On 11-08-2022 13:17, Tobias Geerinckx-Rice wrote:
Apologies if I'm wildly off the mark here.  But then I'd like to hear some plausible threat models.  Maxime?

Here's a problem with allowing subkeys, if that's what you mean:

Expiration times might be solvable by taking the commit time of the previous commit as 'current time' (not the commit that was signed, otherwise an attacker could just lie). I don't know a solution for GPG-level revocation of old subkeys but I haven't looked either.

Another problem: