I could easily be misunderstanding PGP, but for (1), if A signs an email with B's public key (but does not sign it with A's private key), the intent is to make the email readable only by B but not verifiable that A sent it. If A wants both (they want to have the sender (A) verified and to ensure only the recipient (B) can read it), they then also sign it with their private key. Order does not matter.
If B wants to forward it to C, they can strip off their own (B's) encryption, leaving A's (optional) private key signature, and send that to C.
C gets an email that contains a message from A which is (again, optionally) signed with A's private key, where if it was signed they can verify the A sent that part of the message. (Headers and newline mangling aside)
>If B wants to forward it to C, they can strip off their own (B's) encryption, leaving A's (optional) private key signature, and send that to C.
That could work. The PGP format is pretty modular. You could just strip out the content packet and signature packet. People don't do it because it would be confusing. Things like encrypted email list servers would be more likely to retain signatures.
Believe it or not, the possibility is actually something people have complained about in the past:
If B wants to forward it to C, they can strip off their own (B's) encryption, leaving A's (optional) private key signature, and send that to C.
C gets an email that contains a message from A which is (again, optionally) signed with A's private key, where if it was signed they can verify the A sent that part of the message. (Headers and newline mangling aside)
Or does that not work?