Comment by xorcist

No, the question is what to do when you need to rotate them. Because that need will arise somewhere, globally, if we were to run the secure web on trust-on-first-use.

It's not interesting why someone hypothetically did get their root keys compromised, it's interesting how the proposed system would cope with it.

(Downvoting the question is not really a web scale way to build a global trust system.)