by LukeB_UK on 6/23/16, 9:56 PM with 81 comments
by markbao on 6/23/16, 10:32 PM
Sibling comments have brought up some good points about the baseless claims in this post. The CEO also quotes this Let's Encrypt blog post on "Why 90 Days":
> "Ninety days is nothing new on the Web. According to Firefox Telemetry, 29% of TLS transactions use ninety-day certificates. That’s more than any other lifetime"
> so whose certs are these? Of course Comodo's!!! So they are admitting they are copying our innovation of 90 day free ssl certs!
So is the CEO saying that 29% of TLS transactions on the web are on sites which use Comodo's 90-day free trial SSL certificates, probably used on sites with the least traffic on the web? That at any one time, 29% of TLS traffic is over an unrenewable 90-day trial cert? Huh, seems implausible for some reason!
----
The post right above is also misinformed as well:
> From a legal standpoint (ISRG) should have trademarked this when they started using it publicly in November of 2014. There negligence to have done so is why this debate is happening. Then they want to cry foul because of their failure to follow the simplest of product protections. Registering your trademarks. The one who is in possession of the registered trademark is the owner, and that is the law.
Correct me if I'm wrong, but "from a legal standpoint," there has to be evidence of use in commerce before a trademark can be registered, and it's crystal clear that Comodo did not use "Let's Encrypt" in commerce, and it's also crystal clear that ISRG did.
by zackboe on 6/23/16, 10:12 PM
I was curious because I had never heard of anyone providing free SSL other than StartSSL before Let's Encrypt (and Amazon).
It's a trial. No free renewals, manual or automatic.
"Free SSL certificates are valid for 90 days and are limited to one issuance per domain."
https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-...
by mythz on 6/24/16, 12:37 AM
He's being disingenuous and intentionally misleading when he's trying to suggest LetsEncrypt stole their 90 day free SSL Cert business model as some kind of justification for his shady behavior of stealing someone else's trademark.
LetsEncrypt offers free SSL Certs forever, their short 90 days lifetimes is for added security of short duration of SSL certificates and to encourage certificate renewal automation. It has absolutely nothing to do with Comodo's freemium business model as he's trying to imply. I'd imagine he's fully aware of LetsEncrypt "always free" certificates since he's trying to steal the brand and goodwill that they've created. So his justification isn't anything more than a disingenuous PR stunt to cloud the issue behind his attempted brand theft.
by kevinsimper on 6/23/16, 10:51 PM
And that the CEO compares 90 days TRIAL to a 90 days unlimited renewals and thinks it is the same is just a sign on how big of a defeat they are facing!
by gregmac on 6/24/16, 2:08 AM
What I don't get is what they hope to achieve? At best, if they were to win, there are two possible outcomes:
1: Let's Encrypt renames itself to something else, and continues issuing certificates.
2: Let's Encrypt folds, and a dozen clones pop up to take its place.
Either way, the simple certificate market still goes to $0.
Whether they win or not, they've managed to piss off the tech community (as in the people that obtain and install SSL certificates). We see this petty and futile move for what it is, and now on top of that, their CEO has shown they are basically at GoDaddy levels of sleazy, and has only reinforced to anyone paying attention to this that they do not want to be doing business with this company.
by mholt on 6/23/16, 10:18 PM
That is not a business model. Besides, Google has been doing that for years now[1]. If this is in the name of justice in defending their business model, they should go after Google too.
Comodo has no innovation here.
> What they have is nothing new. We have been giving 90 day free certificates since 2007.
ACME is entirely new and original. It's even an open protocol, they themselves could implement it and gain a wider customer base! Why let LE be the only ACME CA?
Also their 90-day free certs don't renew for free.
> Actually consumer are less safe with their certificate because if it is used maliciously they don't revoke (Unmanaged)!
Unmanaged but 100% automated, which is 100% more than they can say. Automated processes are more standardized and more quickly executed than manual, managed ones. Also LE has proactively revoked several abused certificates[2] and has NOT broken browser security with bad extensions nor issued fraudulent certificates[3] as Comodo has.
> Lets get the facts right guys! We are the good guys that have been giving free SSL certificates since 2007 and managing them!
Sigh. CAs need to be working together at a time like this, not abusing trust and slinging mud.
Related discussion on LE forums: https://community.letsencrypt.org/t/about-the-defending-our-...
[1]: https://twitter.com/sleevi_/status/746099416864591873
by MichaelGG on 6/23/16, 10:57 PM
If Comodo didn't have such a terrible reputation, I wouldn't believe this to be the actual CEO.
by bllguo on 6/23/16, 10:44 PM
Rarely are self-proclaimed titles worth anything; I don't think this is any exception.
I think it's particularly laughable he calls 90 day Free SSL a business model. Or when he implies making it some other number of days would have been acceptable to him.
by tlrobinson on 6/23/16, 10:53 PM
by Alupis on 6/23/16, 11:59 PM
So, not only is Comodo living in a warped sense of reality, but they are not allowing any discussion to take place on their forums regarding this issue.
The CEO of Comodo likely knows the statements are highly delusional. I speculate they are driven by the intense fear of Let's Encrypt taking off in storm, driving a mass exodus of Comodo's paying customers.
Whether or not that's how reality will play out, I suppose we shall see. Instead of trying to adapt, Comodo's response is to try to squash it before it has a chance.
> We are the good guys
Sure you are...
by LukeB_UK on 6/23/16, 10:01 PM
by kstrauser on 6/24/16, 12:11 AM
Utter jackassery. I'm adding Comodo to my semi-permanent "never-do-business-with" list along with GoDaddy and Best Buy.
by boot13 on 6/24/16, 12:25 AM
by vehementi on 6/23/16, 10:58 PM
by nlh on 6/24/16, 1:13 AM
> From a legal standpoint (ISRG) should have trademarked this when they started using it publicly in November of 2014. There negligence to have done so is why this debate is happening. Then they want to cry foul because of their failure to follow the simplest of product protections. Registering your trademarks. The one who is in possession of the registered trademark is the owner, and that is the law.
That is just deeply, totally, entirely wrong as far as the USA goes. I'm going to give this person the benefit of the doubt and just assume there's some i18n misunderstanding going on here, but in the USA, registration is a formality that's simply not required to afford trademark protection.
by jsmeaton on 6/23/16, 11:28 PM
Despicable.
by gelatocar on 6/24/16, 2:49 AM
by JohnTHaller on 6/23/16, 11:02 PM
I think we should all begin using this on social media. It's a play on their official "Creating Trust Online" tagline.
Maybe #CreatingDistrustOnline or #DistrustComodo
by criddell on 6/23/16, 11:20 PM
by curun1r on 6/24/16, 3:30 AM
What's happening here is basically the legal equivalent of Comodo applying for a certificate for letsencrypt.org and claiming that it's okay because the people behind letsencrypt.org never did.
by vemv on 6/23/16, 10:25 PM
by chj on 6/24/16, 1:47 AM
by yumaikas on 6/24/16, 12:53 AM
by thoman23 on 6/24/16, 3:04 AM
by 8rian on 6/24/16, 12:52 AM
Is secured with Comodo.
by serge2k on 6/23/16, 10:39 PM
Ridiculous argument. Scummy as hell too.
by simbalion on 6/24/16, 2:35 AM
by coderdude on 6/23/16, 10:41 PM