[qeorge]

Honest question: as a United States internet user, is there any practical reason I need to have a root certificate from the Chinese national Internet authority installed?

Corollary, is there a short list of CAs that folks around here trust more than average? Is there any value in such a whitelist, or are all CAs so rotten it doesn't much matter?

[kijin]

There was a bit of controversy a few years ago when Mozilla added CNNIC to Firefox's list of trusted CAs. I removed CNNIC from my browser shortly afterwards. No problem so far.

I don't think you'll have much problem even if you only trusted a few U.S. megacorporations, such as Verisign, Comodo, GeoTrust, GoDaddy, etc. They're no more trustworthy than the rest, but at least they're much more widely used than some government agency of a country you have nothing to do with.

[kjs3]

If you regularly visit Chinese sites that use HTTPS.

[lucaspiller]

...that use this CA. I regularly use Alibaba, but their certificates are signed by "VeriSign Class 3 Secure Server CA - G3".