There's already a standard for public key authentication on the and it's WebAuthn, 2 even if you include client certificates.

Can't this be reused or extended to include nostr keys.