back to article Let's Encrypt in trademark drama

The group behind the Let's Encrypt certificate authority (CA) says that its name could be in doubt thanks to rival CA Comodo Group. The Internet Security Research Group (ISRG) says that it is currently locked in a conflict with Comodo, who it claims is trying to trademark the "Let's Encrypt" name despite its previous filings …

  1. Bob Vistakin

    Let's boycott


  2. moiety

    I used to like Comodo, but last year's MITM SSL thing and now this need trustworthiness from a security company, and that's not what I'm seeing.

    1. Anonymous Coward
      Anonymous Coward


      Let's Not Forget - that Comodo issued fraudulent certificates in 2011 for Google, Yahoo, Skype and Hotmail which were used for serious phishing/hacking - state sponsored according the Comodo post-mortem at the time.

  3. james 68

    Wow, did Comodo get bought out by Apple or something?

  4. pollyanna

    Oh, they've replied now.

    With a great big F**K Y*U to Let's Encrypt;msg837411#msg837411

    1. AdamWill

      Re: Oh, they've replied now.

      Wow, an expiry time is a business model now? yeesh.

    2. DeKrow

      Re: Oh, they've replied now.

      It sounds as if Comodo has found their avenue for 'revenge' after Let's Encrypt 'stole' the concept of 90 days from them. Trolls.

      Let's Encrypt should rename themselves Komodo in return and offer 120 days free SSL certs.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh, they've replied now.

        Let's Encrypt isn't free for 90 days though. It's free forever because the script keep auto-renewing it.

        I also think Let's Encrypt has finally added transparency and openness to what's been a very scummy rent-seeking business of "selling trust".

        1. Swarthy Silver badge

          Re: Oh, they've replied now.

          I love the fact that when refuting a refutation to his "How do we know they used it first, they didn't file any paperwork, and besides, they copied us first" rant, the CEO points to ISRG's website at .. wait for it...

          I think having the URL pretty much shows that they used it first.

    3. John Brown (no body) Silver badge

      Re: Oh, they've replied now.

      Sorry, I think I missed something crucial in that post. Just how long does the Comodo free SSL certificate last?

      Sheesh, that guy sounds more like a petulant child than a CEO.

      And anyway, isn't 90 days somewhat ingrained in the US consumer psyche? It's the standard warranty period so a fairly obvious number to pick.

      1. Destroy All Monsters Silver badge
        Paris Hilton

        Re: Oh, they've replied now.

        Comodo has provided and built a Free SSL model that give SSL for free for 90 days since 2007! Trying to piggy back on our business model and copying our model of giving certificates for 90 days for free is not ethical.

        M. Abdulhayaoğlu Melih ("dedicated to innovation"), (founder of Comodo, which of course is praiseworthy in any case) unfortunately sounds like a kid of Generation Entitled here.

        But further down "robinalden" (Comodo Staff) has this to say:

        With LE now being an operational business, we were never going to take the these trademark applications any further. Josh posted a link to the application and as of February 8th it was already in a state where it will lapse. Josh was wrong when he said we’d “refused to abandon our applications”. We just hadn’t told LE we would leave them to lapse. We have now communicated this to LE.

        So all is hunky dory?

  5. Brian Scott

    Law vs. Ethics

    I would have expected a Certification Authority to behave ethically as part of its business model.

    For the CEO to claim that they were just operating within the law and that this is the cut-and-thrust of business shows that they have confused the two concepts of law and ethics. What they are doing may well be legal (I am not a lawyer, etc) but stealing a name from a non-profit is in absolutely no way ethical.

    The list of trusted root authorities in our browsers represent the companies that we trust to a very high standard to make our decisions on the authenticity and legitimacy of domains on the Internet. I expect them to do this both within the bounds of law and with a very high degree of ethics.

    A legitimate approach to this would be to remove Comodo from everyone's list of trusted certificate authorities since they clearly are not living up to the high standards demanded of them.

    They would then go out business because internet sites could no longer choose to use their now untrusted certificates.

    This is business comodo. Sorry to see you go. Don't slam the door.

    1. Destroy All Monsters Silver badge

      Re: Law vs. Ethics

      That would take a few "subtrees" dependent on Comodo CA with it.

      Sorry ""no bullshit",, borderline trustworthy anyway.

      1. Anonymous Coward
        Anonymous Coward

        Re: Law vs. Ethics

        > Sorry ""no bullshit"

        I must say I very much disagree with the tone and content of your dismissive comment against Gandi. I have used them for well over ten years, since they were a tiny, unknown company in Paris, and they have always been superb. From acquaintances' experience, even when they fuck up they are quick to admit it and make amends.

        The case that you link to was some bloke¹ who decided it was a great idea to ride on the back of Google's name while providing fake WHOIS details. Reliable providers have to (and do) have strict policies against this, in order to avoid or at least minimise the incidence of fraud and other dishonest practices. In that case, Gandi reacted impeccably and with great professionalism. Apart from being French, I cannot find fault with them.

        I cannot speak as to their arrangements with Comodo, or as to Comodo's intentions behind this, but I do feel they provide excellent service.

        ¹ Btw, said bloke calls himself a "security researcher" but in reality is just an amateur who seems to make it his occupation to approach some of the media with click-bait worthy (but save on one occasion a long time ago, wrong or irrelevant) stuff. At the same time, he is an incompetent developer who leaves "gaping security holes" in his so-called security applications and seems not to be at all averse to spying on his own users. To put it mildly, the guy hasn't got the faintest about security.

    2. Hstubbe

      Re: Law vs. Ethics

      You are aware that the chinese, russia and us government are on that trusted list as well, right? And the likes of symantec who openly use their trusted ca to man-in-the-middle.. If you still trust the default ca lists in browsers, you must be very very naive indeed (maybe i missed the sarcasm in your comment?).

      1. Anonymous Coward
        Anonymous Coward

        Re: Law vs. Ethics

        The sarcasm brexitted...

  6. mIRCat

    May all of your certificates be expired.

    Bad form sir! Bad form I say!

    And your TLS requests be malformed.

  7. Sitaram Chamarty

    Comodo CEO (2011, same one now??) hilariously slammed in Moxie Marlinspike's talk

    watch especially 05:19 to 06:52, then 07:45 to 11:30

    heck watch the whole thing; Moxie is a very clear, articulate, speaker with a great sense of humour *and* knows his shit

    1. Anonymous Coward
      Anonymous Coward

      Re: Comodo CEO (2011, same one now??) hilariously slammed in Moxie Marlinspike's talk

      > knows his shit

      Real researchers publish proper papers in academic venues reputable and well-known in the industry. This guy just goes and plays the media / shows his face at meetups, but he's just an amateur with not very clear motives, as mentioned earlier. He seems to connect with certain audiences, but please do not mistake a media pundit with a real security professional.

      1. Sitaram Chamarty

        Re: Comodo CEO (2011, same one now??) hilariously slammed in Moxie Marlinspike's talk

        What planet do you live in?

        "media pundit"? "[not a] real security professional"?

        Moxie (and Trevor Perrin)'s Signal protocol is pretty much the only one that has been *proven* to be secure (at the protocol level at least). And that is the most recent one I can remember; I think even the cert pinning RFC was from them but I am not sure. Regardless, he *does* know his shit, and some anonymous coward saying it ain't so ain't gonna make it not be true.

  8. Anonymous Coward
    Anonymous Coward


    Comodo must have shat bricks in their commode when they heard Let's Encrypt will destroy their rent-seeking business model.

  9. Adrian Midgley 1

    So Comodo are


    1. JassMan Silver badge

      Re: So Comodo are


      No. They are obviously even lower than arseholes since a commode is something you sh^Hit on.

  10. Glen Turner 666

    Update -- Comodo to abandon trademark registration

    This thread <> contains the most hilarious statement ever by a CEO, see comment #3. A staffer later posts that Comodo will file to abandon the trademark registration:

    "@robinalden Reply #28 on: Yesterday at 03:41:45 PM:

    "Comodo has filed for express abandonment of the trademark applications at this time instead of waiting and allowing them to lapse.

    "Following collaboration between Let's Encrypt and Comodo, the trademark issue is now resolved and behind us and we'd like to thank the Let's Encrypt team for helping to bring it to a to a resolution."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019