P.N. wrote:
>I wonder, why cacert (http://www.cacert.org/) isn't installed
>as a certificates issuer - any problems with it?
>Can I trust it, or shouldn't I for some reason?


Starting last Summer, there has been quite a dust-up
over the way Gecko handles certs.
http://google.com/search?q=cache:8lx...ecure#24465811

The Mozilla Foundation has caught Hell for it.
Mostly it's a lot of scaremongering on the part of the Gecko guys.

A number of the **pre-approved** CAs are steaming piles of fraud.
The certificates from many of those (which you accept by default)...
http://google.com/search?q=cache:sUy...ACert#24246653

(different spot on the same page)
http://google.com/search?q=cache:sUy...ACert#24247037

....are actually WORSE than the ones from CACert.
(another spot on that page)
http://google.com/search?q=cache:sUy...ACert#24247167

....and as has been mentioned,
CACert is on the cusp of being included by default.