I am making myself familiar with certificate transparency, a system to monitor all issues certificates. It is supposed to help identify rogue certificates. But like no flaws in open source software are found unless someone looks for them, it is important for domain owners to look through all issued certificates to spot oddities. There are several services that allow people to enable certificate transparency monitoring for their domain, however since this is an additional measure people have to do, I assume most domains won’t be monitored. When wondering about how to improve it, I had the idea that it would be a good service for a certificate authority to check certificate transparency for certificates issued by other CAs for domains in certificates issued for their customers. Since Let’s Encrypt is a innovative CA, I was wondering if you would consider adding support to Let’s Encrypt to notify your users if other CAs issue certificates for the same domains that you issued certificates for.
It appears that someone else at the certificate transparency working group also sees CAs as an important certificate transparency monitor:
"A CA might performing monitoring on behalf of the Subjects to which it issue certificates, an important example of third-party monitoring."