
Defending Our Brand - alexbilbie
https://letsencrypt.org//2016/06/23/defending-our-brand.html
======
grellas
The points made by ISRG seem well-taken and, if there is a formal fight over
this, it should prevail given the facts as it recites them.

There is a general lesson here for startups as well.

If you have an important mark, do consider doing an intent-to-use (ITU)
application earlier rather than later to prevent poaching of the mark by
others.

If you haven't actually used the mark in commerce (e.g., if you are in pure
development phase), anybody can go out and file an ITU application for your
mark and thereby effectively poach it - even if the person doing it is just
trying to extort you (of course, they won't say this is their motive). During
this phase, you are vulnerable to such poaching risks. For the vast majority
of startups, it probably doesn't matter because no one cares about the typical
mark or marks they plan to use when there is nothing yet noteworthy about
them. But it can and does happen. Autocad got poached in this fashion when it
first started. I had a client that had the domain name gmail.net, planning to
use if for "graphics mail" back in the day and they could have blocked Google
had they filed a "Gmail" ITU application (they didn't). Particularly if your
mark is distinctive and fanciful, and tied to a credible venture, you should
not be lax on this issue. At least _give it some careful thought_ even if your
decision is to take the poaching risk to avoid what you see as unnecessary up-
front costs on legal items. Remember: an ITU application gives priority over
someone who has not yet used a mark and it gives it to anyone and his uncle
who happens to file it even if they have done nothing yet in your field.

Once you begin to use a mark in interstate commerce, then you get common law
protections by which the person who is first to use a mark in a given
geographical area automatically gets priority to the mark with that area. This
happened with an outfit called Amazon Books in the Minneapolis area at the
time Amazon.com launched and they eventually got a settlement payout from
Amazon for infringement of their common law trademark rights in that area by
the bigger organization. Thus, if you are indeed using a mark in this way, and
someone comes along and tries to register a mark (whether ITU or otherwise),
you keep your priority over the late arrival and can sometimes even block them
from getting the registration (or have it set aside through a formal legal
fight). But this is a path with many potential pitfalls. Unless your actual
use was open, prominent, and notorious, you may have proof issues to establish
it or to establish its extent. Even if you can prove first use and broad
extent, you still may have to fight the latecomer and incur large legal
expenses in the process. Moreover, if you have not registered your mark, you
do not get a "presumption of validity" for it and this leaves it more
vulnerable to a legal argument that the mark is not protectible at all
(meaning that many people can use it without infringing on others' rights). Or
it can be argued that it is at most entitled to weak protection so that a use
by another is a slightly unrelated field will not cause customer confusion and
hence not infringe even if the mark is protectible. And so on and so on. The
situation is just not clean in this scenario or at least can more readily be
gummed up by a determined adversary who has "lawyered up."

As someone who has worked for years with early-stage startups, I would be the
last to say "go out right away and spend away on legal things" to cover a
bunch of theoretical risks. This poaching risk, for most startups, remains
primarily theoretical and should not cause you to have to run out and spend a
bunch of money on trademark filings before you know if you even have a viable
venture. But, for the _right_ cases (good mark, credible venture), it usually
pays to be attentive to this issue up front and eliminate the risk through
some proactive action.

ISRG is non-profit and its use of this mark was open and widespread. So I can
see why they did not go out and incur trademark filing costs to protect a mark
that I assume they believed no one could in good faith possibly challenge.
This was probably the right judgment to make for their situation. Yet, in
hindsight, we can see that the failure to do their own filing has left them
vulnerable - not to poaching (as I said, they likely will win) but to having
to go through an otherwise unnecessary legal fight to defend what is
legitimately theirs.

It is unfortunate and I hope people will give support as needed. In all too
many cases, underfunded people or organizations who are in the right do wind
up getting overwhelmed by people who simply have more resources and who are
determined to make life difficult. Even with a likely winning legal position,
someone in this position can wind up having to do some compromise (such as a
trademark co-existence agreement) giving the other party significant rights
just to resolve the fight. Better to avoid that pressure here if it means
enough to the relevant community.

~~~
smoyer
There's a second lesson for start-ups - if you can't buy or develop goodwill
with your customers, just steal it from someone else.

My experience(s) with Comodo have been well short of awe-inspiring and their
reputation certainly isn't great - to me, this is just another mark against
them.

~~~
seandougall
Indeed. I recently had my first two experiences acquiring and installing
certificates, the first from Comodo and the second from Let's Encrypt. Comodo
took _two weeks_ of repeated attempts over multiple validation methods to get
the damn thing issued. Let's Encrypt took less than a minute, even on a
platform that doesn't officially support it.

It seems Comodo is obviously lashing out because the only value their service
provides is the (ultimately artificial) trust in their CA. And now there's a
new player on the scene that not only is free, but provides more value in
terms of ease of use and just as much trust.

------
chasb
Well done Comodo, this motivated me to donate to Let's Encrypt.

[https://letsencrypt.org/donate/](https://letsencrypt.org/donate/)

~~~
Sir_Cmpwn
Eh, I want to donate, but not via PayPal. If anyone relevant is reading this,
consider adding more donation methods.

~~~
happyslobro
You would think that an organisation with that name would have wallets in a
variety of digital currencies.

------
NelsonMinar
Comodo is not a trustworthy security company.

Their browser extensions break browser security:
[https://news.ycombinator.com/item?id=11021633](https://news.ycombinator.com/item?id=11021633)
[https://news.ycombinator.com/item?id=9091917](https://news.ycombinator.com/item?id=9091917)

They issued fraudulent SSL certificates in 2011:
[https://www.schneier.com/blog/archives/2011/03/comodo_group_...](https://www.schneier.com/blog/archives/2011/03/comodo_group_is.html)

~~~
ymse
> They issued fraudulent SSL certificates in 2011:
> [https://www.schneier.com/blog/archives/2011/03/comodo_group_...](https://www.schneier.com/blog/archives/2011/03/comodo_group_is.html)

Moxie had an amusing anecdote about this incident in his Blackhat 2011 talk
"SSL and the future of authenticity"[0]. Apparently the same IP as was used by
the "sophisticated attacker" and disclosed by Comodo downloaded sslsniff[1]
from moxies server the next day, referred by a video tutorial about
intercepting SSL..

0: [https://youtu.be/Z7Wl2FW2TcA?t=5m](https://youtu.be/Z7Wl2FW2TcA?t=5m)

1:
[https://moxie.org/software/sslsniff/](https://moxie.org/software/sslsniff/)

~~~
Drdrdrq
Thanks, this video really made my day! :) I guess I won't be buying
certificates from Comodo anytime soon.

------
CommanderData
Learning this, I will not renew my certs with Comodo. This is childish
behaviour on Comodos part.

If it helps I'll advise any companies I consult to do the same until this
changes. Money is the only thing this company will understand.

~~~
mpclark
Turns out I have a Comodo cert expiring soon. Let's see if they do the right
thing before I do...

~~~
icebraining
They already refused to back down, even after requests from Let's Encrypt
lawyers. Backpedalling now in response to the PR crisis would not be enough,
in my opinion. I'd only consider them again if they were to make a decent
donation to Let's Encrypt.

------
natch
I'm pretty sure the lawyer would have known about letsencrypt.org and their
Let's Encrypt project before filing this.

So that being said, reading the fine print of what the lawyer had to sign in
order to submit the application, shouldn't the lawyer be vulnerable to perjury
charges?

Excerpt from
[http://tsdr.uspto.gov/documentviewer?caseId=sn86790719&docId...](http://tsdr.uspto.gov/documentviewer?caseId=sn86790719&docId=RFA20151020074647#docIndex=3&page=1)
:

The signatory believes that: if the applicant is filing the application under
15 U.S.C. § 1051(a), the applicant is the owner of the trademark/service mark
sought to be registered; the applicant is using the mark in commerce on or in
connection with the goods/services in the application; the specimen(s) shows
the mark as used on or in connection with the goods/services in the
application; and/or if the applicant filed an application under 15 U.S.C. §
1051(b), § 1126(d), and/or § 1126(e), the applicant is entitled to use the
mark in commerce; the applicant has a bona fide intention, and is entitled, to
use the mark in commerce on or in connection with the goods/services in the
application. The signatory believes that to the best of the signatory's
knowledge and belief, no other persons, except, if applicable, concurrent
users, have the right to use the mark in commerce, either in the identical
form or in such near resemblance as to be likely, when used on or in
connection with the goods/services of such other persons, to cause confusion
or mistake, or to deceive. The signatory being warned that willful false
statements and the like are punishable by fine or imprisonment, or both, under
18 U.S.C. § 1001, and that such willful false statements and the like may
jeopardize the validity of the application or any registration resulting
therefrom, declares that all statements made of his/her own knowledge are true
and all statements made on information and belief are believed to be true.

~~~
mhw
I'm also puzzled that Let's Encrypt's Trademark policy [1] strongly suggests
that 'Let's Encrypt' is a trademark (word mark?) that they have registered,
and yet according to the most recent letter sent by the USPTO [2] "The Office
records have been searched and there are no similar registered or pending
marks that would bar registration [...]"

[1] [https://letsencrypt.org/trademarks/](https://letsencrypt.org/trademarks/)
[2]
[http://tsdr.uspto.gov/documentviewer?caseId=sn86790719&docId...](http://tsdr.uspto.gov/documentviewer?caseId=sn86790719&docId=OOA20160208224028#docIndex=1&page=1)

~~~
jayrhynas
I don't see anything in their trademark policy that implies they have
registered any of their marks yet. In fact, all the marks in the "included,
but not limited to" list use ™ instead of ®, the later which can only be used
with registered trademarks. Searching the USPTO database[1] for "let's
encrypt" only reveals Comodo's 1B registrations.

All that being said, under US law you still have trademark rights even before
you register the mark, and ISRG definitely has first use on the Let's Encrypt
mark.

[1]
[http://tmsearch.uspto.gov/bin/gate.exe?f=login&p_lang=englis...](http://tmsearch.uspto.gov/bin/gate.exe?f=login&p_lang=english&p_d=trmk)

~~~
gnoway
This seems like a good example of why you should go through the registration
though. Because now they are going to have to use the courts to resolve the
situation; presumably (I hope?), if they'd registered, a new registration
application for the exact same mark would not even be accepted.

~~~
slavik81
There's a challenge period during trademark registration when they can voice
their objections. They may be able block it if they're not too late.

> You may challenge an application for trademark registration at the USPTO by
> filing an opposition with the TTAB within 30 days after it is published in
> the Official Gazette.

[http://www.uspto.gov/page/about-trademarks](http://www.uspto.gov/page/about-
trademarks)

------
ceocoder
Comodo - if you are reading this, you lost about 3000 USD worth of business
from me. And someone else is going to gain the same.

Drop this nonsense. It helps no one.

~~~
robrenaud
Why not send them an short and direct email?

~~~
walrus01
I'm sure their first tier customer service people don't care at all and will
just delete the ticket.

~~~
feross
You can tweet to the CEO directly here:
[https://twitter.com/melih_Comodo](https://twitter.com/melih_Comodo)

~~~
ryanburk
impressive that he doesn't follow anyone.

------
intsunny
This is disappointing, but not surprising given that Lets Encrypt threatens a
large and out-dated revenue stream for Comodo. Thankfully Lets Encrypt is
backed by Mozilla and the EFF, they have the resources to defend the brand.

Good luck guys!

~~~
Brybry
Couldn't this sort of behavior be against the Mozilla CA Inclusion Policy and
thus grounds for no longer bundling Comodo CA certs?

The same could possibly be said for Chromium's Root Certificate Policy. It
doesn't break the specific trusted tasks but I would say it counts as
generally operating in a non-trustworthy way.

Seems dumb on Comodo's part.

~~~
Karunamon
Probably, but Mozilla will never do it just because of the sheer amount of
_stuff_ that will stop working only on their browser.

That threat is only valid if the other browser vendors do the same thing at
the same time, otherwise it's a massive game of prisoner's dilemma.

------
alanh
The CEO of Comodo has apparently replied on a Comodo forum, and boy, it's a
doozy. [https://forums.comodo.com/general-discussion-off-topic-
anyth...](https://forums.comodo.com/general-discussion-off-topic-anything-and-
everything/shame-on-you-comodo-t115958.0.html;msg837411#msg837411)

> _Isn 't this why we have Trademark laws and courts? If they have right to it
> then more than happy to comply. But these kind of Intellectual copyrights
> can't be decided over a forum post or twitter account or trying to get your
> loyal but "blind" followers to bully another enterprise via their tweets. It
> won't work! This is not wild west and there are legal framework and courts
> for these kind of disputes. So lets all stop being the judge and jury and
> follow the law!_

> _One a separate note, since we are talking about protecting intellectual
> property, there is no law protecting business models. When Lets Encrypt
> copied Comodo 's 90 day free ssl business model, we could not protect it.
> Lets encrypt could have chosen 57 days, 30 days or any other number for the
> lifetime of their certificates. But they chose to use Comodo's 90 day Free
> SSL model that we established in the market place for over 9 years!!! We
> invented the 90 day free ssl. Why are they copying our business model of 90
> day free ssl is the question! Comodo has provided and built a Free SSL model
> that give SSL for free for 90 days since 2007! Trying to piggy back on our
> business model and copying our model of giving certificates for 90 days for
> free is not ethical. They clearly wanted to leverage the market of Free SSL
> users we had helped create and establish and that's why they created exactly
> same 90 day free ssl offering. So why did they choose 90 day????? That is
> the question!_

> _What they have is nothing new. We have been giving 90 day free certificates
> since 2007. Unlike them, our certificates are managed, even the free ones,
> so that consumers are protected. If a certificate is being used maliciously
> we revoke it. They don 't! How is that making internet safer??? Actually
> consumer are less safe with their certificate because if it is used
> maliciously they don't revoke (Unmanaged)!_

> _Lets get the facts right guys! We are the good guys that have been giving
> free SSL certificates since 2007 and managing them!_

~~~
nojvek
That reads like a high school breakup text. Let's encrypt is always free. Just
needs to be renewed right? What's with the 90day free invention he's talking
about?

~~~
itsnotlupus
I think he's trying to argue that Comodo's radical business idea of "you can
get a free certificate for 90 days before having to buy it" has been literally
stolen by Let's Encrypt's "You can renew your free certificate every 90 days
forever."

Because both approaches are critically centered around the number 90, or
something..

It's embarrassing. I hope that CEO is good at other things.

------
josephb
You can only imagine it's being done for malicious reasons.

It doesn't seem like there is any good reason for Comodo to do this, other
than try protect revenue loss.

~~~
egeozcan
It looks like they have nothing left to lose. Acting in bad faith so openly
lowers them to the levels of patent-trolls. I can't think of any company which
respects its public image doing any new business with them after this news.

~~~
vonklaus
> Acting in bad faith so openly lowers them to the levels of patent-trolls.

You seem to imply there was a time in recent memory where comodo itself was at
a level above patent trolls. At a high level, patent trolling is associated
with rent collection behaviour and using coercion to profit. I see this as
comodo's core business, so I guess I am just quibbling about timeframe.

------
pi-rat

      [x] First they ignore you,
      [x] then they laugh at you,
      [x] then they fight you,
      [ ] then you win.
                 - Mahatma Gandhi

~~~
vitd
Gandhi never said that [0].

[0]
[https://en.wikiquote.org/wiki/Mahatma_Gandhi#Misattributed](https://en.wikiquote.org/wiki/Mahatma_Gandhi#Misattributed)

------
tomcorrigan
I would love to see Mozilla (a big backer of Let's Encrypt) drop the Comodo
root certs from their alpha and beta Firefox builds for a couple of days to
show them how ugly things get when both sides play nasty.

~~~
andrewflnr
Given a year's warning or so, I would love to see all the browser vendors just
drop Comodo permanently.

------
AdmiralAsshat
I'd love to see Comodo's defense of this.

By "defense" I mean their PR spin, of course. I doubt they'll actually come
right out and say "Let's Encrypt is a threat to our revenue and we're
attempting to trademark the name under-the-radar so that we can sue them out
of existence."

------
markonen
CloudFlare uses Comodo certificates–millions of them, I imagine–and that
probably makes them a commercially significant Comodo customer. As a
CloudFlare customer with a Comodo-issued certificate, I hope they’ll try to
convince Comodo of the value of doing the right thing.

~~~
aroch
Comodo is just cross-signing CF certs[1] because the CF Origin CA is not yet
in browser trust stores. GlobalSign and Digicert also cross-sign CF certs.

[1] [https://blog.cloudflare.com/universal-ssl-encryption-all-
the...](https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-
the-origin-for-free/)

~~~
pfg
CloudFlare's Origin CA was created exclusively for communication between
CloudFlare and backend servers. I haven't seen any kind of announcement
mentioning that CloudFlare has plans to operate a public CA and apply to root
programs.

------
impostervt
This post made me hover over the green lock icon for this page:

"Verified by: COMODO CA Limited"

~~~
privong
When I hover over the green lock it says: "Verified by: IdenTrust".

~~~
yvesmh
He probably meant Hacker News, just checked and HN is verified by Comodo and
LetsEncrypt by IdenTrust.

~~~
privong
> He probably meant Hacker News, just checked and HN is verified by Comodo and
> LetsEncrypt by IdenTrust.

Gotcha. Yeah, I thought they meant the LetsEncrypt page.

------
dtemp
Ah, the death throes of a big company that suddenly had its business model
invalidated.

Well, not entirely; there are market niches that Let's Encrypt doesn't cover:
org-validated and extended validation certs, wildcard certs, anyone who needs
a cert that expires in years, ECDSA certs (for the time being)...

But theres no doubt that their revenue will be significantly cut, they'll lose
shareholder value and need layoffs.

Their industry did it to themselves; a TLS cert company should have 5
engineers, 5 customer support people, and 2 managers, and should charge about
10% of what they do.

~~~
withinrafael
And code signing certs, especially those for Windows kernel driver
development.

------
the_mitsuhiko
There are also others trying to cash in on this. StartSSL recently started a
"Start Encrypt" product which is based on similar ideas.

~~~
egeozcan
I see "Start Encrypt" as a capitalist answer to a competing product with
(very) cheesy marketing, while what Comodo tries to do is purely malicious.

IMHO we can't put them in the same basket.

~~~
jordigh
It sounds similar enough to me "Let's Encrypt" that it could confuse people.
The trademark system is supposed to prevent confusion, which seems to me like
what "Start Encrypt" could do. Thus, that also seems to me like a trademark
problem.

~~~
sokoloff
I tend to disagree (on the latter point). Encrypt is a generic word here. I
don't think it's appropriate (nor consistent with the law) to grant broad
trademark protection for generic terms.

To me, it's closer to "Joe's Pizza," "Anna's Pizza", and "Arlington Pizza" all
selling, well pizza. Could someone confuse Arlington Pizza and Anna's Pizza?
Sure, especially if Anna's Pizza is in Arlington and the owner of Arlington
Pizza is named Anna. Nevertheless, you can't trademark "<Adjective> Pizza"

~~~
jordigh
"Encrypt" on its own is generic but the "<Imperative-Verb> Encrypt" form of it
doesn't sound generic enough to me. Trademarks don't have to be original to be
trademarkable, just not cause confusion. I can see people getting confused by
"start encrypt" vs "let's encrypt". There could be a case for trademark
confusion there.

> Nevertheless, you can't trademark "<Adjective> Pizza"

Yep, you totally can. Again, because originality has got nothing to do with
trademarks:

Hot Pizza:
[http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80...](http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80nla.2.40)

Scratch Pizza:
[http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80...](http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80nla.2.36)

Match Pizza:
[http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80...](http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80nla.2.21)

Anytime Pizza:
[http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80...](http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4808:i80nla.2.1)

~~~
sokoloff
Absolutely correct that you can trademark those phrases. I thought one thing
and typed completely another. My mistake.

What I meant is that you can't use your trademark on "<Adjective> Pizza" to
exclude anyone else from registering "<Different Adjective> Pizza" and
competing with you [edit: under that mark].

~~~
jordigh
Depends on the adjective. If "Hot Pizza" is granted (it seems to just be an
application), which I doubt because that does sound really generic, then
probably nobody will be granted "Warm Pizza" or "Sizzling Pizza" because that
sounds similar enough to cause confusion.

 _Likelihood of confusion_ is the acid test for trademark infringement:

[https://en.wikipedia.org/wiki/Trademark_infringement](https://en.wikipedia.org/wiki/Trademark_infringement)

Also, preventing others from competing with you is completely irrelevant to
trademarks. That's more something like what patents do. As far as trademarks
go, you can compete all you want, just make sure you don't portray yourself as
having the same name as your competitor.

------
Fej
The bullshit the CAs pull never ceases to amaze me.

~~~
throwanem
Comodo in particular has a long history of shady bullshit. Tarring all CAs
with that brush strikes me as unduly harsh.

~~~
vox_mollis
Indeed. Their PCI-DSS compliance scanning service is completely useless.
Service version fingerprinting only, regardless of binary patch level or
actual vulns.

Yet somehow, the PCI SSC accepts their scan results as actionable for Level
1-3 compliance.

~~~
throwanem
PCI verification is a rubber stamp all the way through, is how.

------
dordoka
Well, there you have it Comodo. Issued new certificates for my humble domains
even thought they're not yet expired. And there you have it Let's Encrypt,
I've donated
[https://letsencrypt.org/donate/](https://letsencrypt.org/donate/)

------
nacs
Seems HN/YCombinator is using Comodo:

[https://thumbsnap.com/i/5ZkbUd6F.png?0623](https://thumbsnap.com/i/5ZkbUd6F.png?0623)

------
greenspot
Out of curiosity: Why didn't Letsencrypt applied for a trademark right at the
start?

That this happens was quite foreseeable and occurs quite often if people
forget to secure trademarks (I know this won't be a popular opinion because
most as I like Letsencrypt and their outstanding service)

~~~
Kadin
It costs $375 (plus lawyers fees, usually) and I suspect that they just didn't
think it was necessary. Lots of organizations haven't and don't bother
registering, unless they expect a problem. Lots of volunteer-run software
projects have better things to spend money on and just never get around to
registering their name as a trademark until someone else tries to steal it out
from under them.

~~~
azernik
When you're a very public open-source project whose brand is so central to
success, registration _is_ the better thing to spend their money on. Let's
Encrypt did not show good judgment on this one.

EDIT: For example, they probably spent a employee/retained-attorney time worth
more than $375 just to put together their Trademark Policy page. [1]

[1] [https://letsencrypt.org/trademarks/](https://letsencrypt.org/trademarks/)

------
RubenSandwich
It is very disheartening that Comodo, a seller of SSL certs, is attempting to
steal some of the attention of Let's Encrypt has put into making a more secure
internet. Instead of trying to weasel their way in front of Let's Encrypt a
better strategy, in my personal opinion, would be to offer services on top of
SSL. (Installing and managing SSL certs is still something a lay person cannot
do.)

~~~
sievebrain
They already do. LetsEncrypt does not offer EV SSL certs for example.

------
Jamieee
What a scummy business practice. I will not be renewing my remaining Comodo
certs.

------
davidgerard
FWIW, at $DAYJOB we've been actively getting rid of our Comodo certs and
replacing them with Let's Encrypt certs, because the Comodo certs don't work
with certain older Android versions that we have to support - but Let's
Encrypt's all just work.

If others are doing the same, this would be motivation for Comodo.

------
Titanous
Comodo's CEO has responded on their forums:
[https://forums.comodo.com/general-discussion-off-topic-
anyth...](https://forums.comodo.com/general-discussion-off-topic-anything-and-
everything/shame-on-you-comodo-t115958.0.html)

~~~
pfg
From the post:

> One a separate note, since we are talking about protecting intellectual
> property, there is no law protecting business models. When Lets Encrypt
> copied Comodo's 90 day free ssl business model, we could not protect it.
> Lets encrypt could have chosen 57 days, 30 days or any other number for the
> lifetime of their certificates. But they chose to use Comodo's 90 day Free
> SSL model that we established in the market place for over 9 years!!! We
> invented the 90 day free ssl. Why are they copying our business model of 90
> day free ssl is the question! Comodo has provided and built a Free SSL model
> that give SSL for free for 90 days since 2007! Trying to piggy back on our
> business model and copying our model of giving certificates for 90 days for
> free is not ethical. They clearly wanted to leverage the market of Free SSL
> users we had helped create and establish and that's why they created exactly
> same 90 day free ssl offering. So why did they choose 90 day? That is the
> question!

I'm not sure if he's delusional, or if he honestly thinks this is a "business
model". Following that logic, _all_ CAs are copying each other's business
model when they offer one-year certificates. I don't have words for this.

------
misiti3780
I will never use a Comodo cert again.

------
edoceo
I've been using LE for all the certs. Free, easy, secure. Hooray!

Cheers to LE for standing tall.

Please donate to LE, EFF.

------
Nilzzon
That's it, I've cancelled all our Comodo certificates!

------
jrockway
As part of my branding consulting services, I could totally come up with some
non-trademarked-but-like-totally-better names. For instance:

1) We gonna encrypt u

2) Allow us to encrypt!

3) I CAN HAZ NCRYPTON?

------
Nilzzon
That's it! I've just replaced all our Comodo certificates.

------
l1n
Talk about an abuse of the trademark system.

~~~
jordigh
Hm? This seems to be the perfect use of this "intellectual property"[1].
Comodo is trying to deceive people, Let's Encrypt is trying to prevent it by
enforcing their trademarks. This is how it's supposed to work.

\--

[1] I don't like the term "intellectual property" mostly because people forget
or misunderstand what it refers to and how the many various things called
"intellectual property" work individually and differently from each other.

~~~
dandelion_lover
>I don't like the term "intellectual property"

and rightfully so, see [https://www.eff.org/issues/intellectual-property/the-
term](https://www.eff.org/issues/intellectual-property/the-term)

------
scrollaway
I'm cancelling an order for a code-signing certificate with Comodo. This is
disgusting behaviour on their part.

Can someone recommend a good provider for code signing certs?

~~~
vsl
DigiCert. After a year with Symantec (can't recommend) it was a joy to get one
from DigiCert. Good site, good tools, reasonable prices, 3 yr option, painless
validation process (I'm in a small EU country, which tends to complicate
things on occasion). Can't recommend enough.

~~~
scrollaway
Thank you. I was already looking at digicert, this cements my choice :)

------
pcora
The worst possible move by a competitor. Not cool Comodo.

~~~
abraae
Maybe also one of the stupidest. Comodo are really raising up LetsEncrypt in
the eyes of the community, as well as sullying their own brand, by being such
dicks, and being so obviously in the wrong.

And when they lose, as it sounds they will, they'll leave the LetsEncrypt
brand all the more valuable than before.

------
Animats
US trademarks are easy to register.[1] The whole process is online and starts
at $225. I hold several. You don't need a lawyer unless you're in some crowded
area ("AAAAA Plumbing" would be a crowded area) or confusingly similar to an
existing trademark.

There's no reason for a startup to not register a trademark.

[1] [http://www.uspto.gov/trademarks-application-
process/filing-o...](http://www.uspto.gov/trademarks-application-
process/filing-online)

------
axg
We should remove Comodo from our trusted CAs

------
AngeloAnolin
Next thing we'll likely see is that Comodo getting hacked / breached and their
data exposed, making them the least trusted computing security firm.

~~~
NetStrikeForce
_Next_ thing you say?

[http://www.cnet.com/news/fbi-probes-comodo-web-security-
brea...](http://www.cnet.com/news/fbi-probes-comodo-web-security-breach/#)!

~~~
ComodoHacker
I picked my nickname after that breach.

------
symfoniq
The organization I work for has used Comodo certs in the past, but antics like
this ensure they'll never receive another dime from us.

------
drumttocs8
I'm not sure what happened with Comodo in the past couple of years. I used to
love their firewall and "secure" browser products- but then they stripped
features from their free firewall option, and added sponsored links to the
address bar autocomplete results! Literally a complete 180 from impressions of
privacy and security I originally had of the company.

------
diegorbaquero
Never again comodo, donating to LE

------
eeeeeeeeeeeee
I would expect no less from Comodo. Terrible company and product.

------
kevindeasis
Who do you guys trust for your wildcards needs? Assuming you were to build a
super cheap side project on the weekends and you needed subject alternative
names for your first-level subdomains.

------
ionised
God damnit, I really need to find a decent alternative to Comodo Firewall and
HIPS, something that offers similar granular control.

They're far too shady these days.

------
juandazapata
Sad. This reminds me of high school where I was constantly being bullied by
the big guys.

\- Oh, I like that what you have. You know what? I WANT it. And I'm going to
take it just because I'm bigger than you.

They can go to hell. I'm not renewing my certs with those twats. Bullying is
not fine just because is a company instead of a person doing it.

Let's encrypt, the community is with you. I just donated to your cause.

------
chrisked
will switch all my comodo certs once they expire.

------
mcms
Updated original post:

Update, June 24 2016

We have confirmed that Comodo submitted Requests for Express Abandonment for
all three trademark registration applications in question. We’re happy to see
this positive step towards resolution, and will continue to monitor the
requests as they make their way through the system.

We’d like to thank our community for their support.

------
MasterYoda
This behaviour really piss me off.

Someone having a proper email to comodo so it is possible complain directly to
them? (1)

I really hope alot of people will complain directly to them so they see this
is not ok in no ways and they doing the right thing.

(1) “contact us" on there homepage is just emty for me on my mobile for some
reason. Therefore the question.

------
markbao
This is why people hate CAs.

------
kefka_p
I've uninstalled some software I've paid good money for as a result of this
behavior. Further Comodo will net exactly zero recommendations from me until
this behavior is rectified.

Utterly intolerable.

------
yeldarb
Why did Lets Encrypt not previously register a trademark of their own?

~~~
alexwebb2
It appears that they are trademarked in the UK.

------
tripzilch
Seems a pretty clear case that Let's Encrypt will win easily. The crazy part
is the legal system with the pay-wall before justice.

------
24gttghh
Well, good thing members of the EFF are on the Technical Advisory Board at
Let's Encrypt, and the board of Directors at ISRG.

------
ktdrv
Aaaand the Controversies section of Comodo's Wikipedia page gained another
entry.

------
jagger27
Didn't LE announce they were going to do a name change a few months ago?

~~~
pietroalbini
That was for the official client, which was renamed to certbot. The CA name
was never meant to be changed.

[https://github.com/certbot/certbot](https://github.com/certbot/certbot)

------
tszming
Dear Comodo: your competitor is GoDaddy, not Let's Encrypt :)

------
dkarapetyan
Fuck comodo and their sleazebag tactics.

------
lighttower
Comodo's behavior is shameful. How can we punish them? Is there a way to move
away from using their services?

------
86646
Lol. Free publicity for LE. Good job Comodo.

------
artursapek
That is a hilariously weak move

------
simbalion
Those bastards. I tried emailing sales@comodo.com but their mailing server
falsely bounced my message saying there was a virus attached (I use anti-virus
on my mail server.)

I called them and told their tech support guy about their broken mail server,
and told him to check out letsencrypt.org and see how his company is trying to
infringe on trademarks to bully their open-source competition, and that he
should find a better employer.

------
rsspbrry
Sounds like Comodo should get the GoDaddy treatment:
[http://arstechnica.com/tech-policy/2011/12/victory-
boycott-f...](http://arstechnica.com/tech-policy/2011/12/victory-boycott-
forces-godaddy-to-drop-its-support-for-sopa/)

