I don't see the link with LetsEncrypt here. Symantec doesn't give away free certs, and LetsEncrypt doesn't do EV.

The implementation is open source. You can launch your own ACME server (valuable for testing), and use that. CAs implementing this technology obviously need to go through the same hoop-jumping in order to become trusted, but that's true of any strategy of starting a CA.

The technology is available for any CA, existing or new, to copycat.

And if they don't want to use the open source reference implementation, they can cleanroom an ACME server that works with all the existing clients that work with letsencrypt.

If I'm reading the settings page right, Chrome trusts over 70 certificate issuers right now. Let's Encrypt is just one of those, and only issues a limited set of certificate types.

As I understand it, Chrome (unlike Firefox) does not ship its own root CA store - rather it defers to the root store of the operating system that it's running on. It does however apply some form of blacklist / additional restrictions over what the OS may allow.

I'd be quite happy if LetsEncrypt becomes a significant monopoly - they're following much better practices than many other CAs, they run on open source software and are generally operated in a much more transparent way than other CAs. By using stuff like Certificate Transparency Let's Encrypt makes it so their issuances are publicly auditable - much more than many other CAs are doing these days.

Arguably, they could just adopt LE technology wholesale. Shrinking cert lifetimes is compatible LE's already short cert lifetimes.