It is an unfortunate fact of life that people invariably forget passwords. Help-desks have had to develop procedures to enable forgetful users to regain access to their accounts. For an interactive account on a multi-user machine, it is easy for a system administrator to bypass the user's security and to set the password to a known value. If the passphrase protecting a PGP private key is forgotten, its owner is in a much more serious predicament. Any mail encrypted to that key will be unintelligible. The user will not be able to sign outgoing mail, which may perhaps be regarded as a relatively minor inconvenience. Further, the user will not be able to create a key revocation certificate, to be issued as a signal to the remainder of the community that the public key is effectively useless, because the private key is needed to perform this action.
It is suggested that a key-escrow facility be offered by each institution. A copy of a user's private keyring should be made with a standard passphrase (which may be null) and that keyring serially encrypted in the public keys of the institution's certification keys. Should the user lose access to their private key(s), they would then be able to regain a usable private keyring on application to the certification authority. Needless to say, they would have to provide adequate proof of identity! This escrow facility should be optional. Users wishing to keep control over who has access to their keys should be permitted to do so, at their own risk.