I think that the bodyhash thing in this context is a side-issue.
Isn't the main thing here that we need to figure out:-
- what base needs to say about cases where a message containing
>1 signature is presented for verification, noting that that
could happen for alg. agility reasons or else because some list
s/w, or some otherwise odd MTA, added its own signature to an
already signed message
- whether base needs to have any mandates or guidance for signers
who want to add a signature to an already-signed message they
receive (note the above doesn't exclude the advice being "don't
do it"), and if so, then what (e.g. some ideas about signing a
few list related headers were batted about previously)
- what guidance the overview (assuming the current charter
deliverables) ought include for mail list administrators, including
stuff related to both of the above points
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html