Bob(?),
I'm relieved to hear that it is some imposter who has recently
been sending messages with your address in the From field. The real
Bob Jueneman should be smart enough to not send mail in which almost
every line wraps on an 80-character display, and so many of us already
suspected some form of duplicity.
Getting back to signatures and certificates: an X.509
certificate established a binding between an entity's name and public
key, nothing more. The certification system described in RFC 1422
provide a facility for a PCA to associate more semantics with the
binding, with the primary focus is on indentification (vs.
authorization). For example, a PCA might establish a policy that
clearly requires an organization to issues certificates in a fashion
that syntactically distunguishes full-time vs. part-time vs. summer
employees. That is within the purview of the PCA and the published
PCA policy statement is the vehicle by which the community is informed
of these semantics.
The general issue of what liability, fiduciary responsibility,
etc. go along with a signature requires anciliary documents, e.g.,
signed text, and there are certainly existing options for establishing
a syntactic framework for such documents. It is not clear that such a
framework can be more than a high level convention for representing
information that will have to be interpreted in a fairly
context-specific fashion.
Steve