<Ul> <Li> The subject, not the relying party, purchases certificates . The subject will often utilize the cheapest issuer, so quality is not being paid for in the competing market . This is partly addressed by Extended Validation certificates . </Li> <Li> Certification authorities deny almost all warranties to the user (including subject or even relying parties). </Li> <Li> The expiration date should be used to limit the time the key strength is deemed sufficient . This parameter is abused by certification authorities to charge the client an extension fee . This places an unnecessary burden on the user with key roll - over . </Li> <Li> "Users use an undefined certification request protocol to obtain a certificate which is published in an unclear location in a nonexistent directory with no real means to revoke it ." </Li> <Li> Like all businesses, CAs are subject to the legal jurisdiction (s) of their site (s) of operation, and may be legally compelled to compromise the interests of their customers and their users . Intelligence agencies have also made use of false certificates issued through extralegal compromise of CAs, such as DigiNotar, to carry out man - in - the - middle attacks . Another example is a revocation request of the CA of the Dutch government, because of a new Dutch law becoming active starting Januray 1st 2018, giving new powers for the dutch intelligence and security services . </Li> </Ul> <Li> The subject, not the relying party, purchases certificates . The subject will often utilize the cheapest issuer, so quality is not being paid for in the competing market . This is partly addressed by Extended Validation certificates . </Li> <Li> Certification authorities deny almost all warranties to the user (including subject or even relying parties). </Li> <Li> The expiration date should be used to limit the time the key strength is deemed sufficient . This parameter is abused by certification authorities to charge the client an extension fee . This places an unnecessary burden on the user with key roll - over . </Li>

Which of the following protocols supports the x.509 certificates