That's all and well, but I can't see why that would be interesting to a generic, third-party CA. If you're talking about a CA within the same corporation, then I can understand, since they usually (as far as I can guess) work from a different standpoint and with different priorities.
What you describe feels to me like encryption is ill understood and placed in the hands of random individuals. If you want safety and recoverability, there's nothing like one or several backups, maybe protected with different means (different encryption, different storage media (including vaults), different keys, and so on).
I believe there was at least one large institutional effort where keys were generated, escrowed and loaded into hardware tokens and distributed. the persons were expected to use the hardware tokens for both authentication and encryption. if the hardware token failed (like if the battery died), they could get a new hardware token issued with the same keys.
the obviously needed the original keys if they had used the hardware token for encryption (of data that turned out to be laying around someplace).
however, it wasn't necessary to have escrowed keys for authentication, simply issuing a new hardware tokens with new (authentication) keys would have been sufficient (and reregistering the new public key).
here is an issue where, if they're using hardware tokens for key protection ... they really need to distinguish between encryption keys and authentication keys .... either a single hardware token with two different sets of keys ... and the token knows how to consistently differentiate their use between encryption and authentication ... or two different hardware tokens ... consistently used for the different (business) purposes.
there is a side issue with institutional delivered hardware tokens ... and if they were to replace existing shared-secret pins/passwords ... where a person might have a hundred unique shared-secrets for their various electronic relationships .... and potentially be issued at least one hardware token to be used in lieu of every pin/password ... and potentially a second hardware token for encryption only purposes (say in dongle form ... a key chain with 100-120 or dongles ... in need of medium sized ruck sack just to lug them around).
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]