what i'm looking for is actually a kind of redundancy that probably makes things slightly less convenient, but increases real-world security.
i guess what i'm saying is that your problem is less too few widgets and more too few keys - does that make sense? having everything ride of the integrity of a single private key means that if security at the wrong single physical location, in the wrong single transaction is compromised, you're completely fucked, (even if you can in principle restore your identity eventually, it'll be a long and deeply unpleasant process). the idea is to have the ‘key’ distributed over a large number of certificates, of which you only have to use a small fraction for any given transaction except the meta-transactions involved in resets and security compromise reports.
no subject
i guess what i'm saying is that your problem is less too few widgets and more too few keys - does that make sense? having everything ride of the integrity of a single private key means that if security at the wrong single physical location, in the wrong single transaction is compromised, you're completely fucked, (even if you can in principle restore your identity eventually, it'll be a long and deeply unpleasant process). the idea is to have the ‘key’ distributed over a large number of certificates, of which you only have to use a small fraction for any given transaction except the meta-transactions involved in resets and security compromise reports.