If you want to use bip32 to solve this problem, see this fork of this thread:
You would get a unique key for each client and could rotate keys anytime you want. For a proof of concept, the only things that should need implemented in the client are:
1. Cryptographically verifying a sub-account's identity, and
2. Auto-following new identities that pop up
That would demo the concept and then, if it gains traction, you could make the key generation more user friendly.