[deathanatos]

But isn't "certifying" the part that actually matters (making sure I have the right key for a persona / the right persona), and AFAICT, Key Transparency is focused on the logging aspect.

This is what I'm really not seeing in the blog post / GitHub repo; how does this actually establish trust in the received key?

(While it is true that the owner of the key can audit their account, that doesn't help a sender. Also, if watching people "verify" SSH & GPG keys has taught me anything, it's that even engineers who should know better are way too lazy.)