Will Let’s Encrypt support Google’s Certificate Transparency (CT, see [certificate-transparency.org]) by:
- attaching a signed certificate timestamp (SCT) to a certificate using an X.509v3 extension or
- enabling the client to deliver SCTs by using a special TLS extension or
- using Online Certificate Status Protocol (OCSP) stapling?
In contrast to the last two mechanisms, X.509v3 extension does not require any server modification, whereas OCSP stapling does not delay the issuance of the certificate, since the CA can get the SCT asynchronously.
Source: “[How CT works]”