ComponentAmalgamation::revocation_keys should be removed
ComponentAmalgamation::revocation_keys
should be removed. We only need Cert::revocation_keys
.
RFC 4880 says:
Revocation signatures are only accepted if they are issued by the key itself, or by a key that is authorized to issue revocations via a Revocation Key subpacket in a self-signature by the top-level key.
It doesn't say anything along the lines of: a subkey may be revoked by a designated revoker listed either on a direct key signature or the key's binding signature.
When fixing this, also check that Cert::revocation_keys
examines all live self-signatures (direct key and User ID & User Attribute self signatures).