I found that simply deleting the self-sig on the primary UID and resigning also works; the disadvantage of both methods is surely that it might make an alert user wonder if your key has been tampered with since creation. Yours, Nicholas