Comment by ttyprintk

I don’t think anyone is arguing that Certificate Transparency defeats “every real advancement in network security”. If you want to avoid your internal hostnames, and maybe Subject and SAN, ending up in LE, then you’re free to run your own CA.

But getting back to your parent post, maybe we can see a nontrivial real-world list of a big network to make sure it’s leaking nothing of value?