I didnt ask why CT was made. I ask why the concet HOW CT was done was changed.
also @tlussnig zje serial numbers werent easily guessable since a part of the number was always random.
let’s look at the hello world LE cert which also was the example then.
the serial is 01:00:00:00:00:00:00:15:4F:F8:F2:23:AE:7F:FA:BC
let’s explain it from behind, makes more sense this way.
the complete second half of the number (4f until BC) is randomly set proably so you cant guess the serial number.
then the 00:00:00:00:00:00:15 is just an increasing number which means the hello world is the 15(hex)th so the 21st cert that was issued, well not exactly because:
so we had 01 as the “location identifier” which probably means they use multiple servers to generate the certs and so the the increasing numbers dont overlap on multiple “locations” because they are made to generate certs simoultanerously and get out of sync we have this.
so every cert could be downloaded somewhere on LE using the first half of the serial number and we had it.
the best thing of this approach is that since the CT is technically on-premises you dont get a problem with CT when something happens to their server or the connection to them.
now the main question is WHY did you switch to a 3rd partx CT provider and completely randomized the serial numbers?