Well, we already have seamless transfer of public keys. That's the whole point of the PGP keyservers, after all. As far as revocation, your argument fails to take compromises into account. The ability to revoke a key is what allows me to handle a case where someone's broken into my computer and gotten hold of my private key. If I couldn't revoke my key, they could impersonate me forever using the stolen private key. Expiration serves a similar purpose, limiting the timeframe when a stolen key could be useful even absent a revocation. Properly done, expiration is handled before it happens by distribution of a new key signed by both itself and the old key. Since the attacker doesn't have the old key (it hasn't been revoked) he can't forge the old signature, and if both the old and new signatures are valid the new signature can't have been created by an attacker and the new key is clean. Both expiration and revocation become even more critical when I'm dealing with people I don't know directly, and let's face it we very rarely communicate only with a small circle of people we know personally.
And no, the CA system isn't inherently less vulnerable than self-signing alone. Self-signing without some additional authentication leaves you trusting the word of a malicious party about their identity, and they're highly unlikely to tell you the truth about that. That's why a self-signed PGP key by itself can't be trusted (unless you got it directly from it's owner by a secure channel), you need additional signatures from trusted parties to affirm it's authenticity. The problem is that the certificate system itself only permits one signature on a certificate/key. PGP had it right by permitting an arbitrary number of signatures on a key. If I require at least 3 different root CAs to vouch for a certificate, it becomes much much harder for any party to compromise things. In part that's because it takes more effort to compromise 3 root CAs, but it's also because it makes revoking a root CA certificate much less of a problem. Right now revoking a root CA certificate instantly invalidates every single certificate issued by that CA. Allowing multiple signatures would mean it would only invalidate those certificates where that CA was the last remaining trusted CA signing the certificate. OTOH if my certificate were signed by Equifax, Experian and Verisign and it was found Verisign had given their root key to the government, my certificate would still be valid after Verisign's root certificate was forcibly untrusted because I've still got 2 trusted CAs vouching for it. I'd only be in trouble if Equifax and Experian had both already had their root certificates untrusted and I'd failed to get additional signatures done by other CAs before Verisign went.