Well, you may want to sign twice for an extended period, say if
sig1 is rsa-sha1 and sig2 is rsa-sha256 and it takes a year or more
before you're confident that a sufficient number of peers have
deployed sha256 verifiers.
This presumes that a signature is expected to validate a year after it was
created. Since DKIM is for transit, why would anyone expect a validation to
occur that far into the future?
NOTE WELL: This list operates according to