Are ILP Addresses tied to identity at all? Are they Ephemeral?

For the longest time I’ve had this rule in my head that ILP addresses only exist to aid in routing decisions, and should never be user-facing and should never be tied to identity in the Interledger.

I recall @justmoon or somebody also once saying that ILP addresses should be considered ephemeral, and that they might change at any time (after all, ILP addresses are fundamentally used for making routing decisions).

Did this get negated in our Secure Routing session at the ILP summit? I’m trying to form an opinion around whether or not an ILP address should be tied to peer-wise identity at all…or for that matter Interledger-wide identity.

For example, does it makes sense to make an ILP address the subject of an x.509 certificate, and authenticate a connection between two peers where each peer sees the other as being identified by an ILP address?

Or more broadly, should there be an ILP-wide CA that vouches for identity on the Interledger?