A certificate binds a public key to some identifying information (e.g., a URL or email address).

A certificate always contains both public and private keys.

A certificate needs to be verified by a trusted entity before it can be used.

A certificate may contain usage restrictions by the issuer (e.g., it can only be used to sign end-user certificates, not delegate certificates).

... is a light-weight protocol for secure email exchange.

... requires public-key cryptography to authenticate users.

... assumes that the underlying network is trusted.

... provides authenticated users with tickets to access servers.

... email address.

... public key.

... private key.

... common name.

For security reasons, a certificate chain is limited to a maximum of 12 intermediate certificates.

A longer certificate chain is more trusted than a shorter chain.

A web browser will trust a certificate even if it is not issued directly by a trusted root CA, as long as all intermediate certificates in the chain are in turn issued by a trusted intermediate or root CA.

A web browser will only trust a certificate that is directly issued by a trusted root CA.

... is not required in order to build a public-key infrastructure (PKI).

... can delegate its role to another CA.

... typically has its public key(s) built-in to the software (e.g., Chrome, Firefox) so that the certificates it signs can be automatically accepted.

... must be a root CA in order to sign end-entity (EE) certificates.

A certificate authority (CA) and a registration authority (RA)

The key distribution center (KDC) and the certificate authority (CA)

A ticket-granting ticket (TGT) and a service-granting ticket (SGT)

An authentication server (AS) and a ticket-granting server (TGS)

SHA-3 uses the same Merkle-Damgard iterated construction as MD-5 and SHA-1/SHA-2

SHA-3 supports the same Message Digest sizes as SHA-2, i.e., 224, 256, 384, and 512 bits

SHA-3 is not meant to replace SHA-2 (at least not yet), as SHA-2 is still considered secure.

SHA-3's underlying Keccak function allows for not only ingesting arbitrary length input ("absorbing phase") but also arbitrary length output ("squeezing phase").

... are slower to use than a simple hash-lookup table.

... are smaller than a simple hash-lookup table.

... exist for arbitrary long passwords.

... require a special class of reduction functions that map a hash value to a password.

It is faster

The simple construct H(m||K) allows an attacker to pre-compute message pairs for a birthday collision - HMAC does not 

HMAC supports more hash functions (e.g., MD5, SHA1)

H(m||K) is vulnerable to a length-extension attack