Lack of key rotation is the thing I dislike most about Nostr. Its seems like there should be 3 keys: a generated private key which is kept offline and generate new signing and public keys, a signing key which is used in clients to sign messages, and a public key.

Relying on browser extensions for key management seems like a poor choice