Change capabilities of main key?

[flapflap]

Hi,

occasionally I notice someone with a public key that has the "SCE" (Sign
Certify Encrypt) capabilities set for a single key pair (presumably,
they did set these manually during key generation).

I understood that this is not recommended because it may simplify
certain attacks (but don't know any sources).

Is there a possibility to modify the (main/sub) key capabilities once
its generated so they can migrate away from the insecure/less secure
setting to, for instance, separate subkeys for Sign and Encrypt?

Cheers,
~flapflap

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151119/1b6f15fc/attachment.sig>