Suppose you want to find Bob's public key. There are several possible
ways. You could call him up and ask him to send you his public key via
e-mail; you could request it via e-mail as well. Certifying authorities
may provide directory services; if Bob works for company Z, look in the
directory kept by Z's certifying authority. Directories must be secure
against unauthorized tampering, so that users can be confident that a
public key listed in the directory actually belongs to the person
listed. Otherwise, you might send private encrypted information to the
wrong person.
Eventually, full-fledged directories will arise, serving as online white or yellow pages. If they are compliant with CCITT X.509 standards, the directories will contain certificates as well as public keys; the presence of certificates will lower the directories' security needs.