Well, to get back to the topic, here's another example of how bricking is involved:
https://www.theregister.co.uk/2018/02/07/beware_the_coming_chrome_certificate_apocalypse/
I agree that Symantec is not a firm I would choose for security products, but millions do, and the customers did hand over their cash and are entitled to their money's worth.
I agree that people who buy a product are entitled to their money's worth. In this case,
Symantec didn't deliver on that value. What customers are buying from a CA is literally a chain of trust. (It's otherwise only a few kB of special byte sequence.)
Directly from the article you posted:
But on the other hand, [Google] wouldn't be doing it if Symantec hadn't repeatedly screwed up and undermined trust in its own product by wrongly issuing SSL/TLS certs, including, unfortunately, the one for google.com. Not a smart move.
If you are an organization that exists purely to ensure that people can trust you, then you should expect some fallout if it turns out you can't be trusted.
Yet, another firm (Google) can seemingly brick the product you bought just like that. Will Google compensate them?
No, why would they? Google's not at fault here; Google is, at most,
expressing a reason-based opinion about the trustworthiness of the site Google's user is attempting to visit. Like it or not, browser makers are in a better position to keep on the tip of evolving security threats than the average internet user. Even with that, Google isn't stopping users from getting to sites with untrustworthy certificates; it is placing a warning to the user and letting the user deide.
[Symantec] claims only 127 certificates were wrongly issued, not the 30,000 previously claimed. But here we are. A few months after its blog post and with Google refusing to budge, Symantec threw in the towel and sold off its certificate business to DigiCert.
IMO, it was Symantec that didn't deliver and people who choose to should pursue any remedy they'd like from the place where the trust problem originated: Symantec, not from the browser makers (plural) who are rightly not trusting Symantec's shoddy work.
If Digicert is smart, they'll probably come up with a migration strategy for the Symantec customers, possibly involving free or discounted Digicert certs, in order to preserve and maximize the customer base they bought from the failed Symantec certificate authority business. That's a commercial arrangement with Digicert and their customers, and remedying this situation doesn't require Google, Mozilla, or any other browser maker to trust a certificate authority who has proven themselves to be not trustworthy.
Should we force them to
accept certificates from Honest Achmed's Used Cars and Certificates (an actual, presumably/hopefully tongue-in-cheek, request in Mozilla's bug tracker)?