Can someone explain the difference between key recovery and key escrow? The IBM white paper describes it at http://www.ibm.com/security/html/pp_global5.html in terms of giving a keys or a combination to your neighbors, but the analogy was hard to follow.

Key escrow is where your keys are held by one or more trusted and supposedly independent third parties, on reciept of a court order they would release the keys. Key recovery is more like the clipper scheme where there was a LEAF (law enforcement access field) which allowed the LEA to decrypt communications. But in the end it all comes down to GAK (government access to keys), same shit, different name. Forgive me if this explanation is a little hazy, I have a mighty hangover (still only 12:15 sunday morning here). Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"