This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.
The purpose of a Certificate Authority is to bind a public key to
the common name of the certificate, and thus assure third parties
that some measure of care was taken to ensure that this binding
is valid. A measure of a Certificate Authority is their "Policy
Statement" which states what measures they take for each class of
certificate they offer to ensure that this binding of identity
with public key is valid.