Q$2.(10$ points$)$ PKI provides a digital certi cation system. Each certi cation basically contains the information of ID k pk k valid $$ period k algorithm k metadata together with a signature CA of CA$.(1)$ Could we just use an MAC to generate CA$?$ please brie y explain. $(2)$ Root CA CAr needs to be very careful about his secret key which is the root trust of the whole PKI system. He may choose to be oine, and introducing a bunch of intermediate CAs $($CA$1$; : : : ;CAn$)$ to interact with the users who are requesting certi cates. At the system setup phase, he issues certi cates for each of the CAi and let those intermediate CAs to generate certi cates. Essentially any certi cate generated by any of the CAi is considered valid. Another solution is for the CA to split his root secret into n pieces and stored in n di erent machines, and leverage a threshold certi cation generation procedure that only when n$=2$ machines respond with a valid certi cate share, user can combine and obtain a valid certi cate. Which of the two solutions is more vulnerable $($or requiring more trust$)?$ please brie y explain.