makeasnek on Nostr: This is absolutely a thing that exists and that other crypto systems have solved. You ...

This is absolutely a thing that exists and that other crypto systems have solved. You have one "master" key, maybe it's a multi-sig, maybe it's in cold storage, that "master key" signs another key ("everyday use key") validating it as accurate. If everyday key gets compromised, master key makes a new key, signs it, and signs a "revocation" certificate for the original "everyday key". You upload that revocation certificate to a keyserver (or nostr relay or whatever) to let people know about the key change.