Anyway, the point is what I’m trying to say is that a lot of it can be ameliorated by D.T.’s suggestion that if the client connects to the Internet, they can just on the fly ask for new credentials from a live credential-handling server. I don’t know whether it’s being used anywhere or if it’s cryptographically unsound to do so.