Classic X.509 CAs with secured infrastructure

Traditional credential authorities issue long-term credentials to end-entities who will themselves posses and control their key pair and their activation data. These authorities act as an independent trusted third party for both subscribers and relying parties within the infrastructure. The identity of the subscribers is vetted through a face-to-face or equivalent process.