[Deathmax]

From what I understand, checking that a certificate has been submitted to CT logs should not have privacy implications, only trust in a set of CT logs and their public keys to be able to verify Signed Certificate Timestamps (SCTs). SCTs can be distributed in one of 3 ways:

1. Embedded in the certificate itself - no communication with a third-party

2. Distributed via TLS extension - no communication with a third-party

3. OCSP stapling - the server is the party that initiates a connection with the CA, the client doesn't touch the CA

You only need the complete set of CT logs if you want to verify the logs have not been tampered with.

[GauntletWizard]

Lipstick on a pig. OCSP Stapling is a complicated and convoluted override for certificate lifetimes that should never be used and isn't in practice. All three are just different chains to the same CA organizations (in practice), which could just as easily maintain two sets of CT logs.

I should get around to making an "Evil-CA" software that explicitly maintains those two logs.