I do not understand the desire to require StartCom / WoSign to not utilize
their own logs as part of the associated quorum policy.
Certificate Transparency's idempotency is for not dependent on the practices of
the operator. By requiring the use of a third-party log (in this case Google's)
and requiring that the logs are public, CT "works" as expected.
There appears to be an argument being made that this restriction comes from the
fact that Firefox does not yet have CT support, I would argue that this is not
material. My justification for this argument is that today, Firefox depends on
SafeBrowsing, this is a Google-provided service and Firefox uses it to protect
users from malicious sites.
This is not significantly different from the way Chrome (and others) rely on
the wonderful Mozilla Trusted Root Program.
Based on this it seems reasonable to allow them to use the same logs they use
dev-security-policy mailing list