<P> Vendors and entrepreneurs saw the possibility of a large market, started companies (or new projects at existing companies), and began to agitate for legal recognition and protection from liability . An American Bar Association technology project published an extensive analysis of some of the foreseeable legal aspects of PKI operations (see ABA digital signature guidelines), and shortly thereafter, several U.S. states (Utah being the first in 1995) and other jurisdictions throughout the world began to enact laws and adopt regulations . Consumer groups raised questions about privacy, access, and liability considerations, which were more taken into consideration in some jurisdictions than in others . </P> <P> The enacted laws and regulations differed, there were technical and operational problems in converting PKI schemes into successful commercial operation, and progress has been much slower than pioneers had imagined it would be . </P> <P> By the first few years of the 21st century, the underlying cryptographic engineering was clearly not easy to deploy correctly . Operating procedures (manual or automatic) were not easy to correctly design (nor even if so designed, to execute perfectly, which the engineering required). The standards that existed were insufficient . </P> <P> PKI vendors have found a market, but it is not quite the market envisioned in the mid-1990s, and it has grown both more slowly and in somewhat different ways than were anticipated . PKIs have not solved some of the problems they were expected to, and several major vendors have gone out of business or been acquired by others . PKI has had the most success in government implementations; the largest PKI implementation to date is the Defense Information Systems Agency (DISA) PKI infrastructure for the Common Access Cards program . </P>

In a public key infrastructure (pki) a registration authority