Comment by cmeacham98
3 years ago
I'm fairly certain LE is required to emit signed certificates to CT by the CA/B forum baseline requirements, with no "internal only" exception.
In other words, if they do this they will be untrusted in browsers. They could offer this service on a secondary untrusted root if they wanted.
They could augment the CT spec, such that only a hash of the domain needs to be made public.
Would be a great way to found LE :)