He is still here. Far from a scapegoat. Wait and see. He will be back in no time.

No he didn't truly resign. Retained as contractor and most likely waiting to be reinstated. You got misled.

Are you saying it was okay to distrust EnTrust but DigiCert is too big to fail?

No, and I'm deeply confused how you drew this conclusion from what was written.

I specifically say the historical way to deprecate a certificate authority is to prevent them from issuing new certificates. Since certificates have a finite lifetime, the certificate authority would as well and would have immediately no further revenue from certificates.

I am saying "pulling the plug" without notice is going to take down tens of thousands of bystanders and anyone using those certificates for business would be unable to conduct business securely online, which would be disastrous. For example amazon.com has a DigiCert-issued certificate.

Agreed. That was my bad.

CNAME bug must have had something so bad DigiCert didn't want people poking around. Perhaps it's worth taking a closer look at the bug thread. They were also pressing really hard to close it. Something smells.