Great. I keep checking from time to time - someone who understands reality is bound to talk to the CEO soon. https://www.comodo.com/about/leadership.php is at the moment a list of people who all have a good reason to tell Melih to STFU.
If the post is not taken down soon, Comodo is beyond any help...
Anytime I see this kind of personality, a self promoting businessman, get pissy on the internet - I cross my fingers and hope for another Ocean Marketing. This and cat pictures is to the internet what apple pie is to America :)
> someone who understands reality is bound to talk to the CEO soon
Comodo is seemingly not approving new forum registrations today... assumably to prevent a blow-back on that thread. They'd prefer to leave it as-is; seemingly unchallenged (and therefore "correct").
He states "We invented the 90 day free ssl. Why are they copying our business model of 90 day free ssl is the question! Comodo has provided and built a Free SSL model that give SSL for free for 90 days since 2007!"
I was curious because I had never heard of anyone providing free SSL other than StartSSL before Let's Encrypt (and Amazon).
It's a trial. No free renewals, manual or automatic.
"Free SSL certificates are valid for 90 days and are limited to one issuance per domain."
There's a few free SSL providers, not including the various shared hosting services which offer free SSL.
Let's Encrypt is significant because their certificate is "trusted" in all browsers. The free SSL CAs that I'm familiar with are not "trusted" in any browsers.
He's either being disingenuous or he's terribly misinformed about how things work. Either one is unacceptable for the CEO of a major certificate provider.
Also, I feel even better about dropping ALL of my Comodo certs and switching to Lets Encrypt. I can't wait to never have to go to the Comodo website again.
> He's either being disingenuous or he's terribly misinformed
He's trying to register the Lets Encrypt trademark and deflecting with "but they didn't so we can". I don't think there's a question of being disingenuous.
To be more precise, I meant "is there a way to automatically manage CF certificate from LE". There are many ways to manage local certs (or update things by hand), but if you can't automatically update the CF one, it's going to be a bit of a problem.
Looks like CloudFlare has an API endpoint for certificate management[1], so this should be possible, though I haven't seen any tooling for this specifically.
> since we are talking about protecting intellectual property, there is no law protecting business models. When Lets Encrypt copied Comodo's 90 day free ssl business model, we could not protect it. Lets encrypt could have chosen 57 days, 30 days or any other number for the lifetime of their certificates. But they chose to use Comodo's 90 day Free SSL model that we established in the market place for over 9 years!!!
That is not a business model. Besides, Google has been doing that for years now[1]. If this is in the name of justice in defending their business model, they should go after Google too.
Comodo has no innovation here.
> What they have is nothing new. We have been giving 90 day free certificates since 2007.
ACME is entirely new and original. It's even an open protocol, they themselves could implement it and gain a wider customer base! Why let LE be the only ACME CA?
Also their 90-day free certs don't renew for free.
> Actually consumer are less safe with their certificate because if it is used maliciously they don't revoke (Unmanaged)!
Unmanaged but 100% automated, which is 100% more than they can say. Automated processes are more standardized and more quickly executed than manual, managed ones. Also LE has proactively revoked several abused certificates[2] and has NOT broken browser security with bad extensions nor issued fraudulent certificates[3] as Comodo has.
> Lets get the facts right guys! We are the good guys that have been giving free SSL certificates since 2007 and managing them!
Sigh. CAs need to be working together at a time like this, not abusing trust and slinging mud.
Don't you see! Innovation! Everyone's heard of 90 day free trials sure, but don't you see, it's a 90 day free trial on a computer thing! Surprised they didn't bother with a patent.
I'm cancelling my Comodo certs today. It's scary that this is the largest CA in the world.
Sibling comments have brought up some good points about the baseless claims in this post. The CEO also quotes this Let's Encrypt blog post on "Why 90 Days":
> "Ninety days is nothing new on the Web. According to Firefox Telemetry, 29% of TLS transactions use ninety-day certificates. That’s more than any other lifetime"
> so whose certs are these? Of course Comodo's!!! So they are admitting they are copying our innovation of 90 day free ssl certs!
So is the CEO saying that 29% of TLS transactions on the web are on sites which use Comodo's 90-day free trial SSL certificates, probably used on sites with the least traffic on the web? That at any one time, 29% of TLS traffic is over an unrenewable 90-day trial cert? Huh, seems implausible for some reason!
----
The post right above is also misinformed as well:
> From a legal standpoint (ISRG) should have trademarked this when they started using it publicly in November of 2014. There negligence to have done so is why this debate is happening. Then they want to cry foul because of their failure to follow the simplest of product protections. Registering your trademarks. The one who is in possession of the registered trademark is the owner, and that is the law.
Correct me if I'm wrong, but "from a legal standpoint," there has to be evidence of use in commerce before a trademark can be registered, and it's crystal clear that Comodo did not use "Let's Encrypt" in commerce, and it's also crystal clear that ISRG did.
Even more, you gain a trademark simply by using a mark in, well, trade (commerce). It isn't required to register a trademark in order to have the trademark, or to be able to protect it. Yes, your case is stronger if it's registered, but registration is not required.
Federal registration is not required to establish rights in a trademark. Common law rights arise from actual use of a mark and may allow the common law user to successfully challenge a registration or application.
>Correct me if I'm wrong, but "from a legal standpoint," there has to be evidence of use in commerce before a trademark can be registered, and it's crystal clear that Comodo did not use "Let's Encrypt" in commerce, and it's also crystal clear that ISRG did.
Yes, and then after the mark is approved you have to provide evidence of use, which can be nothing more than a screenshot of a webpage (plus a $250 filing fee). Filing evidence of use can be delayed up to 5 times I believe, meaning you have plenty of time to file. If you fail to file, you will lose your mark though.
Good luck, Comodo. You won't find any friends here. Not that I care either which way but I'm fairly positive I know what HN's copypastemind has decided well before this drama sprouted. Let's Encrypt is the new SSL Jesus.
Probably DigiCert since that's what GitHub uses. Until GitHub made openly anti-white male comments and lost their mind share to GitLab. I barely follow this tabloid at this point.
Here's something fun: GitLab uses Comodo. What a tangled web we weave.
I'm in fact saying I do not at all agree with the very fake and lame hive mind that exists here. We can keep going until we're deep enough that you can't reply here.
It seems like my point has been clear all along and that you desire more karma points. That is to say, I haven't shifted the goal posts around. I never made a point that I didn't stick to in previous posts. You can pander. I won't.
Unless someone figures out how to use it to buy stuff, I couldn't care less about karma. I do care about your reasoning.
Your point may be clear enough, but not why you think that way. I'm really curious about why a company would do this. It looks to me like a completely boneheaded move. If you explained, maybe that would give some insight.
Like I said, good luck on your karma bro. I hope it brings you great fortune. I don't have to explain to a Karmenista what my never changing ideals are. Reply until you are the winnar.
Dude, I agree with you and your posts here made me very seriously question my next admin theme buy from wrapbootstrap (great site by the way). You can be more diplomatic.
Your posts in this thread were painfully off-topic and unsubstantive—which, please don't do—but here you crossed into personal attack, which is even worse. We ban accounts that do that, so please don't do it again.
> Lets get the facts right guys! We are the good guys that have been giving free SSL certificates since 2007 and managing them!
Rarely are self-proclaimed titles worth anything; I don't think this is any exception.
I think it's particularly laughable he calls 90 day Free SSL a business model. Or when he implies making it some other number of days would have been acceptable to him.
It is hilarious that he has to declare that "Comodo" is the good guys, while they are trying to trademark a term that they have never used! Oh the irony!
And that the CEO compares 90 days TRIAL to a 90 days unlimited renewals and thinks it is the same is just a sign on how big of a defeat they are facing!
I like how the CEO links to Let's Encrypt's post explaining the technical reasons for 90 day certificates [1], yet still thinks Let's Encrypt (a non-profit) "copied" their "business model" of offering free trial certificates.
How can someone so clueless be CEO of Comodo? Is he not aware how utterly and completely terrible he sounds? Pretending 90 day certs are a "business model" they invented? And that first to trademark is some sort of accomplishment?
If Comodo didn't have such a terrible reputation, I wouldn't believe this to be the actual CEO.
After meeting a few CEOs of large corporations it's clear that being intelligent or knowledgable about their industry is not their primary attribute. Rising to that sort of position has more to do with social networking ability and how well you perform in the theater of the corporate officeplace.
I really hate that his response is that the EFF should either use their scarce resources to fight them in court or else give up. I wonder if he kicks puppies in his spare time?
Response boils down to "they didn't do it so we're legally allowed to". But WHY are you trying to Trademark that name other than to harm the Lets Encrypt business? If there's any other answer than harm towards Lets Encrypt I'd really like to hear it.
I wanted to post a rebuttal to the CEO's statements, however Comodo seems to not be approving new forum registrations today.
So, not only is Comodo living in a warped sense of reality, but they are not allowing any discussion to take place on their forums regarding this issue.
The CEO of Comodo likely knows the statements are highly delusional. I speculate they are driven by the intense fear of Let's Encrypt taking off in storm, driving a mass exodus of Comodo's paying customers.
Whether or not that's how reality will play out, I suppose we shall see. Instead of trying to adapt, Comodo's response is to try to squash it before it has a chance.
Wow. So much wrong with that. I was already planning to switch from Comodo to LE for one client, but now I'm going make sure none of my other clients are using Comodo certs. Sorry, Comodo, but you're just hastening your demise with this kind of behaviour.
> When Lets Encrypt copied Comodo's 90 day free ssl business model, we could not protect it. Lets encrypt could have chosen 57 days, 30 days or any other number for the lifetime of their certificates. But they chose to use Comodo's 90 day Free SSL model that we established in the market place for over 9 years!!!
He's being disingenuous and intentionally misleading when he's trying to suggest LetsEncrypt stole their 90 day free SSL Cert business model as some kind of justification for his shady behavior of stealing someone else's trademark.
LetsEncrypt offers free SSL Certs forever, their short 90 days lifetimes is for added security of short duration of SSL certificates and to encourage certificate renewal automation. It has absolutely nothing to do with Comodo's freemium business model as he's trying to imply. I'd imagine he's fully aware of LetsEncrypt "always free" certificates since he's trying to steal the brand and goodwill that they've created. So his justification isn't anything more than a disingenuous PR stunt to cloud the issue behind his attempted brand theft.
This is really scummy behavior on then part of Comodo. I'm glad to not have had to do business with them. I suppose it does show how much Comodo is threatened by ISRG in this regard. It will be interesting to see if any of the big-corp sponsors offers to help ISRG with any legal fees that might come up, as this presents a large PR opportunity in the vein of Newegg patent troll fighthing.
What's even worse is one of the original posters on that thread ('sAyer' - a self-proclaimed paralegal)
> From a legal standpoint (ISRG) should have trademarked this when they started using it publicly in November of 2014. There negligence to have done so is why this debate is happening. Then they want to cry foul because of their failure to follow the simplest of product protections. Registering your trademarks. The one who is in possession of the registered trademark is the owner, and that is the law.
That is just deeply, totally, entirely wrong as far as the USA goes. I'm going to give this person the benefit of the doubt and just assume there's some i18n misunderstanding going on here, but in the USA, registration is a formality that's simply not required to afford trademark protection.
87 comments
[ 4.8 ms ] story [ 146 ms ] threadIf the post is not taken down soon, Comodo is beyond any help...
Comodo is seemingly not approving new forum registrations today... assumably to prevent a blow-back on that thread. They'd prefer to leave it as-is; seemingly unchallenged (and therefore "correct").
I was curious because I had never heard of anyone providing free SSL other than StartSSL before Let's Encrypt (and Amazon).
It's a trial. No free renewals, manual or automatic.
"Free SSL certificates are valid for 90 days and are limited to one issuance per domain."
https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-...
Let's Encrypt is significant because their certificate is "trusted" in all browsers. The free SSL CAs that I'm familiar with are not "trusted" in any browsers.
Also, I feel even better about dropping ALL of my Comodo certs and switching to Lets Encrypt. I can't wait to never have to go to the Comodo website again.
He's trying to register the Lets Encrypt trademark and deflecting with "but they didn't so we can". I don't think there's a question of being disingenuous.
[1]: https://api.cloudflare.com/#custom-ssl-for-a-zone-properties
[1]: https://github.com/AnalogJ/lexicon
That is not a business model. Besides, Google has been doing that for years now[1]. If this is in the name of justice in defending their business model, they should go after Google too.
Comodo has no innovation here.
> What they have is nothing new. We have been giving 90 day free certificates since 2007.
ACME is entirely new and original. It's even an open protocol, they themselves could implement it and gain a wider customer base! Why let LE be the only ACME CA?
Also their 90-day free certs don't renew for free.
> Actually consumer are less safe with their certificate because if it is used maliciously they don't revoke (Unmanaged)!
Unmanaged but 100% automated, which is 100% more than they can say. Automated processes are more standardized and more quickly executed than manual, managed ones. Also LE has proactively revoked several abused certificates[2] and has NOT broken browser security with bad extensions nor issued fraudulent certificates[3] as Comodo has.
> Lets get the facts right guys! We are the good guys that have been giving free SSL certificates since 2007 and managing them!
Sigh. CAs need to be working together at a time like this, not abusing trust and slinging mud.
Related discussion on LE forums: https://community.letsencrypt.org/t/about-the-defending-our-...
[1]: https://twitter.com/sleevi_/status/746099416864591873
[2]: https://community.letsencrypt.org/c/incidents
[3]: https://news.ycombinator.com/item?id=11962371
So, yes.
Sibling comments have brought up some good points about the baseless claims in this post. The CEO also quotes this Let's Encrypt blog post on "Why 90 Days":
> "Ninety days is nothing new on the Web. According to Firefox Telemetry, 29% of TLS transactions use ninety-day certificates. That’s more than any other lifetime"
> so whose certs are these? Of course Comodo's!!! So they are admitting they are copying our innovation of 90 day free ssl certs!
So is the CEO saying that 29% of TLS transactions on the web are on sites which use Comodo's 90-day free trial SSL certificates, probably used on sites with the least traffic on the web? That at any one time, 29% of TLS traffic is over an unrenewable 90-day trial cert? Huh, seems implausible for some reason!
----
The post right above is also misinformed as well:
> From a legal standpoint (ISRG) should have trademarked this when they started using it publicly in November of 2014. There negligence to have done so is why this debate is happening. Then they want to cry foul because of their failure to follow the simplest of product protections. Registering your trademarks. The one who is in possession of the registered trademark is the owner, and that is the law.
Correct me if I'm wrong, but "from a legal standpoint," there has to be evidence of use in commerce before a trademark can be registered, and it's crystal clear that Comodo did not use "Let's Encrypt" in commerce, and it's also crystal clear that ISRG did.
http://www.uspto.gov/learning-and-resources/trademark-faqs#1...
Federal registration is not required to establish rights in a trademark. Common law rights arise from actual use of a mark and may allow the common law user to successfully challenge a registration or application.
I bet his general council is screaming at him right now. This could be used as evidence of malfeasance or general character issues.
You can also file for "intent to use".
Yes, and then after the mark is approved you have to provide evidence of use, which can be nothing more than a screenshot of a webpage (plus a $250 filing fee). Filing evidence of use can be delayed up to 5 times I believe, meaning you have plenty of time to file. If you fail to file, you will lose your mark though.
Ridiculous argument. Scummy as hell too.
Here's something fun: GitLab uses Comodo. What a tangled web we weave.
Nothing I've said actually rails against truth. Just what they want to talk about.
Added:
Pretty much always.
If you think there's merit here, I'd love to know why. This seems like a slam dunk for Let's Encrypt under US trademark law.
Your point may be clear enough, but not why you think that way. I'm really curious about why a company would do this. It looks to me like a completely boneheaded move. If you explained, maybe that would give some insight.
why?
Rarely are self-proclaimed titles worth anything; I don't think this is any exception.
I think it's particularly laughable he calls 90 day Free SSL a business model. Or when he implies making it some other number of days would have been acceptable to him.
And that the CEO compares 90 days TRIAL to a 90 days unlimited renewals and thinks it is the same is just a sign on how big of a defeat they are facing!
1. https://letsencrypt.org/2015/11/09/why-90-days.html
If Comodo didn't have such a terrible reputation, I wouldn't believe this to be the actual CEO.
I think we should all begin using this on social media. It's a play on their official "Creating Trust Online" tagline.
Maybe #CreatingDistrustOnline or #DistrustComodo
Despicable.
So, not only is Comodo living in a warped sense of reality, but they are not allowing any discussion to take place on their forums regarding this issue.
The CEO of Comodo likely knows the statements are highly delusional. I speculate they are driven by the intense fear of Let's Encrypt taking off in storm, driving a mass exodus of Comodo's paying customers.
Whether or not that's how reality will play out, I suppose we shall see. Instead of trying to adapt, Comodo's response is to try to squash it before it has a chance.
> We are the good guys
Sure you are...
https://www.facebook.com/ComodoHome/ https://twitter.com/comododesktop https://www.linkedin.com/company/comodo
Utter jackassery. I'm adding Comodo to my semi-permanent "never-do-business-with" list along with GoDaddy and Best Buy.
He's being disingenuous and intentionally misleading when he's trying to suggest LetsEncrypt stole their 90 day free SSL Cert business model as some kind of justification for his shady behavior of stealing someone else's trademark.
LetsEncrypt offers free SSL Certs forever, their short 90 days lifetimes is for added security of short duration of SSL certificates and to encourage certificate renewal automation. It has absolutely nothing to do with Comodo's freemium business model as he's trying to imply. I'd imagine he's fully aware of LetsEncrypt "always free" certificates since he's trying to steal the brand and goodwill that they've created. So his justification isn't anything more than a disingenuous PR stunt to cloud the issue behind his attempted brand theft.
Is secured with Comodo.
> From a legal standpoint (ISRG) should have trademarked this when they started using it publicly in November of 2014. There negligence to have done so is why this debate is happening. Then they want to cry foul because of their failure to follow the simplest of product protections. Registering your trademarks. The one who is in possession of the registered trademark is the owner, and that is the law.
That is just deeply, totally, entirely wrong as far as the USA goes. I'm going to give this person the benefit of the doubt and just assume there's some i18n misunderstanding going on here, but in the USA, registration is a formality that's simply not required to afford trademark protection.