Let’s Encrypt vows to fight Comodo over its ‘Let’s Encrypt’ trademark attempt

Free digital certificate authority Let’s Encrypt says it ready for a long battle if security firm Comodo doesn’t quit pursuing trademark applications containing the ‘Let’s Encrypt’ name.

Comodo says it’s mission is to “create trust online”, but the security firm and digital certificate vendor may have done exactly the opposite by filing three trademark applications with the USPTO containing ‘Let’s Encrypt’.

Let’s Encrypt is a certificate authority (CA) that provides free digital certificates to websites and has over the past year upended the paid-for digital certificate industry that has been dominated by Symantec, GoDaddy, and to a lesser extent Comodo.

The CA, which is run by the Internet Security Research Group (ISRG), say its efforts to convince Comodo to pull the plug on the applications have so far failed.

“Since March of 2016 we have repeatedly asked Comodo to abandon their “Let’s Encrypt” applications, directly and through our attorneys, but they have refused to do so.

We are clearly the first and senior user of “Let’s Encrypt” in relation to Internet security, including SSL/TLS certificates – both in terms of length of use and in terms of the widespread public association of that brand with our organization,” wrote ISRG’s executive director Josh Aas in a blog post on Thursday.

Filings with USPTO show that Comodo applied for “Let’s Encrypt”, “Comodo Let’s Encrypt”, and “Let’s Encrypt with Comodo” in October 2015.

Let’s Encrypt officially launched in April 2016 but started using the name publicly in November 2014. The free CA is backed by Akamai, Mozilla, Cisco, EFF, and Facebook.

Let's Encrypt is aiming to boost the adoption of HTTPS on websites to ensure connections on the web are secure and encrypted. It reported this week that it had issued five million certificates covering seven million domains, up from zero since it launched in December and one million in March.

Comodo appears to be blocking requests for information about its Let’s Encrypt trademark applications. According to one developer, Comodo’s email server has been configured to reject any email with the Let’s Encrypt URL.

CSO Australia’s attempt to send a request for comment to Comodo’s press and sales email accounts about the Let’s Encrypt appeal was returned with a message: “554 Rejected: mail contains virus".

Comodo's name as a CA was tarnished by the so-called “Comodo hacker”, who in 2011 claimed to have breached Comodo and later claimed responsibility for breaching DigiNotar, a Dutch CA.

The DigiNotar breach had far bigger implications than Comodo’s breach since it allowed the attacker to spoof of several Google domains and spy on the communications of millions of Google users. The incident also gave rise to the Google-backed Certificate Transparency initiative, which monitors for mis-issued certificates.

The spotlight on weaknesses in the system that users and internet firms rely on for conveying trustworthiness on the internet also changed its economics. Shortly after Let’s Encrypt launched, Symantec also started offering free digital certificates, seemingly ending the decades-long business model of charging websites for enabling secure connections.

While Let’s Encrypt has backers with deep pockets, Aas says the organisation doesn’t have a huge budget to fight lengthy legal battles. Nonetheless, he says it will dig in if Comodo doesn’t back down.

“If necessary, we will vigorously defend the Let’s Encrypt brand we’ve worked so hard to build. That said, our organization has limited resources and a protracted dispute with Comodo regarding its improper registration of our trademarks would significantly and unnecessarily distract both organizations from the core mission they should share: creating a more secure and privacy-respecting Web. We urge Comodo to do the right thing and abandon its “Let’s Encrypt” trademark applications so we can focus all of our energy on improving the Web.”

Join the CSO newsletter!

Error: Please check your email address.

Tags ComodoLet’s EncryptEFFciscocertificate authority (CA)CSO AustraliamozillaFacebookencryptakamai

More about CiscoComodoCSOEFFFacebookGoDaddyGoogleMozillaSymantecUSPTO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place