Kevin Hammond pointed out that there are resource constraints to implement a kill switch type of feature:
KH: You can register a pool with the same credentials having retired it. With a stolen key, it would be indistinguishable from the original I would think. Try it here
D: So it should not be allowed to reregister a retired pool for security reasons. IMO
KH: It would be possible to do that. You would need to scan the chain for all previously retired pools whenever a new one was registered though which has a resource implication (even if cached).
D: This could be solved by keeping all known pool keys in a cache and add a retirement flag. I guess when pool parameter updates are processed a similar cache is used to process the updates efficiently at the end of an epoch.
KH: The difference is that the number of pools doesn’t grow beyond some constant number, whereas the number of previously registered pools will grow over time. It might be an acceptable overhead.
D: Yes your right this is an issue. So now the challenge is to find a lightweight means to prevent the abuse of a stolen key.