intellectual property, there is no law
> protecting business models. When Lets Encrypt copied Comodo's 90 day free
> ssl business model, we could not protect it. Lets encrypt could have chosen
> 57 days, 30 days or any other number for the lifetime of their certificates.
> But they chose to use Comodo's 90 day Free SSL model that we established in
> the market place for over 9 years!!!

That is not a business model. Besides, Google has been doing that for years
now[1]. If this is in the name of justice in defending their business model,
they should go after Google too.

Comodo has no innovation here.

> What they have is nothing new. We have been giving 90 day free certificates
> since 2007.

ACME is entirely new and original. It's even an open protocol, they themselves
could implement it and gain a wider customer base! Why let LE be the only ACME
CA?

Also their 90-day free certs don't renew for free.

> Actually consumer are less safe with their certificate because if it is used
> maliciously they don't revoke (Unmanaged)!

Unmanaged but 100% automated, which is 100% more than they can say. Automated
processes are more standardized and more quickly executed than manual, managed
ones. Also LE has proactively revoked several abused certificates[2] and has
NOT broken browser security with bad extensions nor issued fraudulent
certificates[3] as Comodo has.

> Lets get the facts right guys! We are the good guys that have been giving
> free SSL certificates since 2007 and managing them!

Sigh. CAs need to be working together at a time like this, not abusing trust
and slinging mud.

Related discussion on LE forums: [https://community.letsencrypt.org/t/about-
the-defending-our-...](https://community.letsencrypt.org/t/about-the-
defending-our-brand-post-regarding-comodo-behaviour/17312?u=mholt)

[1]:
[https://twitter.com/sleevi_/status/746099416864591873](https://twitter.com/sleevi_/status/746099416864591873)

[2]:
[https://community.letsencrypt.org/c/incidents](https://community.letsencrypt.org/c/incidents)

[3]:
[https://news.ycombinator.com/item?id=11962371](https://news.ycombinator.com/item?id=11962371)

~~~
rhizome
That guy is a real piece of work. Is the CA industry generally populated with
that kind of personality? He sounds like he runs a payday loan store.

~~~
cmdrfred
Rent seekers tend to be like this in my experience. This is how you stay alive
if you lack the ability to innovate.

------
MichaelGG
How can someone so clueless be CEO of Comodo? Is he not aware how utterly and
completely terrible he sounds? Pretending 90 day certs are a "business model"
they invented? And that first to trademark is some sort of accomplishment?

If Comodo didn't have such a terrible reputation, I wouldn't believe this to
be the actual CEO.

~~~
simbalion
After meeting a few CEOs of large corporations it's clear that being
intelligent or knowledgable about their industry is not their primary
attribute. Rising to that sort of position has more to do with social
networking ability and how well you perform in the theater of the corporate
officeplace.

------
bllguo
> Lets get the facts right guys! We are the good guys that have been giving
> free SSL certificates since 2007 and managing them!

Rarely are self-proclaimed titles worth anything; I don't think this is any
exception.

I think it's particularly laughable he calls 90 day Free SSL a business model.
Or when he implies making it some other number of days would have been
acceptable to him.

------
tlrobinson
I like how the CEO links to Let's Encrypt's post explaining the technical
reasons for 90 day certificates [1], yet still thinks Let's Encrypt (a _non-
profit_ ) "copied" their "business model" of offering free trial certificates.

1\.
[https://letsencrypt.org/2015/11/09/why-90-days.html](https://letsencrypt.org/2015/11/09/why-90-days.html)

------
Alupis
I wanted to post a rebuttal to the CEO's statements, however Comodo seems to
not be approving new forum registrations today.

So, not only is Comodo living in a warped sense of reality, but they are not
allowing any discussion to take place on their forums regarding this issue.

The CEO of Comodo likely knows the statements are highly delusional. I
speculate they are driven by the intense fear of Let's Encrypt taking off in
storm, driving a mass exodus of Comodo's paying customers.

Whether or not that's how reality will play out, I suppose we shall see.
Instead of trying to adapt, Comodo's response is to try to squash it before it
has a chance.

> We are the good guys

Sure you are...

~~~
ctpide
Lucky that we have other places than their own forum to raise awareness and
reach out to them (twitter, Facebook, LinkedIn, etc):

[https://www.facebook.com/ComodoHome/](https://www.facebook.com/ComodoHome/)
[https://twitter.com/comododesktop](https://twitter.com/comododesktop)
[https://www.linkedin.com/company/comodo](https://www.linkedin.com/company/comodo)

------
LukeB_UK
Snapshot in case it changes:
[https://archive.is/GQumf](https://archive.is/GQumf)

~~~
viraptor
Great. I keep checking from time to time - someone who understands reality is
bound to talk to the CEO soon.
[https://www.comodo.com/about/leadership.php](https://www.comodo.com/about/leadership.php)
is at the moment a list of people who all have a good reason to tell Melih to
STFU.

If the post is not taken down soon, Comodo is beyond any help...

~~~
woodman
Anytime I see this kind of personality, a self promoting businessman, get
pissy on the internet - I cross my fingers and hope for another Ocean
Marketing. This and cat pictures is to the internet what apple pie is to
America :)

~~~
zodiakzz
You will like this from last week then:
[https://www.reddit.com/r/SubredditDrama/comments/4off3j/srd_...](https://www.reddit.com/r/SubredditDrama/comments/4off3j/srd_mod_raises_public_concern_about_3rd_party/)

~~~
woodman
Reddit is more of a high fructose corn syrup traincar than an apple pie.

------
kstrauser
> We invented the 90 day free ssl.

Utter jackassery. I'm adding Comodo to my semi-permanent "never-do-business-
with" list along with GoDaddy and Best Buy.

------
boot13
Wow. So much wrong with that. I was already planning to switch from Comodo to
LE for one client, but now I'm going make sure none of my other clients are
using Comodo certs. Sorry, Comodo, but you're just hastening your demise with
this kind of behaviour.

------
vehementi
That needs to be cross posted to r/cringe, I can barely read through his
embarrassing posts.

------
nlh
What's even worse is one of the original posters on that thread ('sAyer' \- a
self-proclaimed paralegal)

> _From a legal standpoint (ISRG) should have trademarked this when they
> started using it publicly in November of 2014. There negligence to have done
> so is why this debate is happening. Then they want to cry foul because of
> their failure to follow the simplest of product protections. Registering
> your trademarks. The one who is in possession of the registered trademark is
> the owner, and that is the law._

That is just deeply, totally, entirely wrong as far as the USA goes. I'm going
to give this person the benefit of the doubt and just assume there's some i18n
misunderstanding going on here, but in the USA, registration is a formality
that's simply not required to afford trademark protection.

~~~
ajdlinux
Pretty sure it's similar across basically all common law jurisdictions (not
sure about civil law).

------
jsmeaton
Response boils down to "they didn't do it so we're legally allowed to". But
WHY are you trying to Trademark that name other than to harm the Lets Encrypt
business? If there's any other answer than harm towards Lets Encrypt I'd
really like to hear it.

Despicable.

------
gelatocar
How come this keeps getting flagged and has dropped off the front page?

------
JohnTHaller
Comodo: Creating Distrust Online

I think we should all begin using this on social media. It's a play on their
official "Creating Trust Online" tagline.

Maybe #CreatingDistrustOnline or #DistrustComodo

------
criddell
I really hate that his response is that the EFF should either use their scarce
resources to fight them in court or else give up. I wonder if he kicks puppies
in his spare time?

------
curun1r
Does anyone else find it humorous that this is happening between two CAs? It's
always seemed to me that certificates (when combined with DNS) are almost the
technical implementation of trademarks...proof of ownership over a name to
prevent confusion on the part of consumers.

What's happening here is basically the legal equivalent of Comodo applying for
a certificate for letsencrypt.org and claiming that it's okay because the
people behind letsencrypt.org never did.

------
vemv
So, they want to copyright the number 90 as well? haha.

~~~
russdill
Don't you see! Innovation! Everyone's heard of 90 day free trials sure, but
don't you see, it's a 90 day free trial on a computer thing! Surprised they
didn't bother with a patent.

------
chj
HN, why aren't you using Lets Encrypt already?

------
yumaikas
This is really scummy behavior on then part of Comodo. I'm glad to not have
had to do business with them. I suppose it does show how much Comodo is
threatened by ISRG in this regard. It will be interesting to see if any of the
big-corp sponsors offers to help ISRG with any legal fees that might come up,
as this presents a large PR opportunity in the vein of Newegg patent troll
fighthing.

------
thoman23
Well now we know just how threatening Let's Encrypt is to the incumbent CA
industry.

------
8rian
community.letsencrypt.org

Is secured with Comodo.

~~~
technion
The forum was put online when Lets Encrypt wasn't even a beta product and
needed a cert people could trust. It's due to expire soon.

------
serge2k
It's a 90 day free trial vs... free.

Ridiculous argument. Scummy as hell too.

------
simbalion
I've been following Let's Encrypt since 2014 and I am certain they had
trademarked the name long before these Comodo applications were filed.

------
coderdude
Good luck, Comodo. You won't find any friends here. Not that I care either
which way but I'm fairly positive I know what HN's copypastemind has decided
well before this drama sprouted. Let's Encrypt is the new SSL Jesus.

~~~
mikeash
Are you implying that you see merit in their attempt to lay claim to this
trademark?

~~~
coderdude
I'm saying that I have no claim to whatever the Hacker Nerds thinks. That I
know, a priori, what this community's census will be.

Nothing I've said actually rails against truth. Just what they want to talk
about.

~~~
mikeash
That's only interesting to say if you think the community's conclusion is
contrary to reality.

~~~
coderdude
HN's conclusion is contrary to relatity.

Added:

Pretty much always.

~~~
mikeash
So... you are, in fact, implying that there's merit in their attempt to claim
this copyright?

~~~
coderdude
I'm in fact saying I do not at all agree with the very fake and lame hive mind
that exists here. We can keep going until we're deep enough that you can't
reply here.

~~~
mikeash
Seems like you want to insult everybody without actually defending your view
in any way.

If you think there's merit here, I'd love to know why. This seems like a slam
dunk for Let's Encrypt under US trademark law.

~~~
coderdude
It seems like my point has been clear all along and that you desire more karma
points. That is to say, I haven't shifted the goal posts around. I never made
a point that I didn't stick to in previous posts. You can pander. I won't.

~~~
mikeash
Unless someone figures out how to use it to buy stuff, I couldn't care less
about karma. I do care about your reasoning.

Your point may be clear enough, but not why you think that way. I'm really
curious about why a company would do this. It looks to me like a completely
boneheaded move. If you explained, maybe that would give some insight.

