Which statement accurately describes the use of root and leaf certificates?

The statement that root certificates can only sign other certificates, while leaf certificates can validate devices, accurately reflects the hierarchy and functionality in a public key infrastructure (PKI) system.

Root certificates are critical as they form the trusted foundation for the certificate chain. They are self-signed and typically reside in the trusted root certificate store of devices. Given their integrity and trust level, root certificates are able to sign intermediate certificates (also known as signing certificates), which can in turn sign leaf certificates. This process helps establish a trust chain that confirms the authenticity of devices.

On the other hand, leaf certificates are issued to end entities or devices and are used primarily for authentication. When a device presents a leaf certificate, it is the leaf certificate that gets checked against the root and intermediate certificates in the trusted chain to establish trust. This means that leaf certificates are responsible for enabling secure communications by validating that the device is recognized and trusted.

By stating that root certificates can only sign other certificates while leaf certificates can validate devices, the statement accurately captures their respective roles in a certificate hierarchy and the process of establishing secure connections within IoT ecosystems.