lack of clarity about semantics of subpackets in Direct Key Signatures
https://tests.sequoia-pgp.org/#Key_Flags_Composition quotes RFC4880 (and the crypto-refresh) with:
[S]ubpackets on the direct-key signature apply to the entire key
The test seems to use that sentence to assert that if the direct-key signature indicates signing capability, then every subkey must inherently be considered signing-capable.
While i can see the literal reading here (due to the ambiguity about what "key" means in the quoted text), i'm not convinced it's the right read, or even useful for that matter.
I can imagine some subpackets in a direct key signature applying to the entire certificate -- for example, a Keyserver Preferences subpacket with the "no modify" flag set implies that semantics for the entire certificate, not just the primary key. But a subpacket that describes specific details about a cryptographic key object (like key usage flags) probably shouldn't apply to the subkeys as well.
For one thing, some subkeys simply aren't signing-capable -- a primary key that is marked as signing-capable shouldn't confer signing capability on an X25519 subkey!
In a less absurd example, consider a v6 certificate with an RSA primary key and an RSA subkey. V6 certs MUST have a direct-key signature on the primary key. The direct-key cert would indicate the flags for the primary key. We don't want those flags applying to the subkey as well -- if it's supposed to be encryption-capable, it should not be treated as signing-capable.
This probably warrants some textual clarification at some point, but it's not within the current charter of the WG.