Re: Fart in a colander
"All these sites have to do is replace their SSL cert. If they can't manage that after more than a year, they don't deserve any traffic."
Whilst that is all they have to do, doing so will not make anything tangibly safer or more secure for anyone. The threat scenario is that Symantec might have erroneously issued a certificate that allows some website to pretend to be something it's not during a man in the middle or in conjunction with a DNS attack. It's ridiculously unlikely for an attacker to wait over a year before utilizing such a fake cert particularly as they would be aware that the trust chain for that cert is going to be removed.