-----BEGIN PGP SIGNED MESSAGE-----
The description of the "Primary User ID" subpacket says:
If more than one user id in a key is marked as primary, the
implementation may resolve the ambiguity in any way it sees fit.
It seems that the most likely reason for a second "primary"
is that it has been updated. If so, it seems that one should
defer to the most recent valid signature. Can we say
that an implementation "SHOULD" do that, rather than leaving
it open?
I suppose it would be possible to revoke the old signature with a
"primary" subpacket, and then issue a new signature for both the old
and new name. (The "Reason for Revocation" values include one to
indicate the *key* being superceded, and one to indicate that the user
ID information is no longer valid, but not one to indicate that the
signature has been superceded.) This seems like a long way to
go to deal with a lack of a firm disambiguation policy.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBO4XSr2NDnIII+QUHAQEd8QgAqB+WD9AtiJTfxnl331fYryxllmhUEpdg
x/BH4usS5iOSWv9Bx7Ry3NUY535zmnKfeU4p7Y5SlVRF9OtnboeWbNoBz++3ik8X
rzuGN/ZvKq0bf8qvoEsGbKGxyRNU4G5h0YbqWZmr82VDHafxVfpp8m9oJ1Pz7+Ya
8WVJbpTU1fNneXxWnWHpf8r0iMokVku1QAZq2xvsvKXUFGb3qp7ae6YSsuualY7W
aVVX5AyPEjBFYyfVb+QNvx1PNX73YpYv5Uh5ZgIvCOxQCGlRqNeJsSvzd+eS2t5D
K2fYNAq598hJOYv3Rl+sOHLNC1QwOXfJA4dqJEdOS+Nycx1rk50q3w==
=aa+1
-----END PGP SIGNATURE-----