This problem is both worse than you thought an "easily" fixed.
The threats you spotted are fairly arcane... where a user wants to
change his mind later about the role he used in signing a message. A
more serious one is where a bad guy undetectably changes the role used
to sign the message (by substituting a different certificate) and
causes the recipient to misinterpret the message.
The solution is for the signed portion of the message to include text
stating the role used to create the message. PEM could have helped out
be defining such a format item in the protected header (instead of
having no protected header), but a user could certainly do so himself.
This would also protect against the arcane threat of someone getting
certified as having the same public key as you. If all your messages
said they were from you on the inside, matching them up with his
certificate wouldn't fool anyone.
Today, a user is free to include a To:, From:, and Subject: field at
the beginning of his signed and encrypted message. We should make sure
we don't do anything in the process of MIME integration that prevents that.
--Charlie
(kaufman(_at_)zk3(_dot_)dec(_dot_)com)