Maybe I'm just Dumb
But can't we just add an exception for Symantic certs into our OS's "keystore" and bypass Google's whiny-ness?
After-all, why would we trust our web browser to be the final arbiter of what is and isn't acceptable on the internet, when so many other applications can just directly connect in the first place?
Long ago I pointed out that Google starting their own CA would be the end of privacy on the internet. If you use Chrome, there is nothing stopping Google from becoming a MITM attacker. You stupidly use their browser which by default is set to trust their own CA.
Google has gone from "Don't be Evil" to "Trust Us!".