Some technical observations
If Alice and Bob can authenticate to each other, then they can use Diffie-Hellman to establish a shared key for communications
The security requirements for CAs are very different from those for EAs
Implementing basic crypto is cheap, adding a key recovery infrastructure is not.
Crypto is necessary not only for electronic commerce, but to protect the information infrastructure. But key escrow may make things less secure, not more:
- Repositories of escrowed keys could be irresistable targets of attack by criminals
- If thousands of law enforcement personnel can quickly get access to escrowed keys, then who else can??