[advisedwang]

Amongst it's repsonse, StartSSL should start logging every granted certificate to a Certificate Transparency log. From now on they need to provide the transparency so that site owners can verify there are no phony certificates being issued for their domains.

[pfg]

That seems appropriate. Google forced Symantec to do the same thing because of a number of misissued certificates[1].

[1]: https://security.googleblog.com/2015/10/sustaining-digital-c...

[prdonahue]

I'm guessing Sleevi is already dusting off his keyboard to write them a similar note.