[gcp]

This line of reasoning works for banks or commercial entities.

But note, it does not work for governments. They can, and will, put up a red banner instructing the user to install another browser (or in case of Firefox 52, explain how to disable updates so you can keep using NPAPI plugins).

[jasode]

Interesting point. I spot checked CAs for some of the most popular USA government websites.

irs.gov (Internal Revenue Service): Entrust CA

va.gov (Veterans Affairs) : Symantec CA

So if Symantec is the CA for a critical mass of government websites that won't abandon them, Google Chrome could lose this battle.

Without looking at traffic data (e.g Alexa), my intuition says the vast majority of web traffic is not government websites. If Veterans Affairs forces user to switch browsers, I'm guessing people would still use their Chrome browser for all the other websites because that's where all their bookmarks live.

As for non-government websites, I notice that Netflix.com currently has a Symantec Class 3 CA. I'm guessing Netflix would rather switch to another CA.

[gcp]

I believe it is actually a matter of political campaigning in South Korea to get rid of ancient IE ActiveX requirements for government websites.

[rspeer]

It's not just government websites, it's requirements that the government placed on all e-commerce sites in South Korea.

[tialaramex]

The US Federal Government has stated a long term plan to operate a CA in the Web PKI, because after all it does operate a whole shitload of web sites, and it has secure buildings and trustworthy employees needed to run the CA. Like some other government-owned CAs it has offered up front to limit its CA to a TLD it controls anyway (in this case gov) so it won't be offering certificates to the general public.

They don't have a formal proposal yet, such proposals take anywhere from 6-18 months to process once they come out, and so the IRS or Veterans Affairs won't be getting new certificates from them in 2017, but in 2018 that's definitely a possibility.

Of course, a US Federal Government CA in the Web PKI would be problematic for Google, Apple, Microsoft or Mozilla (all US corporations) to distrust later if things go wrong, this is doubtless why they ask to limit to one TLD, defusing concerns in advance...