The DigiNotar breach had far bigger implications than Comodo's breach since it allowed the attacker to spoof of several Google domains and spy on the communications of millions of Google users. The incident also gave rise to the Google-backed Certificate Transparency initiative, which monitors for mis-issued certificates.
The spotlight on weaknesses in the system that users and internet firms rely on for conveying trustworthiness on the internet also changed its economics. Shortly after Let's Encrypt launched, Symantec also started offering free digital certificates, seemingly ending the decades-long business model of charging websites for enabling secure connections.
While Let's Encrypt has backers with deep pockets, Aas says the organisation doesn't have a huge budget to fight lengthy legal battles. Nonetheless, he says it will dig in if Comodo doesn't back down.
"If necessary, we will vigorously defend the Let's Encrypt brand we've worked so hard to build. That said, our organization has limited resources and a protracted dispute with Comodo regarding its improper registration of our trademarks would significantly and unnecessarily distract both organizations from the core mission they should share: creating a more secure and privacy-respecting Web. We urge Comodo to do the right thing and abandon its "Let's Encrypt" trademark applications so we can focus all of our energy on improving the Web."
Source: CSO Australia
Sign up for MIS Asia eNewsletters.