You don’t become a lawyer by osmosis and filing papers. This is why no number of years working in a doctors office that qualifies you as an MD and medical billing specialists don’t get to use scalpels.
“Who is a Prior User?
Under common law, trademark rights within a certain territory are based on priority of use of a mark within that territory. Sometimes a federal registrant is not the first user of a mark in a territory, and that an unregistered prior user may have superior rights, at least in that territory. Determining the rights of the parties in such situations requires a careful evaluation of often complex facts and always complex law.”
“Under Section 7(c) of the Trademark Act, the date of filing an application, whether based on actual use or intent to use, establishes a registrant’s date of “constructive use,” establishing nationwide priority except against a person who began use (or applied for and ultimately obtained registration) of the mark prior to that date. Thus, a “prior user” is a party who began use somewhere or applied for the mark prior to the registrant’s application date.”
“Conclusion
While owning a trademark registration provides many significant benefits, registration by itself does not conclusively establish the owner’s exclusive right to use the mark. Prior users have significant protection under the Trademark Act, and those rights should not be overlooked in any trademark dispute.”
That free wildcard certificates are currently not available doesn’t mean it makes sense to charge for them. And the availability may change at any time. Also, with SAN available, the need for wildcard should be rather small.
As I said in a previous post, I think the choice of ninety days was a compromise, when automatic renewal was not yet available. I even quoted Josh Aas saying “Once automated renewal tools are widely deployed and working well, we may consider even shorter lifetimes.” Just a temporary (Well, that remains to be seen.) compromise. With automatic renewal, certificates’ lifetime has nothing to do with business models, as there is no reason to pay for a longer lifetime when the short lifetime does not cause any extra work (frequent manual renewals).
Everyone,
It looks to me as if some (Not all) members are here just to self promote their knowledge and nothing more.
This along with the slinging match questioning ability, knowledge, education and intellect of each other is way off topic.
To show respect to the Forum Policy and to all members, please stay on topic or don’t waste your time or mine posting.
well SAN is nice and all but one problem of SANs is the obvious problem that the more sans you add the lager the cert gets, and you have to switch the cert every time you want to change the SANs wich might not be needed with wiledards.
also automatic renewal is something where I am a little bit sceptical, mainly because everytime the cert renews, unless the script is absolutely perfect (let’s be ealistic this wont happen) you always should check whether the renewal went as it should, ESPECIALLY when you use HSTS or HPKP, and with longer lifetimes that worry isnt there.
also OCSP stapling is already a thing so for people who are sceptical about manual renewal and rather want longer times they could use Must-staple which also removes the need for the user to check an OCSP server (which doesnt even happen on some mobile browsers)
I never said I was a lawyer, and have had enough of you and this discussion. Like I said earlier in my second post I should have stayed out of it. I’m here on this forum for Comodo Internet Security. That is something I am an expert at and about. So please leave me out of any further posts you may have on this subject. Just so that were clear please read this post twice so we can avoid any unnecessary unpleasantness.
Hi michaelrose,
You obviously haven’t read the Forum Policy properly or choose to ignore it.
Please respect other members wishes when they say to leave them out of any further discussion, or further action will be taken.
That was an unnecessary stab; that’s flaming. You are at the mod’s radar and you’re close to getting the boot. Do not respond to this other than by pm.
by the way even for an EV certificate the basline explicitly states:
2.1.3.
Excluded Purposes
EV Certificates focus only on the identity of the Subject named
in the Certificate, and not on the behavior of the Subject.
As such, an EV Certificate is
not
intended to provide any assurances, or otherwise represent or
warrant:
1 That the Subject named in the EV Certificate is actively engaged in doing business;
2 That the Subject named in the EV Certificate complies with applicable laws;
3 That the Subject named in the EV Certificate is trustworthy, honest, or reputable in its business dealings; or
4 That it is “safe” to do business with the Subject named in the EV Certificate
Hi My1,
I would imagine the double posting to be accidental.
You are appearing to be a very negative judgmental person, this is not the first time you have questioned a Moderator for an issue that doesn’t even involve you.
More to the point, if you have an off topic issue with a Moderator please use the PM function or see the link below and that goes for this post as well. How to appeal against Moderators decisions
There is an ecosystem of great people out there who fight spammers, malware sites etc.
When these people identify these malicious activities, they alert us. Responsible CAs immediatly revoke these certificates after their internal checks. As you will appreciate the time it takes to revoke these are of paramount importance. Every minute passing by, these sites are hurting someone on the internet.
My understanding was that, ISGR when they launched did not have the infrastructure to revoke these certificates in a timely manner. If they have this now, would be great to get some metrics on how quickly they do it (if they do it).
Its pretty much “Instant” with us. We don’t have any patience for any malicious activity. That is why we run 24/7/365 support department. Not sure ISGR does have 24/7/365 support operation to do that?. As you will appreciate even 1 minute of phishing website being online will cause harm to many users on Internet. http://www.ccssforum.org/
Revoking the certificate doesn’t make the site go offline. It’s still accessible over an insecure connection (or a secure one if it gets a new certificate). Isn’t it more urgent to get the domain with fraudulent or malicious content blocked (by Safe Browsing, SmartScreen etc) and taken down, than getting the certificate revoked?
I’m still disappointed that your ceo hasn’t provided a meaningful apology or even admission of wrong doing.
its like a robber was caught red handed robbing your house and while you are live streaming this on YouTube he proclaims, your TV in hand, that the right thing to do is to let the courts decide and stop judging.
Then the robber starts trashing you for having dishes in the sink and complaining that you clearly have the same couch as he does.
Incidently it was highly necessary to demolish the misinformation provided on this thread and difficult to be nice about doing so. When someone leans on false authority to promote disinformation it hurts everyone’s understanding.
When Melih tries to distract and detract from wrong doing it leads me and everyone else to believe that he is dishonest and will given a chance act unethically.
If he is untrustworthy then so is Comodo. If that is hurtful and banning me here makes you feel better then go ahead but it won’t restore your rep or save anyone’s job when business takes a turn for the worse.
Unless you are some divine creature, you can’t speak or think for everyone and especially not me.
You have said your piece, so now it is time to move onto something new and exciting (Its called a life).
The situation was solved outside the courts as was stated at the first page of this topic and in a separate post in this board:
Then the robber starts trashing you for having dishes in the sink and complaining that you clearly have the same couch as he does.
Incidently it was highly necessary to demolish the misinformation provided on this thread and difficult to be nice about doing so. When someone leans on false authority to promote disinformation it hurts everyone’s understanding.
When Melih tries to distract and detract from wrong doing it leads me and everyone else to believe that he is dishonest and will given a chance act unethically.
If he is untrustworthy then so is Comodo. If that is hurtful and banning me here makes you feel better then go ahead but it won’t restore your rep or save anyone’s job when business takes a turn for the worse.
With regards to the latter; I’m shaking and trembling in my boots with fear. And before I forget. Moderators are not Comodo employees. We’re end users like everybody else.
You’re a smart man who knows how to read rules so you must have read the Forum Policy and know where we draw the line.
That is an extremely worrying stance. It is absolutely not the CA’s job to be content-policing, but rather that of hosting providers and client blacklist maintainers (eg. Safe Browsing). The CA does not need to be involved here, and all it does is creating an additional avenue of pressure to harass controversial sites, by removing their ability to have transport encryption. This already happens through payment processors, and now you are suggesting to needlessly do the same for TLS certificates! That breaks the web, it doesn’t protect it.
Your job as a CA is to validate identities, nothing more, nothing less. If you step outside of those bounds, you become a threat to the internet.
CA’s job is not merely to Validate (heck, there is no validation in DV certs!) and issue a cert, but the whole lifecycle of the cert that includes revocation. It would be utterly irresponsible if we only issued and didn’t manage the whole lifecycle.
CAs run the PKI infrastructure, validation is only one part of it.
And before I forget. Moderators are not Comodo employees. We’re end users like everybody else.