PGP has key signing and revocation, that's pretty much all that is needed.
The use case is valid. If someone's PGP key is compromised, I've seen it happen, they need to revoke the key, create a new one and then have coworkers, friends and etc. sign the new one, done.
quotingTo be fair, it's not unreasonable to have this primal desire for subkeys and key rotation. The problem is that:
nevent1q…39sk
1) it's not possible to do without centralization (or a blockchain) -- Bluesky tried, and the best solution they came up with was a big server that hosts a history of keys for everybody and can censor anyone;
2) doing it by means of Nostr events that declare subkeys or delegation or whatnot, creates insurmountable complexity that turns Nostr into an unusable pile of bloatware and away its most basic feature: the chance of working;
3) it's not the only way to protect your key from rogue computers and apps -- NIP-46 and other methods exist and are much nicer to use, with still many unexplored possibilities;
4) it's not clear that more than 16 people in the entire world want this at all -- when was the last time a normal person thought about rotating their PGP keys?