Editing Public key infrastructure (section)

== History ==
{{Unreferenced section|date=January 2014}}

Developments in PKI occurred in the early 1970s at the British intelligence agency [[GCHQ]], where [[James H. Ellis|James Ellis]], [[Clifford Cocks]] and others made important discoveries related to encryption algorithms and key distribution.<ref>{{cite web |last=Ellis |first=James H. |author-link=James H. Ellis |date=January 1970 |url=http://cryptocellar.web.cern.ch/cryptocellar/cesg/possnse.pdf |title=The Possibility of Secure Non-Secret Digital Encryption |archive-url=https://web.archive.org/web/20141030210530/https://cryptocellar.web.cern.ch/cryptocellar/cesg/possnse.pdf |archive-date=2014-10-30}}</ref> Because developments at GCHQ are highly classified, the results of this work were kept secret and not publicly acknowledged until the mid-1990s.

The public disclosure of both secure [[key exchange]] and [[asymmetric key algorithm]]s in 1976 by [[Whitfield Diffie|Diffie]], [[Martin Hellman|Hellman]], [[Ron Rivest|Rivest]], [[Adi Shamir|Shamir]], and [[Leonard Adleman|Adleman]] changed secure communications entirely. With the further development of high-speed digital electronic communications (the [[Internet]] and its predecessors), a need became evident for ways in which users could securely communicate with each other, and as a further consequence of that, for ways in which users could be sure with whom they were actually interacting.

Assorted cryptographic protocols were invented and analyzed within which the new [[cryptographic primitive]]s could be effectively used. With the invention of the [[World Wide Web]] and its rapid spread, the need for authentication and secure communication became still more acute. Commercial reasons alone (e.g., [[e-commerce]], online access to proprietary databases from [[web browser]]s) were sufficient. [[Taher Elgamal]] and others at [[Netscape Communications Corporation|Netscape]] developed the [[Transport Layer Security|SSL]] protocol ('[[HTTPS|https]]' in Web [[Uniform Resource Locator|URL]]s); it included key establishment, server authentication (prior to v3, one-way only), and so on.<ref>{{cite web |last=Prodromou |first=Agathoklis |date=2019-03-31 |title=TLS Security 2: A Brief History of SSL/TLS |url=https://www.acunetix.com/blog/articles/history-of-tls-ssl-part-2/ |access-date=2024-05-25 |website=Acunetix |language=en-US}}</ref> A PKI structure was thus created for Web users/sites wishing secure communications.

Vendors and entrepreneurs saw the possibility of a large market, started companies (or new projects at existing companies), and began to agitate for legal recognition and protection from liability. An [[American Bar Association]] technology project published an extensive analysis of some of the foreseeable legal aspects of PKI operations (see ''[[ABA digital signature guidelines]]''), and shortly thereafter, several U.S. states ([[Utah]] being the first in 1995) and other jurisdictions throughout the world began to enact laws and adopt regulations. Consumer groups raised questions about [[privacy]], access, and liability considerations, which were more taken into consideration in some jurisdictions than in others.<ref>{{cite journal |date=2001 |title=PKI Assessment Guidelines |url=https://theworld.com/~goldberg/pagv30.pdf#page=43 |journal=[[Information Security Committee]] |volume=0 |issue=3 |pages=43}}</ref>

The enacted laws and regulations differed, there were technical and operational problems in converting PKI schemes into successful commercial operation, and progress has been much slower than pioneers had imagined it would be.

By the first few years of the 21st century, the underlying cryptographic engineering was clearly not easy to deploy correctly. Operating procedures (manual or automatic) were not easy to correctly design (nor even if so designed, to execute perfectly, which the engineering required). The standards that existed were insufficient.

PKI vendors have found a market, but it is not quite the market envisioned in the mid-1990s, and it has grown both more slowly and in somewhat different ways than were anticipated.<ref>Stephen Wilson, December 2005, [http://www.china-cic.org.cn/english/digital%20library/200512/3.pdf "The importance of PKI today"] {{webarchive|url=https://web.archive.org/web/20101122134646/http://www.china-cic.org.cn/english/digital%20library/200512/3.pdf |date=2010-11-22 }}, ''China Communications'', Retrieved on 2010-12-13</ref> PKIs have not solved some of the problems they were expected to, and several major vendors have gone out of business or been acquired by others. PKI has had the most success in government implementations; the largest PKI implementation to date is the [[Defense Information Systems Agency]] (DISA) PKI infrastructure for the [[Common Access Card]]s program.