Should we allow generating new keys in `sop update-key[s]`?
The discussion with @dkg and @hkos in dfbc37ef (comment 2099611663) raised another question for me, namely: should we allow sop update-key[s]
(without the --no-{new,added}-{mechanisms,capabilities,functionality}
flag) to return more TSKs than it receives? For example, if you pass a v4 key, we could return a v4 key + a v6 key (with the same User IDs), bound together using @andrewgdotcom's replacement key subpacket?
That way, you can use sop update-key[s]
to manage your entire "private keyring", so to speak, without having to proactively decide whether it's needed to generate a new key or not.
(Perhaps it might then also make sense to go back to plural update-keys
?)
Somewhat similarly, perhaps sop generate-key[s]
should be allowed to generate two keys, a v4 and a v6 one, again bound together with a replacement key subpacket?