Losing the device is an interesting point. However I think due to the way that cross signing works they could use that device to sign new sessions anyways. They would also have access to key backups so I don't think that case is supported well right now.
For the rotating key it would be automatically signed by the previous key or master key so no user-visible change would be shown.
> However I think due to the way that cross signing works they could use that device to sign new sessions anyways.
So you don't think that if I cross-sign devices A and B, and then I would cross-sign devices B and C, if I would revoke B then C would automatically become invalid as well?
Kind of similar question about "key backups" (to which keys would device C have access to?).
(I honestly did not ever look into all these details - I was hoping that this would be covered by more clever people)
It would make sense but I'm not sure how it is implemented. I can also just imagine revoking old devices because I don't use them anymore or have reinstalled them. In that case I wouldn't want the things it signed to be revoked. (Really just saying don't trust this key for anything in the future, but past things are fine).
Maybe the best solution would be revocation after a date. So you can say "don't trust anything after {time-i-lost-the-device}" or "don't trust anything after {now}" and it does the right thing. However that could be complex to implement correctly in software. Lots of bookkeeping.
For the rotating key it would be automatically signed by the previous key or master key so no user-visible change would be shown.