I didn't realize such persistence was a requirement of your design.  I was thinking about certificates that are regenerated by a node every time its IP changes, enhancing anonymity and reducing the ability of an adversary to recreate a historical network state.   It may not have been relevant after all.