MyFamily should provide an alternate non-idhex subscription mechanism
Everybody hates MyFamily. It's cumbersome, hard to update, hard to spot check that it's correct, and it gets in the way of vastly improving the practical security of the network through ephemeral identity keys (legacy/trac#5563 (moved)).
So first off, what is wrong with making this PoS an arbitrary token ("OurFamily" anyone?) If weirdos start joining families that people don't want them to, can't we just de-list those nodes?
If we really can't handle the risk of people joining arbitrary families for any period of time, we could deploy a signature scheme where a node has to sign its IP+OrPort, current idhex, and/or nickname using a family key and place that signature into its MyFamily field.
We could even make this an incrementally deployable solution. We could first make the new field free-form, and then later update it to require authentication with a family key.
But my guess is this is not worth significant engineering, and we should just make it a free-form token and de-list nodes who try to adopt themselves into random families without consent.