>>13It is actually possible to implement both on top of gpg. Such as sending a public key signed by the main key of a newly generated subkey for each request to send a message (forward secrecy) and deleting the key when the message is received (replay protection) as well as keeping a timestamp in the message.