I don't see what "key escrow" is good for besides enabling wiretaps. Am I missing something here? In any public-key system, even one without "key escrow", I know (or could easily discover if I wanted to) my own private key. Yes, I may want to make some kind of "backup" arrangements for my key, to cover forgetfulness, death, or whatever. But that doesn't require anything in the communication/storage formats (e.g., no LEAF field). The managment of my private key is independent of communication/storage of encrypted material. "Key escrow", on the other hand, is about building into the communication/storage formats a requirement that I use only keys that are "escrowed". I don't see what this adds, other than a requirement that my communication/storage be interceptable with the cooperation of my "escrow agents".