> Yikes. If all of that is true, surely Google will permanently ban WoSign from Chrome? And I would hope Mozilla and Microsoft, too, but Google is usually the one to "play tough" with rogue CAs (and I hope they will strive to develop and maintain that reputation).
This will most likely happen, because a) the CA is not a western CA and b) it was due to incompetence.
If they had been competent but intentionally and willfully broken the trust of the CA system, assuming they had enough money, they would keep their CA cert. Case in point: TrustWave still has their CA certificate after intentionally selling sub-CAs for the purpose of MITM! But don't worry, they promised they'll never to it again, honest.
This will most likely happen, because a) the CA is not a western CA and b) it was due to incompetence.
If they had been competent but intentionally and willfully broken the trust of the CA system, assuming they had enough money, they would keep their CA cert. Case in point: TrustWave still has their CA certificate after intentionally selling sub-CAs for the purpose of MITM! But don't worry, they promised they'll never to it again, honest.