This is a pretty misleading title for a couple of reasons:
1) WoSign may face revocation (I doubt it but I don't know), but there is no evidence of that in this article. This is just one person not affiliated with a root program "calling for" it. People on the internet call for revocation of major CA roots all the time.
2) I don't really know what a "fake" cert is, it's a very strange choice of words. I would think a fake cert is not a real cert, and in that case issuing fake certs is fine because browsers won't trust them. It seems the problem here is that real certs were issued when they shouldn't have been. That's called "mis-issuance", not "fake certs."
You are just being pedantic. The meaning is perfectly clear, they are creating certificates for a domain and giving them to people who do not control/own that domain. Pick whatever word you like to describe this. The story is very clear.
1) WoSign may face revocation (I doubt it but I don't know), but there is no evidence of that in this article. This is just one person not affiliated with a root program "calling for" it. People on the internet call for revocation of major CA roots all the time.
2) I don't really know what a "fake" cert is, it's a very strange choice of words. I would think a fake cert is not a real cert, and in that case issuing fake certs is fine because browsers won't trust them. It seems the problem here is that real certs were issued when they shouldn't have been. That's called "mis-issuance", not "fake certs."