back to article Lettuce Encrypt, Encrypt We Must: Hobby projects change name after Let's Encrypt fires off trademark complaints

An open-source project for automating the installation of free Let's Encrypt certificates for websites built with Microsoft's ASP.NET Core framework was forced to change its name after a trademark complaint from the Internet Security Research Group (ISRG). ISRG is nonprofit sponsored by numerous companies including the …

  1. Steve Foster

    US "defend your rights" Requirement?

    Is the ISRG based in the US? Doesn't the US have some requirements for folks to "defend-it-or-lose-it" on various IP "rights"?

    1. Zippy´s Sausage Factory

      Re: US "defend your rights" Requirement?

      I believe it does, which is probably their driving force here, I would assume.

      1. Arthur the cat Silver badge

        Re: US "defend your rights" Requirement?

        Added to which we don't want crooks and scammers to be able to use the name to con people.

    2. Anonymous Coward
      Anonymous Coward

      Re: US "defend your rights" Requirement?

      Not only the US as far as I know. Trademarks are everywhere "defend or lose".

      It's different from copyright, which you can't lose.

  2. iron Silver badge

    > Kestrel is the default ASP.NET web server.

    No it isn't. Kestrel is the default web server for ASP.Net Core.

    1. Falmari Silver badge

      I didn't know that I thought they would be the same

      1. chuBb.

        not until .net 5 reharmonises everything (or fractures everything)

  3. Doctor Syntax Silver badge

    I suppose there could be a spoofing problem - if a project has LetsEncrypt in its name it might be trusted without further investigation by the unwary and then go on to load something untrustworthy with LetsEncrypt then catching the blame. So, yes, I can see why they would take that line.

  4. TeeCee Gold badge

    "Heavy-handed or..."

    Of course not! They have to protect their trademark or others could leech off it and severely dent their profit margin.

    ISRG is nonprofit.... Oh. Right. Just heavy-handed then.

    1. J. Cook Silver badge

      Re: "Heavy-handed or..."

      I was wondering where my neutronium gloves got carted off to...

  5. Stuart 22

    Almost all the internet belongs to me (and not Montenegro)

    At primary school I once left off the final letter of 'come' in an essay. Does this mean i can now claim copyright theft by ICANN's leading registry?

  6. Anonymous Coward

    The key takeaway

    While ISRG needs to defend their trademark, the key to the article is that there are still developers with a sense of absurdist humor.

    A pint for Nate McMaster. St. Terry Pratchett would be proud.

    1. Teiwaz

      Re: The key takeaway

      a sense of absurdist humor.

      'lettuce encrypt' isn't that absurd - it makes a certain amount of sense

      calling it 'fruit and cheese trombone' would be absurdist.

      1. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    I sort of get the logic of the "use it or lose it" copyright setup. If patents worked like this, we might have fewer patent trolls. What I don't get is: if someone like lettuce encrypt didn't want to smack around a hobby project, couldn't they just license the name usage for $1/year? That would allow for strict guardrails on usage (in this case, maybe ensuring verbiage on the hobby project differentiates the two) and still demonstrates that they're protecting their mark.

    Not sure how many IP attorneys are in the commentariat...

    1. Richard 12 Silver badge

      They could

      If there does have to be a 'consideration' they could also permit usage for $1 per thousand years, or in perpetuity. I'm not sure whether trademark usage requires a consideration, as it's not a service, good or a title.

      Trademark lawyers never seem to suggest that approach though. Anyone know why?

    2. Mike007

      I don't believe there would be any requirement to have any financial payment in this case as it is more about the requirement to take action against unauthorised uses, however it would still require that they decide if a project is authorised or not.

      If they grant a general license allowing anyone to use the trademark as long as they meet certain criteria then it would still probably allow them to take action against people not meeting that criteria, but what do you specify for the criteria? Come up with a list of criteria and I will give you an example of something that technically meets the criteria but isn't someone you want using your branding! That person now has a license that presumably will be difficult to revoke just because someone decided to change the wording used for newly issued licenses...

      You could put in place an application process where projects can request permission to use the trademark, but you are going to want to do some amount of research in to every application before you risk granting them individualised specific permission to associate themselves as having been officially endorsed by you...

      Easier just to tell people to use the name of the protocol they support rather than the name of a specific provider, especially if your organisation is supposed to be encouraging adoption of the standard rather than the use of your particular deployment.


    Can you dehydrate lettuce?

    1. This post has been deleted by its author

  9. Anonymous Coward
    Anonymous Coward

    Why not just call it "Cabbage Encrypt" ?

    Does Innuendo breach Trademarks?

  10. don't you hate it when you lose your account

    All played fair

    Lets offer an excellent service and really is plug and sleep on Linux. Their approach to these issues is legal and fair. Those involved understand this and fully complied with a grin. Adults all round and a great rename

  11. Anonymous Coward
    Anonymous Coward

    Try the desktop app

    Certify The Web is the way to go if you're running a windows server. You just install it on the web server and tell it which website to generate a certificate for, then takes care of auto renewals. It's a full UI, none of that command line nonsense ;) They just added support for BuyPass Go, as well which is also free and has 180 day certificates.

    1. Lunatic Looking For Asylum

      Re: Try the desktop app

      Which is a front end to letsencrypt and buypassgo...

    2. katrinab Silver badge
      Thumb Up

      Re: Try the desktop app

      You can also add post-install powershell scripts to cover services other than IIS that need certificates.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like