Yeah, we could do that for the root key and social recovery for the exceptional circumstance of losing that. The key rotation I am proposing is more for mundane operational stuff.

I am trying to cherry-pick the best of this spec which underpins the legal entity identifier.

https://trustoverip.github.io/kswg-keri-specification/versions/v1/