Your point about some assessors requring a signed subject is a good
example. It tells me that 4871 section 5.4 is underspecified, and
4871bis should strengthen it to say that you MUST sign the headers that
every message is supposed to have.
Subject: isn't a mandatory header per RFC5322, if you're using that as a
specific example.
Remember that a header doesn't have to be present to be signed. It'd be an
egregious spamability hole to let people add signatures and replay without
breaking the signature.
Ahem, add a subject and replay ...
Time for bed.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html