But prior to March 2015, CAs could issue certs valid for up to 5 years. So even if browsers stopped accepting WoSign certs with an issuance date after today, WoSign could still issue certs "issued March 2015 valid until to March 2020" and browsers would accept them.
If they start putting fake dates on the certs then the nuclear option is the only option. They are in the business of selling trust and they're outright lying on their only product? That's untenable.
Maybe the best would be to build a whitelist of WoSign certs then, scrap it from the publicly available websites and allow people to submit their own. Then some kind of bloom filter could do the trick I guess.
But prior to March 2015, CAs could issue certs valid for up to 5 years. So even if browsers stopped accepting WoSign certs with an issuance date after today, WoSign could still issue certs "issued March 2015 valid until to March 2020" and browsers would accept them.