From: John Dlugosz
For the subkeys, the key usage flags subpacket can go in the subkey
signature. For the top level key, probably the best place is in the
self-signature on all the userids. I think the commercial PGP versions
look specifically in the self-sig on the primary userid.
In the diagram in 11.1, what are the "Direct Key Self Signatures" that come
before the first User ID?
Note that the commercial PGP lets me change which ID is the "primary". So
if it's looking there, it must be on all of them, and when adding another
ID it must be consistant with what's gone before. I wonder, though, if
programs just assume that the main key is for signing, and the first
current subkey is for encrypting? In the case of DSA and the deprecated
RSA-sign-only types, it is clear that the main key can only be used for
signing, without the need for such a record.