There was quite a bit of discussion about this last year on the
cryptography mailing list. I thought Jon Callas' message was good,
pointing out the wider ramifications of this kind of "failure":
It is really not clear that solving it is as simple as adding a new
packet. There are still other ways that things can go wrong, such
as simply redirecting a clear-signed message. The fundamental problem
is that people don't understand what is protected and what isn't in
a signed mail message.