That's all fine. We can't do that in Nostr, but you can with DIDs. I don't think it solves much, but it is better than what we have today for sure. 

In Nostr, because the key is always present at the event, there is no way to disallow somebody to verify. But you can say that your key has leaked. And from that moment, no one can have any assurances if past posts were signed by the author or by an attacker. It's kinda what you do with DIDs, since people can also store the keys behind the DIDs in their own computers. 

So, in a way, with DIDs or not, people can always verify. DIDs have a way to do it in the spec. Nostr doesnt yet. But in the end, the tech stack can only go so far.