ubuntu core - best practice for backup public/private keys
In my opinion, the more keys you have on the device, the wider the attack surface. Only one key needs to leak, and now you have more that CAN leak.
In some situations that makes sense, but I'm not sure what you're gaining in the scenario you described. If SSH key A is compromised, someone with that key can gain access to the device. Period. SSH key B, which also has access to the device, isn't in the picture at all. So using SSH key B to gain access to the device to "revoke" SSH key A doesn't make a lot of sense. The fact that SSH key A is compromised obviously doesn't make it useless. You could just as easily ONLY use SSH key A, and use it again to gain access to the device and swap it out for SSH key B in the event of a compromise. Then you only ever have one key with access to the device. Same security model you have now, but your attack surface isn't as wide.
It would be even better if Ubuntu Core provided a way to refresh the keys on the devices linked to your SSO account (that would help with the lost-key scenario as well), but I don't believe that functionality exists today (see LP #1646559).