Tim,
I agree with John's point, if you want to control the distribution of a
message, encryption is the solution. Even so, we have to accept that once I
have given a document to someone, even if we have encrypted it, it is no
longer in your control and could be forwarded. Some key exchange protocols
in this instance would be of value since if you use Diffie-Hellman(an
algorithm close to you hart Tim), you will have (or be able to find) the
certificate of the person who constructed the encryption layer. Anyone
forwarding a message, cannot use the originators D-H certificate. If you
have a signature on the inside layer of a message which matches the
certificate used to generate the encryption layer, it has come the
originator. If the encryption and signature layers do not match, then it has
been forwarded.
I strongly disagree with the sentiment that machines will be able to
unambiguously determine the purpose intended by the signer from any message
that passes by, and that the purpose is still valid.
As for time stamping, there are other w/g working on this. I do not believe
it was the intent of this w/g to reinvent the wheel. Having the signing time
is a useful attribute in an S\MIME signature, but is does not constitute a
time stamp protocol in itself.
Trevor