Labels/Petnames are the only thing I've seen that helps solves this and is consistent with technologies of the past (email and phone address books). There is no singular web of trust as we independently assess (or don't) the validity of any pubkey representing as an identity that may be known to us.

Some aspects that harm this are custodial nip05. I am increasingly of the belief that a nip05 should NOT be set for a user if they do not own the domain under which it is registered, and clients revealing whether a pubkey matched the nip05 should offer a way to view that value that doesn't require leaving the view and going to the user's profile. Amethyst does this fairly well. Nostrudel just hides it.