BTW about key expiration... I guess if you are afraid your secret keys
could be stolen, or cracked, maybe you'd want to get new ones; but if
you generate a key which will expire after a given time, then does
that mean that old emails which were signed with the old key can no
longer be verified?  Or just that it checks the date of the email as
part of the verification process (and because the date is in the
header, which was part of the digest I hope, the date can also be
verified as being untampered-with)?

Mutt always prompts me for my password before signing a message.  Is
there a way around that?  In a "single sign-on" world, it wouldn't.
Maybe gpg should be using PAM, which in turn should be using a
smart-card reader to fetch the keys and passwords?

-- 
  _______                   Shawn T. Rutledge / KB7PWD  ecloud@bigfoot.com
 (_  | |_)                       http://ecloud.org  kb7pwd@kb7pwd.ampr.org
 __) | | \________________________________________________________________