Comodo, known as one of the world's largest SSL providers, earned the ire of security and privacy advocates this week after the security firm was revealed to have filed trademark registrations for the term let's encrypt, which happens to be the name of a nonprofit that offers SSL certificates for free.
Let's Encrypt, the organization stated by the Internet Security Research Group (ISRG), and has helped millions of websites implement SSL since it was founded in 2014. On Thursday, ISRG's Executive Director, Josh Aas, said Comodo had filed three trademark applications for a number of CA-related services using the term let's encrypt.
"These trademark applications were filed long after the Internet Security Research Group (ISRG) started using the name Let’s Encrypt publicly in November of 2014, and despite the fact Comodo’s 'intent to use' trademark filings acknowledge that it has never used 'Let’s Encrypt' as a brand," Aas said in a blog post.
The post goes on to state that since March of this year, Let's Encrypt has repeatedly asked Comodo to abandon their applications, but the SSL vendor refused.
"If necessary, we will vigorously defend the Let’s Encrypt brand we’ve worked so hard to build," Aas added.
When the public turned to Comodo for explanations, venting their frustrations on the company forums, Comodo's CEO, Melih Abdulhayoglu, stood firm and suggested that these types of disputes should be settled in the court and not over a forum post or Twitter.
Abdulhayoglu, then went on to accuse Let's Encrypt of copying Comodo's business model of offering free 90-day SSL certificates.
"We invented the 90-day free SSL. Why are they copying our business model of 90-day free SSL is the question! Comodo has provided and built a Free SSL model that give SSL for free for 90 days since 2007! Trying to piggyback on our business model and copying our model of giving certificates for 90 days for free is not ethical," he wrote.
In another part of the thread, Abdulhayoglu pointed out that Let's Encrypt certificates had been used by criminals, and that Let's Encrypt was lacking when it came to management.
The irony within those claims is that Comodo certificates have also been abused by those with less than honest intentions, including a group of criminals that successfully scammed millions from Russian banks earlier this year. This is on top of other Comodo security problems, including the GeekBuddy support tool and the Chromodo browser.
However, the war over trademarks ended Friday afternoon.
A Comodo staffer, Robin Alden, said that the company had abandoned their let's encrypt trademarks.
"Comodo has filed for express abandonment of the trademark applications at this time instead of waiting and allowing them to lapse. Following collaboration between Let's Encrypt and Comodo, the trademark issue is now resolved and behind us and we'd like to thank the Let's Encrypt team for helping to bring it to a resolution."
Salted Hash reached out to Let's Encrypt to confirm Comodo's claims.
In a statement, Let's Encrypt confirmed that Comodo filed requests "for express abandonment of all three trademark applications that include the Let's Encrypt name."
[Edited at 11:41pm EST on June 24 to include a statement from Let's Encrypt.]