Implement subkey rollover
To not loose track of this, because I really like the idea, see this comment by @dkg:
I'd put aside the question of expiration dates for primary keys, and instead focus on expiration dates for the encryption-capable subkeys. schleuder can do automated subkey rollover, and can destroy the expired subkeys, which makes it so that a compromise of the schleuder instance at time T is only capable of decrypting copies of mails sent since the last rollover. If schleuder always included its latest key in every e-mail, and had an automated/scheduled rollover practice, then things could work pretty much automatically, and you'd get this nice "forward-secrecy"ish property.