[oasisbob]

Representatives of Google, Apple, and Mozilla have all dismissed the suitability of a fast reactionary nuclear approach.

There are plenty of innocent sites who use WoSign/Startcom certificates.

It's easy to be flippant when you're not actually responsible for a browser which users use, and need to worry about adverse side-effects. You kill WoSign overnight and you now have millions of users habituated to ignoring TLS errors, and now know how to override internal browser security settings.

Hope it was worth it.