No, CT is stupid. Transparency is not necessary for security, but preventing invalid certificate issuance is. CT doesn't even do that. It just alerts you to it after the fact - but you have to monitor it to be useful anyway, so it's actually opt-in security. And it creates annoying side-effects like this public/private thing, or actually preventing CAs from issuing certs when their CT endpoints go down. It's ridiculous. CT is a bank alarm that goes off after the bank's been robbed, that you won't hear unless your radio is tuned to pick it up.
> Transparency is not necessary for security, but preventing invalid certificate issuance is.
> CT is a bank alarm that goes off after the bank's been robbed
> There are better solutions
How do you propose to prevent invalid certificate issuance? In particular, how do you propose to observe whether any CA accepted by browsers has issued a certificate to someone other than you for a domain you control, if you presume that there are malicious actors willing and able to compromise certificate authorities? Your threat model is nation-states. Assume someone else is willing to put up the cash, what's your solution that works strictly better than certificate transparency, and in particular (since you called attention to it) prevents invalid certificate issuance rather than just logging it for subsequent audit (and CA trust revocation)?
And that alarm has constantly been going off. CAs have consistently failed to abide by BR policies which would have otherwise gone unnoticed.
Things like certlint have come about to help prevent misissuance, but I would wager that most CAs have not added it to their issuance pipeline.
I agree that CT is not the solution and ideally it would not be necessary, however, the number of issues found and still being discovered justifies it. Trusting CAs to just issue proper certificates has been a failed policy.
