[perlgeek]

Can forward secrecy even work for emails, where you don't have a bidirectional communication channel? (Maybe the answer is "You have to build that bidirectional communication channel", but that means such a system can't simply use mail, it has to use mail plus X).

[e12e]

If we assume Alice and Bob use the keyserver network, and each have their own "master" key-pair that is mutually trusted, they can rotate public sub-keys quite frequently (you just need to search for any new keys before sending an email -- this is of course another (not smtp) channel -- but who doesn't use keyservers?).