I am surprised there are no major websites down today. This seems pretty trivial to abuse, and has a good chance of working with other certificate authorities.
Symantec should just retire from certificate business at this point. With a little coordination between the major browser vendors: Apple, Google Microsoft, and Mozilla, this would be trivially easy.
It is the right thing to do.
While we’re at it, kill them all except the EV CAs and Let’s Encrypt (DV).
I’m interested to know why Let’s Encrypt gets the exception? Its validation process isn’t any better than all the other major CAs as far as I’m aware? DV validation is essentially the most minimal validation that any CA does…
Just because it is well known, has CT, the EFF is involved and it is free.
I could totally see an additional DV CA operated from the EU that follows the same idea as LE and same backing. Some redundancy, distribution and different jurisdiction seems like a good idea.