Certification Capability
RFC 4880, Key Structures defines the certification flag as mandatory:
In a V4 key, the primary key MUST be a key capable of certification. The subkeys may be keys of any other type.
It hints that operations manipulating subkeys are to be considered certifications:
It is also possible to have a signature-only subkey. This permits a primary key that collects certifications (key signatures), but is used only for certifying subkeys that are used for encryption and signatures.
Signature Types
Which (signing) operations are now to be considered certifications and depend on this capability?
"Signing other keys" obviously means issuing certifications, being already contained in the naming. As defined in RFC 4880, Signature Types:
0x10: Generic certification of a User ID and Public-Key packet.
0x11: Persona certification of a User ID and Public-Key packet.
0x12: Casual certification of a User ID and Public-Key packet.
0x13: Positive certification of a User ID and Public-Key packet.
The operations for manipulating subkeys also explicitely defined as certifications are:
0x18: Subkey Binding Signature
0x19: Primary Key Binding Signature
0x28: Subkey revocation signature
Yet undecided signature types (which belong to the area of "key management") are:
0x1F: Signature directly on a key
0x20: Key revocation signature
0x30: Certification revocation signature
0x30
, certification revocation also should be considered a certification operation. 0x1F
is also used for "statements that non-self certifiers want to make about the key itself". The only left operation is 0x20
, key revocation signatures:
0x20: Key revocation signature
The signature is calculated directly on the key being revoked. A
revoked key is not to be used. Only revocation signatures by the
key being revoked, or by an authorized revocation key, should be
considered valid revocation signatures.
I cannot find any explicit restriction that disallows subkeys to act as revocation keys. [RFC 4880, Revocation Key)(https://www.rfc-editor.org/rfc/rfc4880#section-5.2.3.15) does not limit the target to primary keys, but also not explicitly allows subkeys. This might the only one not requiring certification capabilities. Yet GnuPG only creates revocation key signatures for primary keys. Another hint only primary keys should be allowed is that subkeys are always named as such if they apply in that section, so I'd assume only primary keys should be allowed.
Meaning of Certification Privilege
If I remove the primary key (with its Certify capability) from a keyring I can see that I am no longer able to generate a revocation certificate: Secret parts of primary key are not available.
Is that because I no longer have the Certify capability, or because I no longer have the primary key (does the primary key itself have special powers for revocation?)
In the end, there is no difference between a primary key and a key with certification capability, only primary keys may have it, but those also must.