Concatenation of multiple-instance headers in signing string

[liamdennehy]

This isn't sitting well with me: https://github.com/w3c-dvcg/http-signatures/blob/18a4cbdb350ac2f02826e5567995fefe52c095fb/index.xml#L263 Why would we concatenate header values under a single line in the signature string, rather than having multiple lines for each instance?

I feel like there's an exploit in there somewhere. Essentially a single header with a some data, a comma and space, then more data inside is indistinguishable from two header instances with each data segment as far as signing goes. Is there a downside to repeating the header in the list for each instance?