Logs

Mmm. This is entirely true if you're Google, and otherwise it's an ambition not a reality because the complete CT system, which closes the loop, remains a work in progress.

If you're Google you're fine because the CT policy actually in place today goes like this: At least one log you use must be Google's. Google built all the early CT logs, and were first to deploy SCT requirements in Chrome, so this isn't a deliberate ploy but it's true anyhow. This gives Google certainty that they know what's up.

But for anybody else the concern then arises, what if Google (and any other logs used) are conspiring against me?

To fix that you need to close the loop. An SCT is only a _promise_ and is not the fact of logging itself. Clients would need to (have somebody on their behalf) check the logs to see that those promises were fulfilled in a timely manner. They also need multi-perspective in order to validate that the log they're shown is the only log that exists. Otherwise log operators can bifurcate the log and show a version with a problem certificate in it to the victim, while showing only logs without that certificate to everybody else.

And this latter work is all unfinished. It's probably fine, but then we said that about a lot of things which once we had CT turned out not to be fine at all. Won't see what you didn't look for, right?