Risks of mismatched header sections

Currently, the draft makes a single recommendation for rendering un.ob.signed messages. IMHO that recommendation doesn't work for all scenarios. I suggest that we consider the scenario of mismatching outer (top level headers) and consider that those mismatching headers could result in misunderstanding or spoofing, for example, if the message is initially rendered in a summary list based on the top level headers, prior to the evaluation of the signed sub part.