[GauntletWizard]

Checking certificates requires that either a) The user have a complete set of CT Logs to check against or b) The user makes a request of a third-party server to verify the certificate. "a" is disk space and download uneconomical, "b" is a privacy concern. Mozilla has decided that it's value is not worth the privacy risk of yet. Time will tell if that's the correct answer; Chrome and Safari are likely enough to keep the CAs honest.

[Deathmax]

From what I understand, checking that a certificate has been submitted to CT logs should not have privacy implications, only trust in a set of CT logs and their public keys to be able to verify Signed Certificate Timestamps (SCTs). SCTs can be distributed in one of 3 ways:

1. Embedded in the certificate itself - no communication with a third-party

2. Distributed via TLS extension - no communication with a third-party

3. OCSP stapling - the server is the party that initiates a connection with the CA, the client doesn't touch the CA

You only need the complete set of CT logs if you want to verify the logs have not been tampered with.

[GauntletWizard]

Lipstick on a pig. OCSP Stapling is a complicated and convoluted override for certificate lifetimes that should never be used and isn't in practice. All three are just different chains to the same CA organizations (in practice), which could just as easily maintain two sets of CT logs.

I should get around to making an "Evil-CA" software that explicitly maintains those two logs.