Which Trusted Root Certificate Authorities should I have?

[Quartz-1]

I'm looking at my TRCA list to guard against man-in-the-middle attacks. It's too large to post here, of course, and mostly they look legit, but are there any rogue CAs for which I should look out? Ones that have caught my eye are 'NO LIABILITY ACCEPTED (c)97 Verisign' and a couple which start 'thawte' as opposed to 'Thawte'.

I'm running Windows 10 in a domain and I don't believe I've installed anything untoward - but that's always the case, isn't it?

 

[heatlesssun]

https://support.microsoft.com/en-us/kb/293781

I believe those are both legit and have been around forever.

 

[bigdogchris]

Unless you have installed additional ones, the default ones included with Windows (IE/Chrome) and Firefox are safe.

 

[Quartz-1]

Thanks guys.