limiting scope of signing subkeys

[Vincent Breitmoser]

> With (yet :-/) another flag, the program would
>relax the behavior to accept the signature when *none* of the
>*non-revoked* signing (sub)keys have the given notation.

Careful there: if the key is obtained via an untrusted channel, subkeys may be suppressed and this won't be caught by the usual fingerprint checks. This becomes relevant here, since the properties of one subkey depend on the presence of other. 

 - V

(sent from K-9 Mail)