I wrote to the Taler list taler@gnu.org about certificate concerns with CloudFlare's OPRFs but never informed you guys. https://blog.cloudflare.com/privacy-pass-the-math/
I'll re-edit the relevant email from 10 Nov 2017 below:
There are shades of a "bug door" in [CloudFlare's] no certificates arguments : - "The only thing edge to manage is a private scalar. No certificates." - The edge's public key xG is "posted publicly [similar] to a Certificate Transparency Log [and] "verifiable by all users and so the deanonymization attack above would not be possible."
In other words, there is no plan for the Tor Project to control any certificate authorizing the edge's public keys, ala an auditor key in Taler. There aren't even any promises made about any particular certificate transparency scheme being employed to keep edges from employing unique keys.
I think their client software could track the public keys they see themselves easily enough, but if different edge servers use different keys then this becomes mostly useless. If for example the transparency log posts 256 keys supposedly used concurrently by 256 different edge servers, but secretly all edge servers used all keys, then your edge public key adds 8 bits of identifying information, but nothing looks suspicious in the transparency log.
I do think a certificate transparency scheme could address this concern, but it's not exactly what one normally means by certificate transparency.
Jeff