oh that hurts, really.
Check out http://www.groklaw.net/ for the whole story (there’s some other stuff there too, but it’s primarily about the SCO case).
Former stalking horse for Microsoft (tried, and failed to crush a large Open Source project), often nominated as the most hated man in technology. Ex-missionary who “had a package of worms mailed to his home, prompting him to carry a firearm and to employ multiple bodyguards.”
Trademark and Copyright are completely separate.
Trademark rights can also be created and retained with an “intent to use” for a ridiculously, without ever actually using them.
Comodo would probably lose in this situation, but they could have won the rights. Without a doubt, they acted horribly and were trying to steal the value in the marks and/or penalize ISRG.
I am not a lawyer, but was tied up in a somewhat similar case: My company used a mark for an open source project, over a year later a big tech company created a competing product under a substantially identical name, we filed a petition with the USPTO, they offloaded the IP to a 501c3 they controlled, and there were 3 years of negotiations.
What would have happened to LetsEncrypt is this:
• If the USPTO approves the application for the primary registry, they publish a notice of allowance giving the ISRG a window of several months to file a petition to oppose with the TTAB (trademark trial and appeal board). (if it goes to the supplemental registry, then you file a petition to cancel). Until the application is approved, there is nothing ISRG can do but check USPTO records daily to see if the opposition window is open yet.
• The ISRG would note that they have been using “Lets Encrypt” to identify the project, and have developed common-law trademark rights under the lanham act
• Comodo would counter that ISRG hasn’t been using LetsEncrypt as an identified trademark, and therefore did not claim common law rights (eg by stating it as a trademark, or following it with the TM superscript). They also would have broken down each of ISRG’s offerings by date, and noting which ones were launched before or after Comodo’s filing date.
It would have been a clear case if we always saw a TM or https://letsencrypt.org/trademarks existed before that application was filed… but it didn’t. There is a chance that the TTAB could have ruled in Comodo’s favor - IIRC, on the date of their application LetsEncrypt was largely a placeholder page for a forthcoming registry and had only joined the root programs, it hadn’t begun offering certificates yet. Comodo could have argued that ISRG wasn’t using the mark in specific tradekar classes and won.
What Comodo did was terrible and sleazy, but possibly legal and commonplace. Companies try to steal trademarks from one another like this often Canceling their applications was somewhat admirable, even if forced by PR. They could have cost ISRG a lot of time and money battling this, and the marks were definitely at some amount of risk.
this should be forbidden, seriously, give them a grace period of 6 months to a year so they can at least prepare stuff but if it doesnt get used by then, just drop it.
but seriously there should be a concept of prior art, prior use or similar and it SHOULD be made impossible for such a thing to happen.
according to here:
the filing date of this thing was 16th october 2015.
the first public announce of this project was on 18th November 2014
and on 14th Spetember 2015, the very first piblic LE cert (for helloworld) was issued.
while I dont know whether this first announcement already should block it, certainly the part that they were already doing stuff with it (cross cert, first leaf cert) theis should have been a safe play for LE and comodo’s application should have been blown for this in my opinion.
the problem is that copyright, trademark and patent law are just a godawful mess and what makes it worse is that stuff depends on country, which diesnt make it much cleaner
What I don’t get is given Comodo’s past shady history and continuing now with this blatant disgraceful lack of integrity act of deception (all my opinion).
Why is Comodo still in business?
Why is Comodo still a CA?
Why would anyone do business with them?
I just don’t get it. Or maybe I do but just can’t believe it.
Relatively, they still have the best value in terms of price for paid ssl certificates compared to other paid offerings. Ultimately, the majority of folks are guided by their budget, price and relative ease of use/access to specific ssl certificates.
SEEMS, not SEAMS would be proper English