I think this article show that on one hand certificate transparency become more important.
On the other hand there are valid use cases that some domains will have legal multiple CA’s as supplier.
Sadly there is no list of misused domains by Symantec.
And an complete other question is:
Are there any national/international lows about CA what is allowed an what now special under the topic:
- MitM Security Audit
- Approved packet inspection for example prison