augmenting subkeys

People were discussing the value of subkeys.  I'm kind of a newcomer here, 
and I'm not an implementor, so my opinion doesn't count for much.  But I 
think subkeys are cool.  In fact, PGP could add features to support some 
advanced uses of subkeys.  A few arguments in favor of subkeys, and of 
extending them in a couple ways:
An obvious use of subkeys is to keep the primary key in a more secure/less 
convenient environment, and the subkeys in a less secure/more convenient 
environment, but give them short validity periods to mitigate compromise.
Also, if PGP keys are used for things besides email (TLS, SSH, etc..), then 
the user may want to use his key with multiple devices and applications 
(laptops, desktops, PDAs, cellphones, etc.), so by getting his primary key 
certified, or by giving someone his primary key fingerprint, he can then 
certify subkeys in all these different devices.  This is more convenient 
that getting all his subkeys certified individually, and is more secure 
than sharing the same key with all these devices, since transferring keys 
is risky, using the same key with different protocols isn't a good idea, 
and a compromise/revocation of one subkey won't affect the others.
PKIX is looking at a similar thing with "Proxy Certificates"[1].  So in a 
sense, both PKIX and PGP are exploring a 2-tiered system, where the first 
tier uses TTP certificates to convince Alice of Bob's "primary" key, and 
the second tier is short-lived certificates that Bob issues from his 
primary key to different devices, applications, and services, so he can 
manage validity intervals, limit compromises, and keep the primary key in a 
safer place.
This safer place might be a smartcard, a USB token, the user's main 
computer, or even a network service.    You could imagine some elaborate 
things.  For example, you might split your primary key into shares for use 
with some "proactive threshold signature scheme" and store these shares in 
different places around your home.  Periodically you would bring the shares 
together, "refresh them", so that an attacker would have to steal the 
shares within a single period, and sign your subkeys.
Or you could bring the shares together (say once a week or month) and sign 
a subkey possessed by an intermediary server.  Then every day when your 
fire up your email client, cellphone, etc., you could authenticate to the 
server and get a sub-subkey with, say, an 8 hour lifetime.  Maybe you could 
even give your primary key shares to different online servers, which you 
would choose to be independent so it's unlikely they would all be 
compromised simultaneously.  They would automatically contact each other 
and refresh their shares once a week, and certify the intermediary's subkey.
Anyways, not that anyone should start designing protocols for this, or that 
this should go in the next draft.  But a few additions to the OpenPGP 
format might allow someone to do these types of things, if they wanted to:
 - a better way of binding a subkey to an application protocol, to 
compartmentalize the damage from a compromise - so if your OpenPGP/TLS key 
is compromised, the attacker couldn't turn around and use this key for 
OpenPGP/SSH.  Discussed a bit here [2].
 - sub-subkeys (and sub-sub-subkeys, etc.).  So you can have 
"intermediaries" like above.
Just curious if people think that would be an interesting direction for PGP 
to grow in..
Trevor


[1] http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-06.txt
[2] http://www.imc.org/ietf-openpgp/mail-archive/msg05092.html