This means that all relays would have to close, preventing new key pair creations that are not by invitation. How would they prevent spurious key pair generations? How would they secure existing keys? How would they segregate misbehaving relays?