resolve: "if the binding signature of a subkey has been revoked, the revoked key may be removed"
as per Justus Winter:
In the above diagram, if the binding signature of a subkey has been revoked, the revoked key may be removed, leaving only one key.
I don't agree with that, however. Suppose we ever remove a subkey, then we have no place to put the revocation certificates into. Even if we had, we could no longer verify them, because we don't have the subkey anymore. If we now ever consume a certificate update from a keyserver, and the server's copy of the certificate lacks the revocation certificate, we may re-import the subkey.
Therefore, I don't think that it is safe to ever remove a subkey, and the RFC shouldn't suggest that.