Re: What Verisign-free CAs are left?

Greg Pratt wrote:
Not knowing which companies have been assimilated by Verisign...
what respectable organizations out there do personal certificates?

CERN Higher Education Root
Deutsche Telekom Root CA
POSTEN.pl
Microsoft Secure Server Authority (doesn't apply to your scenario)
DFN (Deutsches Forschungsnetz)
Staat der Nederlanden
TS TrustCenter (insolvent)
Equifax Secure eBusiness (not any more, have been bought by GeoTrust)

Preferably a company whose root certificates are already installed
with common products like Firefox.

That's the problem: All preinstalled CAs are either untrustworthy
because of lax services or because they're scumbags by not applying
their secure services policies properly. And sometimes additionally by
company (like AOL/Time Warner).

Such a company need not be free -- I already know of CAcert.org.

Exactly. CAcert doesn't do comprehensive checking, but at least they're
free and no scumbags at the same time. Comodo, Entrust, RSA and
ValiCert's free services are trustable as well, at least up to the low
limits of the lax policies.

Given the utter contempt for Verisign one finds in some quarters, I'm
surprised I wasn't able to find a FAQ with such a list (or a pointer
to one).

In de.comp.security.misc we've already been discussion the subject about
trusted CAs. A safe whitelist is seen above, but none of these is
included in any webbrowser. Short: SSL in webbrowsers sucks.
.