I honestly don't know if this is a fair assumption or not, it just strikes me as weird that it is not mentioned when first mentioning the "great firewall"
One would still be vulnerable of a corrupt CA. The only solution to this would be to issue all certificates from an internal CA and verify this in your application.
I'm not sure if this would break when you needed to renew the certificate, but I guess you only update the signature, not the actual public key.
I wish they would address the topic, though. I interpret this article as if they mean that HTTPS solves all censoring and content sensing issues, regardless.
I wonder if China will ever have a revolution, and if the "winners" will even want to revert to a "normal" Internet. The problem is most Chinese don't even know what that is.
So, China having a CA installed, while not great, certainly isn't giving them control they can't already get. Plus, why would they want to risk their own CA cert doing malicious things, where it'd be directly traceable to them?
I think, personally, that the Chinese government will just get more democratic over time. It's worth noting that China is certainly moreso now than it was a few decades ago.