"> I have not been able to find the current owner of this
root. Both RSA > and VeriSign have stated in email that they do
not own this root.
"That's rather worrying. Do we know for certain that one or
other created it originally? Do we know if it's in any other root
stores other than our own?
"The lack of transparency in 2002 re: the source of added roots
means we have no idea whether e.g. some malicious actor slipped an
extra one into whatever list they were keeping internally to
Netscape, and has been MITMing people ever since."