Signing one seems wrong, ie if the arc-seal only signs a single arc-message-signature at a given hop, then the other signature can't be verified, and if I can't handle the algorithm of the one that's covered, then I can't verify the chain.
Currently away on a trip, I'll take a closer look when I get home this weekend and see if I can make a clearer proposal.
R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc