That's the point - you have to delete EVERYTHING. Also, keys can be made time-dependent if they are regenerated at predictable intervals. "Gaps" due to system downtime can be bridged by special log entries.
I have not yet checked how log sealing actually works, so I'm making it up as I go along. But it certainly seems doable.