Google Chrome 前陣子整理了一份對 Symantec 憑證的不信任計畫：「Chrome’s Plan to Distrust Symantec Certificates」。
這包括了一卡車的品牌，像是 Thawte、VeriSign、GeoTrust、RapidSSL，不過 Equifax 跟 Symantec 的關係我沒查到...：
Symantec’s PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous certificates that did not comply with the industry-developed CA/Browser Forum Baseline Requirements.
反正整個計畫會在 Google Chrome 70 推出時告一段落 (變成完全不信任)，會是 2018/09/13 (預定時間) 與 2018/10/23 (預定時間) 在 beta channel 與 stable channel 上推出。
中間比較重要的時間點是 2018/03/15 (預定時間) 與 2018/04/17 (預定時間)，Google Chrome 66 在 beta channel 與 stable channel 上推出，這個版本不會信任 2016/06/01 前發出的憑證：
Chrome 66 released to beta, which will remove trust in Symantec-issued certificates with a not-before date prior to June 1, 2016. As of this date Site Operators must be using either a Symantec-issued TLS server certificate issued on or after June 1, 2016 or a currently valid certificate issued from any other trusted CA as of Chrome 66.
Site Operators that obtained a certificate from Symantec’s old infrastructure after June 1, 2016 are unaffected by Chrome 66 but will need to obtain a new certificate by the Chrome 70 dates described below.