I'm concerned that notmuch-emacs is causing variant messages of
encrypted/signed messages to be generated.

In particular, if notmuch-fcc-dirs is not nil, two variants of the
message bodies will be created: one will be sent through "notmuch
insert" and the other will be sent to sendmail.

the mml security modes (e.g. "#secure method=pgpmime mode=sign" (in
angle brackets)) take place after this bifurcation.

The result for a signed message is:

  * the message sent to "notmuch insert" has one cryptographic signature

  * the message sent to sendmail has a different cryptographic
    signature, in particular if it is made more than 1 second later
    (some signature algorithms will produce identical signatures if made
    in the same second)

You can try this out by:

 0) put ignore-cache-for-signing in ~/.gnupg/gpg-agent.conf

 1) run "gpgconf --kill gpg-agent" to ensure the config is re-read

 2) send yourself a signed message with message-id $mid.
 
 3) Pull it back in however you receive mail, and then:

     diff -u $(notmuch search --output=files "id:$mid")

If the messages were more than 1 second apart, you'll see the signature
part differs.

The result for an encrypted message is:

 * the message sent to "notmuch insert" is encrypted with one session
   key

 * the message sent to sendmail is encrypted with a different session key

So the entire body of the message will be different.

I'm currently working around this by setting notmuch-fcc-dirs to nil,
and setting message-send-mail-hook to (dkg-notmuch-fcc), which is defined
as:

    (defun dkg-notmuch-fcc ()
      (shell-command-on-region (point-min) (point-max) "notmuch insert"))

this takes advantage of message-send-mail-hook's late-send.  as the
documentation for that var says:

    This hook is run very late -- just before the message is sent as
    mail.

But this isn't something normal users should need to do manually.

Any emacs gurus want to propose a way to improve the situation?  i'm at
a bit of a loss.

  --dkg