Certificates
Most users don’t know what certificates are.
Of those who do, most don’t verify the signature chain.
Most of those people don’t know if they should trust an arbitrary root.
Conclusion: for most practical purposes, we don’t have a PKI -- and most people neither know nor care.