What's the difference between class 1 and class 3 roots, and the certificates signed by them?
Pretty much what the question says. What's the difference between the two classes of roots? The differences between the certificates signed by such roots? What uses would a class 1 signed certificate have that a class 3 doesn't, and vice versa?
Answer
Wikipedia has a meager but clear answer, as concerns VeriSign, and references a Symantec (who bought Verisign's certificate business) page as its source.
Class 1 for individuals, intended for email.
Class 2 for organizations, for which proof of identity is required.
Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority.
Class 4 for online business transactions between companies.
Class 5 for private organizations or governmental security.
Adding that,
Other vendors may choose to use different classes or no classes at all as this is not specified in the PKI standards.
So the best, the most reliable, the only authoritative resource is the certificate vendor's site definition. For CACert, Andrew Rollings answer is complete, and a second source can be found at CACert's Technical FAQ