The SSL protocol described in Section 18.7 is modified to accommodate these different viewpoints. The Server is required to produce a certificate, but the Client is not. The Client does not normally require a certificate in credit-card transactions on the Web.
X.509 provided the mechanism for dealing with this environment which.
To authenticate the link between a user's ID and public key, the user's certificate must be obtained and checked. The size of the potential community of users requiring certificates necessitates that multiple certificate authorities must exist. X.500 v1 uses the term directory information tree (DIT)6 to describe the “network” of certificate authorities. Three levels are mentioned:
A fragment of this tree is shown ...