X.509 certs that don't guarantee identity

[Bob Snyder]

>  The navigator will not differentiate them.  We build in a default set of
>CA certificates into the navigator, and then allow the user to modify them as
>they see fit based on their local trust policy.  The default set of CAs that
>we ship with our product will not include the verisign level 1&2 CAs as
>trusted
>SSL Server CAs.

With the level 1&2 CA certs be include but not enabled, or will users have
to go pull them themselves?

Bob