2020-12-02 UTC
# sknebel browser do some degree of validation of that too afaik (since nowadays all public certs should have CT entries), but I'm not up to date on how exactly. (for a while there was a specific header for sites to opt-in, but my understanding is that it is being phased out because nowadays CT logs should be standard) but snarfed is right, the main point is "a CA can't silently create an unauthorized cert, and if we ever encounter one we can