https://github.com/GoogleChrome/ct-policy/issues/3
At question is what root certificates MUST be accepted by a Log to demonstrate it is "operating in the public interest".
Additionally, in considering that question, what impact, if any, should such changes have on existing or pending Logs. That is, if the Policy is clarified in a way that an existing or pending Log does not meet such a policy, what timeframe, if any, should exist to allow it to adjust (aka: effective date).
My hope and desire is to see permissive logs, such as
https://bugs.chromium.org/p/chromium/issues/detail?id=703699 or the Google logs. To phrase it more objectively, a Log must accept certificates from any Root recognized for TLS issuance by Chrome, which includes the set of roots on (Microsoft, Apple, Mozilla, ChromeOS, Android, iOS). Of course, defining that objectively should be incumbent on Google/Chrome, so that there's no ambiguity or misinterpretation.
Do people have thoughts here?