The original discussion happened before we decided to look into exactly the same thing. I don’t see this as a function of Let’s Encrypt as a CA and it is likely to remain in hands of administrators. What we can do is to make this really easy.
KeyChest already uses CT logs extensively but if you’re after particular security checks, please comment here! We’ll see how to include it into headlines or other visible warnings.
@sahsanu I really like it - a pretty cool job of maximizing info value in terminal! The things we don't have is:
filter my domain
show number of certificates you can request now
We do have information from CT and from actual servers (TLS handshake) - would comparing those and figuring out "likely" rogue certs make sense? The logic for that is not trivial but doable.