As possible fallout after a late response (30 days) to inquiries by Mozilla and Google to Symantec about test certs Symantec had issued for google.com w/o Google’s knowledge back in 2015, Google Chrome may (at this point internally proposing – not a scheduled implementation) stop recognizing the (full) validity of Symantec certs after fixed durations.
Google currently (with Chrome 57) distrusts Symantec issued certs at their face value but with Chrome 59 would reduce it to 33 months (1023 days) then with Chrome 60 it would reduce to 27 months..and so forth. Eventually Chrome would only recognize Symantec certs as valid for a maximum date from issuance of 9 months (279) days.
Here is the proposed Chrome rollout schedule:
59 Jun 6th, 2017
60 Aug 1st, 2017
61 Sep 12th, 2017
62 Oct 24th, 2017
63 Dec 12th, 2017
Many companies currently use GeoTrust and Thawte which are operated by Symantec. This means those companies would need to accept Chrome’s requirement for re-issuance more frequently or else change their CA root authorities (i.e. find another cert vendor.) Symantec currently holds approximately 35-40% of the cert market. (Remember the days when Thawte was the independent underdog?)
This is all hay at this point but something worth tracking if ever so diligently or out of curiosity. The discussion has been led along by Ryan Sleevi – the Chrome engineer at Google proposing it.