I understand if you don't want to reveal your organization affiliations, but if this was widespread, it should have been discussed somewhere with more specifics. Can you link to a discussion anywhere with more specific examples?
We had a bunch of RapidSSL certs in-use internally, and were rather pokey in replacing them since they were less-critical internal certs. Everything with the deprecation warnings were exactly as expected and announced.
I follow Mozilla's dev Security list and the CAB Forum mailing lists fairly regularly, can't find any discussions about Google deviating from their announced plan.
You can imagine how ridiculous this sounds right? If Google had blacklisted these certs in April as you claim, would that have not been a massive shitshow for everyone involved, and would have been on the top of HN?
