The problem is that this sign-and-encrypt issue is just the tip of
the iceberg. It is not worth redoing the protocol when there are these
other issues that will remain unresolved.
First, as mentioned before there is still the chance of confusion if a
clearsigned message is misdirected. Most people will assume that if they
get an email from someone who PGP signed it, that the email was directed
towards them. The PGP signature will add weight and authority to this
misconception. Fixing the sign and encrypt problem won't help with this.
Second, there are other issues than sender/recipient which people
may assume implicitly are being protected by PGP. This could include
message subject and possibly other header fields. People will often
assume a certain context in interpreting a message based on this data.
If someone gets an email from their boss with the subject "Smithers
account" and the content tells them to "cancel the account immediately",
the subject line is crucially important in interpreting the message.
PGP does not protect this data, but users may not understand this.
I read the paper and closely followed the extensive discussion on the
cryptography list when this came out last year. In my opinion the
consensus among the professionals on that list was that, properly
understood, there is more to this than a protocol flaw that can be
easily patched. It represents a fundamental property of encrypted email.
Some data is protected and some is not.
The real solution is to put the entire email, headers and all, into
the signed envelope, and then for the receiving software to compare
the protected headers with those on the actual message. This will
detect substition of from/to lines as well as other changes, and will
work for both signed and signed+encrypted messages.
We do have data structures to support this via PGP/MIME and the
Message/rfc822 MIME type. However actually implementing this
functionality is difficult as it requires close integration with the
email software. In practice, probably only email software providers
would be in a position to provide this level of functionality.