It is perfectly possible to use TLS without relying on Verisign. Nothing in the protocol depends on Verisign. The protocol was built in such a way that you can run your own CA, or run no CA at all and have your system manually manage self-signed certificates.
Browsers won't run without the Verisign/Thawte CA system. That's not an SSL/TLS problem; that's a browser problem. Browsers exist in a complicated ecosystem involving banking and credit cards, cooperation between hostile software vendors, and the most massive installed base of users in the history of the world.
Don't conflate the problems that browsers have with the attributes of the SSL/TLS protocol. If you need to create an new kind of encrypted transport between two endpoints on the Internet and choose almost anything other than SSL/TLS, you might as well write your own block cipher while you're at it.
Hell, for DOD systems on secure networks, you're required to remove all of the non-DOD root CAs. No DigiNotar or GoDaddy or the hundreds of others allowed.
DoD systems on secure networks shouldn't have IP connectivity outside DoD, though. The only issue is code signing keys for activex/java. (which really shouldn't exist on DoD secure networks either, but they've fully drunk the MS kool-aid)
Browsers won't run without the Verisign/Thawte CA system. That's not an SSL/TLS problem; that's a browser problem. Browsers exist in a complicated ecosystem involving banking and credit cards, cooperation between hostile software vendors, and the most massive installed base of users in the history of the world.
Don't conflate the problems that browsers have with the attributes of the SSL/TLS protocol. If you need to create an new kind of encrypted transport between two endpoints on the Internet and choose almost anything other than SSL/TLS, you might as well write your own block cipher while you're at it.