Since 2014 the nonprofit Internet Security Research Group (ISRG) has led a laudable effort called "Let's Encrypt" with support from Cisco, EFF, Facebook, Google, Mozilla, and others. Their goal is to make trustworthy digital certificates freely available to any web site operator who wants to offer SSL/TLS security to their users, making the Internet safer for all of us.
Yesterday ISRG announced that Comodo Group is attempting to trademark "Let's Encrypt". Yes, the same Comodo that became infamous in 2011 when its registration authorities were reportedly hacked to obtain phake digital certificates.
ISRG's "Lets Encrypt" initiative threatens Comodo's main revenue stream. Trademarking "Let's Encrypt" looks like an intimidation play. Yes, ISRG should have trademarked it first, but that's water under the bridge. No one besides ISRG has a legitimate claim to register "Let's Encrypt" because no one else (including Comodo) is publicly doing business under that mark.
If this concerns you, send an email to the USPTO and let them know. Here's the message Taproot Security sent today:
USPTO Trademark Office
To whom it concerns,
We write to express concern about pending trademark applications submitted by Comodo Group Inc for business marks “Let’s Encrypt” ,”Let’s Encrypt with Comodo” , and “Comodo Let’s Encrypt” (case #s 86790719, 86790812, 86790789 respectively).
“Let’s Encrypt” has been used by the non-profit Internet Security Research Group (ISRG) since November 2014. See specimen at https://letsencrypt.org/
Comodo has no such specimen to offer because it has never done business under the “Let’s Encrypt” mark. We fear Comodo’s sole reason for seeking these trademarks may be to intimidate or interfere with the ISRG.
Taproot Security is an independent firm advising policymakers and industry on cybersecurity issues. We have no association with ISRG or Comodo.
UPDATE 7/7/2016: Today Taproot Security received a private response to the above letter from the US Trademark Office. The USPTO confirmed that "on June 27, 2016 a notice of express abandonment was mailed for each of the application(s)" from Comodo. In effect, Comodo backed down under public pressure and withdrew all 3 trademark requests. USPTO told me "the application will no longer move forward in the registration process". Thanks again to everyone who helped make this happen!
Michael McCormick is in information security consultant, researcher, and founder of Taproot Security.