@lucid00 @dmitri @grishka Crazy thought I just had: What if we just play games with terminology to try to make things easier to understand?
The cryptographic keys can technically be an "identity" because that's the source of authority in the system that is in control of the person. And the name@domain can be an "address" because that's the source of authority that's under control of some external organization rather than the person.
The address isn't the person, it's merely where they're staying at the moment. It's how you can find them, but it can be changed. An identity can move to a new address and still be the same identity. Or in reverse, the organization might be convinced to accept a new identity as the resident of an address, if, say, the person loses access to their identity somehow. But if you move somewhere else, you can only take your identity with you, not the address. The address isn't yours.
@cuchaz @lucid00 @grishka So, I definitely think you're on the right track. The thing about key being an identity, is that you can't rotate or revoke it! That's why it's so useful to add one more level of indirection. an identity points to one or more keys (which can be rotated / revoked without changing the identity). Which is exactly what a DID is -- just a string that points to a JSON object that has a bag of keys.