That’s what I proposed, a separate pair of keys for DMs that user does not have direct access to. Rotate them every period and keep old keys on the device. Publish public part as part of your profile and we are good. All the gift wrapping and extra steps in the new encryption are not making anything safer, just making the implementation more convoluted and opening clients to potential bugs that would make security worse and not better. People always forget to include human factor into the design of security products, it is the weakest link. The easier it is to implement (e.g., NIP-04) the safer it is from sloppy bug or a missed step during implementation 🐶🐾🫡

My 2 sats worth of opinion