What may be the disadvantage of only using 1-day expiration GPG keys?
Even a minimal check of a new GPG key in professional/sensitive/regulated environments should involve something akin to a phone call to the other party's known phone number, and checking the key's fingerprint against what they have for the fingerprint.
If I have a daily file process, then for every key I get (1 per day per client/vendor/process/etc.) this requires
- obtaining your daily key
- importing your daily key into my keyring
- validating your daily key's fingerprint to reduce the chance that it's an imposter
- having my automated process figure out your newest key (NOT something that anyone I'm aware of currently does)
- avoiding key identifier collisions as my keyring grows
- pruning my keyring regularly to get rid of thousands of expired keys over the years
Further, imagine I have as few as 100 automated file processes, and if they're all (business) daily, that's over 26,000 keys a year! The Birthday Paradox is going to start rearing its head for short keyid collisions, not even counting the time spent doing all the above maintenance... and debugging the inevitable issues.
Key management is enough of a pain already - a hundred new keys a day? I don't think so. I'd rather deal with 100 purely random passphrases a day for symmetric encryption than 100 new GPG keys a day - it's less overall effort.
On a human note, I don't even want to think of the friendly name and email address collisions, given how hard it is to get most companies to use a SHA-256 or better self-signature, or even good cipher and hash preferences.