Danger zone
Pause signing
Custodians refuse all partial-sig requests until you resume. TLS handshakes will start failing within 60s as cached responses expire.
Revoke key
Permanently destroys this key. Revocation is broadcast on chain — clients see the cert as untrusted within minutes. Sensitive op, 2-of-3 sign + 24h veto.
Transfer ownership
Move primary issuer to another DID — e.g. transferring a domain to a new owner. Sensitive op, 24h veto.
Export public key (PEM)
The public half is on chain anyway — this is just a convenience export. Private shares cannot be exported by design.