It is far safer to assume that any of the signed headers might be
broken, and to encourage systems (such as mailing lists) that are
known to break DKIM signatures to sign after they break them.
How about encouraging mailing lists to sign the mail they send,
regardless of how much they did or didn't mess with the messages on
the way through?
Lists have all sorts of ways of deciding what mail to accept, and
although some future list software might use DKIM signatures in some
part of that decision process, I expect most lists will continue doing
whatever works for them now.
I am much more interested in knowing that mail forwarde to me was
really forwarded by ietf-dkim than in how the list software selected
the mail to forward. A list signature tells me that.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html