When using PKI which two of the following are true? (Choose two.)
A. Currently, PKI digital identity certificates use the X.509 version 3 structure.
B. Currently, the PKI architecture requires that the client devices stay in constant contact with the CA in order to trust a certificate that is issued by the CA.
C. A client device must trust the CA in order to validate another device certificate that is issued by the same CA.
D. The CA does not sign the user or device certificate; it only signs its own root certificate
