All this means is that CAs have to be a bit more careful who they give reseller certificates to - essentially, only signing reseller certificates for sellers they think are trustworthy.
Because that's what signing a * certificate says - "I trust the owner of this certificate with signing power for every domain". If a particular CA is giving that away to people who shouldn't be trusted with that, then that's pretty shady behaviour on the part of the CA.
Because that's what signing a * certificate says - "I trust the owner of this certificate with signing power for every domain". If a particular CA is giving that away to people who shouldn't be trusted with that, then that's pretty shady behaviour on the part of the CA.