It's just an organizational decision. CNNIC is super trustworthy to a lot of people. It's so many people, in fact, that they can't possibly verify all of the sites these people want to visit. So instead of burdening CNNIC with verifying the identity of every single site that wants a cert that their users will trust, CNNIC will just verify some other CAs as being trustworthy enough to do the job.
Personally, I think I should trust the hardware or OS manufacturer to pick exactly who is trustworthy enough to certify websites, since I'm trusting them that my computer is doing what it looks like it's doing anyway.
> CNNIC is not even trustworthy among Chinese Internet users.
Oh? Then why did Firefox, Google, Microsoft, Apple, etc. trust their root certificate? I know hating on China is all the rage, but something isn't making sense here...
> Google for 3721 中文网址 if you are interested
Just did. Got nothing. Are you referring to [1]? I'm not seeing what that has to do with CNNIC.
Yes, hence my using the past tense. I do not see how "CNNIC is [not trustworthy]" is compatible with "Firefox, Google, Apple, and Microsoft trusted their certificates until MCS Holding screwed up some corporate network's https-interception implementation".
In particular, was there any evidence of any mis-deeds by the CNNIC before what MCS Holding did? Anything at all aside from "they are a Chinese and that is bad" FUD? Have they ever issued a certificate used to MITM the communications of political dissidents, for example?
Personally, I think I should trust the hardware or OS manufacturer to pick exactly who is trustworthy enough to certify websites, since I'm trusting them that my computer is doing what it looks like it's doing anyway.