[NKCSS]

I don't get your DigiNotar reference; they were hacked; how is that different from any other CA that got hacked?

[ibejoeb]

DigiNotar failed to disclose the known breach for 6 weeks (https://blog.mozilla.org/security/2011/09/02/diginotar-remov...) Whether it was incompetence, coercion, or complicity matters little. I still have my doubts that China provides a climate suitable to a properly functioning CA.