But aren't you creating a CA of CAs?
No. Each log is just a cryptographically verifiable record of every certificate that has been issued. The log cannot include a certificate without that certificate being visible to everyone. Thus, the rightful domain owner is in a position to take action when a certificate is mis-issued.
If a log misbehaves and tries to, for example, provide a proof for a certificate that it does not, in fact, include in the public log, then this will become apparent when that certificate is used, and furthermore, there will be cryptographic proof of the log's misbehaviour. This will, presumably, result in the log no longer being used for CT.
Who is going to be running the logs?
Google intends to run a log. We're working on it right now. We welcome others to also run logs. But note: anyone can run a log, since the log does not have to be trusted - the verification protocols make sure of that.
How do you revoke certificates?
Certificates are revoked in the usual way, Certificate Transparency does not change that. It provides a mechanism by which you can know a certificate needs to be revoked, but does not itself handle revocation.
How do clients know which logs to trust?
It is anticipated that clients will have a set of trusted logs built in. If a log misbehaves, this list will have to be updated.
A log proof is a list of hashes, signed by the log, which demonstrate that a particular certificate has been included in the public log. A client will not accept a certificate that is not accompanied by a corresponding valid log proof.
It is always possible to confront a log with a log proof and require it to show that the log is consistent with that proof (i.e. that the certificate is in the log and always has been since the proof was issued). It can do this cryptographically - and so can anyone else with a copy of the log. If it cannot show this, then that is evidence of its misbehaviour.
How big are log proofs?
What is the overall goal of this effort?
How did this originate?
Why not just pin all important certificates?
How is this different from (CRLs, OCSP, HSTS, Convergence, Periscope, ... )?
How does this keep fraudulent certificates from being issued?
What happens if the browser can't fetch a certificate for a website?
Can't a nefarious network operator just block the CertTrans query?
What happens if there is no proof? (or an invalid proof?)
Are you actually going to do this or is it just a proposal?
What about other efforts to increase the security of SSL - like DANE?
What about other efforts to increase the security of SSL - like Sovereign Keys?
What about other efforts to increase the security of SSL - like Convergence?
What about other efforts to increase the security of SSL - like Perspectives?
What about other efforts to increase the security of SSL - like Public-Key Pinning?