DigiNotar failed to disclose the known breach for 6 weeks (https://blog.mozilla.org/security/2011/09/02/diginotar-remov...) Whether it was incompetence, coercion, or complicity matters little. I still have my doubts that China provides a climate suitable to a properly functioning CA.