One a separate note, since we are talking about protecting intellectual property, there is no law protecting business models. When Lets Encrypt copied Comodo's 90 day free ssl business model, we could not protect it. Lets encrypt could have chosen 57 days, 30 days or any other number for the lifetime of their certificates. But they chose to use Comodo's 90 day Free SSL model that we established in the market place for over 9 years!!! We invented the 90 day free ssl. Why are they copying our business model of 90 day free ssl is the question! Comodo has provided and built a Free SSL model that give SSL for free for 90 days since 2007! Trying to piggy back on our business model and copying our model of giving certificates for 90 days for free is not ethical. They clearly wanted to leverage the market of Free SSL users we had helped create and establish and that's why they created exactly same 90 day free ssl offering. So why did they choose 90 day?
? That is the question!
What they have is nothing new. We have been giving 90 day free certificates since 2007. Unlike them, our certificates are managed, even the free ones, so that consumers are protected. If a certificate is being used maliciously we revoke it. They don't! How is that making internet safer??? Actually consumer are less safe with their certificate because if it is used maliciously they don't revoke (Unmanaged)!
sorry but no.
https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-certificate.phpreading about your "free" SSL cert is is quote on quote: "limited to one issuance per domain", in other words it's nothing more than a trial to get customers to buy your certs.
"Ninety days is nothing new on the Web. According to Firefox Telemetry, 29% of TLS transactions use ninety-day certificates. That’s more than any other lifetime"
so whose certs are these? Of course Comodo's!!! So they are admitting they are copying our innovation of 90 day free ssl certs!
sorry but this is absurd, do you have proof for that?
unless your cloudflare certs are running 90 days this number is something that cannot be believed, because the "free" certs, as as I'd rather call them, TRIAL certs or test or demo certs, whatever, can only be used once so you cannot get a high percentage of your trial certs in the statistics in the long run.
somebody could say you have taken the business model of common shareware but tripling the usually 30 days testing period to 90 because it's more practical with webservers.
by the way google also uses 3 months, and they might probably take a much larger chunk of the 39% than you guys because google is everywhere, there's youtube, google analytics etc.
you might have had 90 day certs longer but yours was just a trial, while Google was one of the players who made it popular.
unlike you guys LE is making the certs REALLY free, meaning you can renew them and so on.
I do agree that they should be revoked but then again take a read at this:
many browsers have a SOFTfail for the certificate revocation checks, UNLESS an EV cert is used, meaning if the revocation server cannot be reached , the site will still load, in comparison EV has hard fail, meaning that the site will NOT be loaded and you cannot get around it.
also mobile browsers tend to take this to an even higher extreme not checking revocation of non-EVs in the very first place.
and before you (or anyone) says that you'd rather ave everyone buy an EV cert I have another piece of text.
1) EVs are hard to get, you have a lot of paperwork and may also need to have a source for their registration by a non-gov source as Dun & Bradstreet where they also need to register.
2) EVs are expensive. EVs cost a lot of money. I can understand that there is quire a verification but not everyone needs an EV.
3) EVs arent available for everyone. most importantly, I could throw as much money as I want, as an individual (normal person) I couldnt get an EV no matter how much you would want me to buy one.