What about
CAcert?
I don't see why you would need one though, the whole point of a authority is you're paying a 3rd party to verify your authenticity, a free service kinda makes the whole process redundant.. many people don't even trust CAcert because it's used by malicious people.
Why not use PGP for email? or.. OpenSSL with a shared passphrase? would make a lot more sense.