Good points from Brian and Evans. I think the elephant in the room is CCK to be the Root Certification Authority. PPP as Brian puts it might be the best way to go, although it has its own challenges, as we saw last year when KENIC was facing leadership challenges, and discord within the board. Other channels might be to tender for local companies to bid to be the RCA. This has worked very well in developed countries. The issue of HR can be sorted if we are willing to empower our youth, by say Knowledge Transfer. Unfortunately, these Asians are not very keen in transferring such knowledge to the client side of the business since they want to be indispensable. But we can be forceful, and find ways to train people who will administer the NPKI system. We currently have thousands of security experts in the country, and we are willing to learn more. Kind Regards. -- ______________________ Mwendwa Kivuva