We should agree upon a scheme which _doesn't_ cause lots of broken or
missing signatures.
We have those. They're called PGP and S/MIME. I believe that if you
review the discussions leading up to their definitions, you'll find that a
major reason they only sign the body is that header signatures are more
fragile than body signatures.
If what you say is true by the time MASS is complete, then we have
screwed up by defining a signature scheme which is no more useful in
practice than SPF was.
Only if you think there's no difference between message signatures which
can survive not all forwards but an interesting subset of them, and single
hop path authorization.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.