AntiFreeze
commented
7 years ago The latest refresh of the doc is a lot clearer on how this flow works and when and where it happens. Additionally, the doc now expressly forbids signing the BIMI-Location header, and explains how MTAs communicate trust regarding the BIMI-Location header to downstream MUAs - a communication of trust that happens after dkim evaluation but before message display.
Does the current document resolve your concerns?
The initial example for the BIMI-Location header construction flow, would intentionally break DKIM further down the mail flow and with no references to ARC this should not be the base example for implementers. Additionally the wording around it and the following paragraphs indicated that this wasn't the intention.