[Moderator’s note: Split off from older thread to avoid confusion].
Well, if I were to setup a phishing scam, I’d get my certificate “upfront” before sending out the first phishing mail (which could result in a Google-Safebrowsing-blacklisting). So after the certificate has been issued, it’ll be valid for 90 days - more time than necessary.
However, the situation were slightly different, if CAs like Let’s Encrypt could subscribe to a feed of domains recently added to the safebrowsing blacklist, and revoke their certificates automatically.
Or, from the other side: Google could check the certificate transparency logs, match them with records recently added to the safebrowsing blacklist and specifically report those domains to the CAs who did issue a certificate for any of those domains. The CA then would perform a check if the domain is still blacklisted and could immediately revoke certificates rather than merely preventing a new certificate from getting issued.
Just some ideas