翻到 Let's Encrypt 的 Upcoming Features 時看到：
Embed SCT receipts in certificates
ETA: February, 2018
對 Embed SCT 不熟，所以查了查這個功能。
這指的是在簽發 SSL certficiate 後，把資料丟給 Certificate Transparency (CT) 伺服器後，伺服器會提供 signed certificate timestamp (SCT)；而這個資料放到 SSL certificate 內叫做 Embed SCT：(出自 CT 的 FAQ)
What is an SCT?
An SCT is a signed certificate timestamp. When a certificate authority or a server operator submits a certificate to a log, the log responds with an SCT. An SCT is essentially a promise that the log server will add the certificate to the log in a specific time. The time, known as the maximum merge delay (MMD), helps ensure that certificates are added to logs in a reasonable time. The SCT accompanies the certificate until the certificate is revoked. A TLS server must present the SCT to a TLS client (along with the SSL certificate) during the TLS handshake.
當使用 ECC 時會小於 100 bytes：
How big is an SCT?
SCTs are less than 100 bytes, assuming elliptic curve signatures are used.
這樣才能試著解釋前幾天提到要拔掉 HPKP 的事情：「Chromium 內提案移除 HPKP (HTTP Public Key Pinning)」，也就是為什麼他們是提 CT 解，而不是 DNS CAA 解...
不過我記得 CT server 可以自己架自己 submit 不是嗎？後來有另外規定一定要用第三方的嗎？這樣又很怪...