back to article Let's Encrypt won its Comodo trademark battle – but now fan tools must rename

Popular Bash shell script LetsEncrypt.sh, which is used to manage free SSL/TLS certificates from the Let's Encrypt project, has renamed this week to avoid a trademark row. This comes in the wake of Let's Encrypt successfully fending off Comodo, which tried to cynically snatch "Let's Encrypt" for itself. LetsEncrypt.sh, …

  1. Anonymous Coward
    Anonymous Coward

    Wow

    This makes sense ---- as I understand it, unless they object to others using the trademark, it would make their defence of it against chancers like Comodo look arbitrary (and therefore less likely to succeed, leading to loss of the mark).

    Last thing I expected on a Sunday morning was a bit of good news about good decisions being made in a good natured way about worthwhile IP; it's really brightened my day.

    1. Paul Shirley

      Re: Wow

      I wonder if they even considered licencing the trademark under non transferable terms before taking the nuclear option? Defending does not automatically mean shutting down.

      1. frank ly

        @Paul Shirley Re: Wow

        That sounds like a logical and reasonable idea but it would add a layer of legal and administrative complexity to their activities and operations. Also, IANAL but it might give Comodo a chance to demand a licence on equivalent terms and then tie them up in costly legal action if they say no. Better to keep things simple.

        1. JeffyPoooh
          Pint

          Re: @Paul Shirley Wow

          Then make it a three month duration, non-transferable, etc. license.

          Time enough to notify and adjust the now-'Dehydrated' software for a painless transition, and too short to give those pond scum time to do anything else nasty.

          They could even match up a donation to a supposed license fee. Zero net.

          Optimum solutions are often only imperceptibly more complex than sub-optimal ones.

        2. Paul Shirley

          Re: @Paul Shirley Wow

          IANAL but it might give Comodo a chance to demand a licence on equivalent terms

          Trademark law is explicitly discriminatory in favour of the IP holder with no way to force issue of a licence against their will unless they signed up for something like FRAND in standards licencing or other similar binding commitment. It's purpose is to prevent competitors doing what Comodo tried. Comodo would not have a cause of action to get a trial afaik. In fact they only got this far because LetsEncrypt had not been trademarked, they would have hit a stone wall right away.

          Legal costs are a problem but I'd argue a suitably restrictive standard licence would be both unusable by competitors and a visible sign they were protecting the trademark for the courts.

        3. Just Enough

          Re: @Paul Shirley Wow

          " IANAL but it might give Comodo a chance to demand a licence on equivalent terms"

          An organisation can pick and choose who it does business with. They can't be forced to licence something to a company if they don't want to, and certainly don't have to grant equivalent terms to different companies. And they don't even have to justify their decision.

          I suppose there might be exceptions in cases of monopolies, but that's not the case here.

          I also doubt that Comodo would be interested in doing this anyway.

      2. Sloppy Crapmonster

        Re: Wow

        You clearly didn't read the article.

    2. Bob Vistakin
      Big Brother

      Let's boycott

      Comodo

      I only have 2 of their certs left now, registered last year before their Apple style delusions of grandeur kicked in. Until they expire that is, then they are no more.

    3. katrinab Silver badge

      Re: Wow

      They could grant a licence to use the trademark for $1.

  2. This post has been deleted by its author

    1. Will Godfrey Silver badge
      Happy

      Re: Big Business in the US (fails to) fuck the little guy

      FTFY

      1. 9Rune5

        Re: Big Business in the US (fails to) fuck the little guy

        I am not sure I agree with "fails to". Dragging them to court and make them waste valuable time defending themselves there is hardly a "fail" if your intent is to fsck with them.

        That said, I may have bought (or been complicit in doing so) some comodo certificates in the past. I deeply regret having done that and I will not repeat this mistake. Please accept this as my public apology.

    2. Anonymous Coward
      Anonymous Coward

      wow! Rainbow Sparkles is a commentard too!

      Here on boring old Planet Earth the arseholes are *always* in charge - anybody at the topic of the political or civil greasy pole has alternately kissed arses and stabbed backs for years.

      How does it work in My Little Pony land?

  3. Milton

    Thumbs up for LetsEncrypt

    I began using LetsEncrypt only recently, setting up a new *ix server for the first time in some years. It's an absolute no-brainer to use free certificates, especially when you see what paid suppliers charge. Setup wasn't difficult and now it takes care of itself with little input required.

    I was delighted to see LetsEncrypt win the dispute with Comodo, considering it was entirely artificial and concocted by the latter as nothing more than a cynical spoiler motivated by greed. (It's hard to imagine how some of these corporate lice manage to look at themselves in a mirror.)

    If you're still paying for certificates, you're just wasting money on corporations who manifestly do not deserve a penny of it.

    1. John Sanders
      Linux

      Re: Thumbs up for LetsEncrypt

      >>considering it was entirely artificial and concocted by the latter as nothing more than a cynical spoiler motivated by greed.

      Well so far most commercial CA's have enjoyed a free money-printing machine, they weren't going to take this lightly.

      I have been using my own CA for ~15 years now, "as I trust myself", never gave a penny to the likes of Comodo, Verisign, Symantec et all.

      I'm really glad about the whole let's encrypt enterprise, the entire commercial CA model is a scam of planetary proportions.

  4. Woodgie

    I'm glad

    Let's Encrypt is a superb service. And one which is very necessary to help drive a more secure web.

    I realise SSL in and of itself is not an overriding solution to web security but it is a linchpin. For a company to FREELY offer a way for you to add this layer of security to your websites is a big deal. At the least it removes the "I can't afford it" excuse.

    It's young, yes and as such can be a bit labour intensive to set up but is actually very simple to implement, even on semi-unsupported platforms such as macOS.

    So I echo the authors's sentiments; I use it and you should too.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm glad

      Encryption *alone* is *not* security but people are being trained to believe it. It's just very much alike security through obscurity. As long as you have no way to identify the real source.

      1. Woodgie

        Re: I'm glad

        You appear to have misunderstood all the words contained within the phrase "...I realise SSL in and of itself is not an overriding solution to web security..."

      2. Kiwi
        Holmes

        Re: I'm glad

        Encryption *alone* is *not* security but people are being trained to believe it.

        That's like claiming people are being trained to believe that curtains are security.

        The idea is to aid privacy, ie not letting all and sundry see what you're doing on the net - or any one else for that matter.

        (I have a grotesque body to hide, and I also have things in my browsing habits that you could shout to the world for all I care, no issue - BUT that doesn't mean I want someone looking over my shoulder while I read said pages!)

  5. G2
    Thumb Up

    defend? yes, but don't exaggerate... you won't lose a registered mark that easy.

    i think that Comodo's actions were most likely an aggressive move to prevent ISRG from obtaining a REGISTERED trademark but once that the registration is finalized, if your lawyer keeps saying that you "MUST" aggressively enforce a trademark or you lose it then that lawyer is probably only saying this because they expect a fat paycheck for their "enforcement" actions and in the process they're gravely misleading you.

    you must actively use it, yes, and in this case imho ISRG/Let's Encrypt did the right thing, they sent a very polite letter about the potential name confusion and that was it.

    The point of a trademark is NOT to prevent someone from the other side of the planet to make the same product but to avoid customer confusion as to which company made which product. You can make related products as long as you don't cause customer confusion about the product or origins of the product. Trademark and copyright have different purposes.

    In this case, as far as USA trademark law is concerned, LetsEncrypt.sh did not have to rename, they only had to provide a very visible notice that they are just a community-made site and not directly related to ISRG/Let's Encrypt. They just chose the rename option to make their product to stand out more.

    for example: https://acme.com/catalog/

    is obviously a humour site and they even have a notice that they are not related to Warner Bros. (That note mixes trademark with copyright concepts, but even so it still serves its information purpose.)

    Additionally, the mark-dilution provisions in the trademark law are currently under review because many view them as an unconstitutional restriction on the First Amendment:

    https://www.techdirt.com/articles/20160828/22000835373/louis-vuittons-inability-to-take-joke-opens-up-chance-to-fix-our-broken-trademark-laws.shtml

    Finally, as LetsEncrypt.sh is from Germany and using a TLD under British Overseas Territories jurisdiction, the USA trademark law doesn't apply here, only international trademark-related treaties can be applied in this case.

    1. Robert Carnegie Silver badge

      "Acme"

      "Acme" is a Greek word meaning roughly "utmost" or "best". As a real product trademark it may have been used by companies wanting an impressive name from Victorian times down to the present, when you can buy "Acme Writing Tools" (e.g. pencils) and a Chinese "Acme" Sewing Machine.

      (Likewise, you can buy a "Volcano" camping stove online today. You put wood in and set fire to it, and it does not literally produce a volcano. It is just hot, and you can use it to cook food. But really the name is ridiculous exaggeration. But if you've never heard of us, then we need to sound impressive, or at least ambitious.)

      These are some of perhaps many different businesses over time using "Acme" for their product, so the cartoons weren't portraying one real producer accidentally or deliberately, unless it was also a real product. Also, there only should be a problem (but don't count on this) if the product is unsatisfactory in itself, as opposed to Wiley Coyote shooting himself in the foot with it due to his own foolishness. I think this used to go either way, objectively. I would accuse him of not following assembly instructions but I think he used to do that carefully, after the first few times.

      I am aware that a possible acronym of "A Company that Makes Everything" is "ACME", but I think that may have come later.

      It is not far from a company that sells everything, or nearly everything, and may put its own name on a lot of it - such as Sears (if they did that in their catalog) or Walmart.

      1. x 7

        Re: "Acme"

        I have two whistles made by ACME, both dating from around 1910. One a police whistle, the other I believe an army officers. Both toured Germany (as football ref's whistles) with my father during WWII as he progressed from the D-Day beaches to north Germany.

        I believe ACME are still in business, still making whistles

  6. Anonymous Coward
    Anonymous Coward

    maybe I'm blind but how is comodo the bad guy here ? They wrote the guy a letter instead of just going to court.

    1. G2

      you're confusing Comodo with Let's Encrypt/ ISRG

      they are completely different companies. Comodo tried a trademark hijack by filing the trademark registration papers first. (i think the most appropriate analogy here is "domain squatter" - Comodo tried to register a name first and then their probable intention was to sell the rights to the name much higher.)

      1. Roland6 Silver badge

        @G2 - The AC is right!

        Whilst there was a court case between Let's Encrypt and Comodo, it has practically zero to do with the content of the article; namely Let's Encrypt. Who stupidly, in my opinion, are going after their project's fan base and rather than rewarding them with a lock-in agreement (ie. LetsEncrypt.sh can only be a wrapper for Let's Encrypt) has instead been getting them to change their product names etc.

        I suggest that if businesses such as "Adblock" and "Adblock Plus" can co-exist, I see no problem with Let's Encrypt and LetsEncrypt.sh. But perhaps Let's Encrypt have just received a rather large injection of VC and are now busily destroying the brand and goodwill so carefully built up by the project's fans...

        1. Anonymous Coward
          Anonymous Coward

          I'd never heard of LetsEncrypt.sh until now

          If I went to LetsEncrypt.sh, saw a load of code for Let's Encrypt stuff, I would think it was a genuine subset of Let's Encrypt.

          And if you note it was a polite letter, not a lawyer driven cease and desist nastygram.

          It may of gone along the lines off...

          "Hey we love the work you're doing, but we are getting some people getting confused thinking your work is an official part of Let's Encrypt. Any chance you could rename it when you get chance, it would be really appreciated.

          Thanks"

          1. Roland6 Silver badge

            If I went to LetsEncrypt.sh, saw a load of code for Let's Encrypt stuff, I would think it was a genuine subset of Let's Encrypt.

            I suggest you acquaint yourself with GitHub...

            However, Let's Encrypt chief Josh Aas, does have a valid point, which probably reflects his primary interest, namely: "we use (ACME) an open protocol that we're encouraging other certificate authorities to adopt, and when that happens we want it to be clear that ACME clients can be used with CAs besides Let's Encrypt."

            Thus he is wanting projects such as LetsEncrypt.sh and the Let's Encrypt Client, to name only two of several similarly named projects to promote their status as general ACME Clients, rather than Let's Encrypt specific clients, thus helping to promote ACME as an open protocol, rather than an open protocol with "Let's Encrypt" proprietary elements.

        2. x 7

          "I suggest that if businesses such as "Adblock" and "Adblock Plus" can co-exist,"

          They don't co-exist, they're now owned by the same company after some alleged legal shennanigans encouraged one to sell out............

          1. Roland6 Silver badge

            @x 7 "They don't co-exist, they're now allegedly owned by the same company"

            Yes I know of the 'rumour' put about last autumn, but note that as yet there has been no confirmation of the rumour that Eyeo GmbH own or have a controlling interest in Adblock. Maybe we will hear more in the coming months, following the first anniversary of the sale of the company owning Adblock to an anonymous buyer in October...

            But given both products existed independently in the market from 2009 to 2015 without them throwing sue balls at each other...

  7. Sitaram Chamarty

    doesn't make sense

    They could have licensed it to the other party. I run a small project called "gitolite" which has just such a licence from the SFC, which owns the "git" trademark. It's free and it's only purpose is to protect their trademark.

    1. John Crisp

      Re: doesn't make sense

      I agree... it's nuts, and been a pain to rename everything.

      Clearly I'll have to rename feckFacebook.sh and screwGoogle.pl :-)

  8. petef

    AFAIK Comodo is the only company other than Microsoft offering an antivirus product that is free for commercial use. (ClamAV does not do on-access.)

    1. G2

      comodo the CA is a different branch of the company that has the antivirus...

      btw, avast also has an antivirus free for commercial use.... requires an online connection though but it's free. (i think the online bit is to avoid it being used on isolated corporate networks without purchasing the full business version),

    2. Vic

      (ClamAV does not do on-access.)

      It does on Linux.

      Vic.

    3. x 7

      "AFAIK Comodo is the only company other than Microsoft offering an antivirus product that is free for commercial use"

      Thats because its crap, has back doors, puts unwanted adverts and certs on the PC and doesn't work anyway.

      1. Anonymous Coward
        Anonymous Coward

        MSE if you're using it commercially is restricted to 10 seats. And I think you can't use it if you're a government organisation or something like that.

  9. Fruit and Nutcase Silver badge
    Pint

    Dragon Slayer

    Well done.

    (Komodo Dragon)

  10. Adam 1

    > Full disclosure: This article's author uses Let's Encrypt to provide HTTPS encryption for his personal websites. And you should use it too.

    Do you use it on the comments pages for your personal websites too? That would seem to be a good fit if for some reason you found yourself running a popular comments page on your websites.

    1. Dan 55 Silver badge
      Happy

      Maybe El Reg should hire the author to do some work for them.

      1. Anonymous Coward
        Black Helicopters

        Don't be silly, we all know The Reg is a front for the Five Eyes, adding certs means they have to pass the data on, rather than allow free access.

  11. User McUser
    Go

    Salad Days

    If it were me, I'd have renamed it to "lettuce_encrypt.sh".

  12. Anonymous Coward
    Anonymous Coward

    As pointed out already

    "I did ask [Lukas Schauer] to change the name," Let's Encrypt chief Josh Aas confirmed to The Register this week.

    "It's something we need to do in order to protect our trademarks and avoid creating confusion as to where the software comes from

    By that standard, McDonald's should be suing all their franchisees, and Coca-Cola all their local bottling plants.

    As others have said, they could have licenced the name to the guy, that would have been in everyone's interest. But I guess lawyers will be lawyers.

    1. Anonymous Coward
      Anonymous Coward

      Re: As pointed out already

      Or they could have just bought the script off him and use it to replace their idiotic official solution (which insists on asking for root, unlike the script).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like